From: Andreas Dannenberg <dannenberg@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 5/9] arm: omap-common: secure ROM signature verify API
Date: Wed, 22 Jun 2016 09:21:28 -0500 [thread overview]
Message-ID: <20160622142128.GI26355@borg.dal.design.ti.com> (raw)
In-Reply-To: <576A5DA8.90605@ti.com>
On Wed, Jun 22, 2016 at 03:13:04PM +0530, Lokesh Vutla wrote:
>
>
> On Wednesday 22 June 2016 05:26 AM, Tom Rini wrote:
> > On Tue, Jun 21, 2016 at 10:01:54AM +0530, Lokesh Vutla wrote:
> >>
> >>
> >> On Tuesday 21 June 2016 09:04 AM, Andreas Dannenberg wrote:
> >>> Adds an API that verifies a signature attached to an image (binary
> >>> blob). This API is basically a entry to a secure ROM service provided by
> >>> the device and accessed via an SMC call, using a particular calling
> >>> convention.
> >>>
> >>> Signed-off-by: Daniel Allred <d-allred@ti.com>
> >>> Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
> >>> ---
> >>> arch/arm/cpu/armv7/omap-common/sec-common.c | 76 +++++++++++++++++++++++++++++
> >>> arch/arm/include/asm/omap_common.h | 9 ++++
> >>> 2 files changed, 85 insertions(+)
> >>>
> >>> diff --git a/arch/arm/cpu/armv7/omap-common/sec-common.c b/arch/arm/cpu/armv7/omap-common/sec-common.c
> >>> index b9c0a42..dbb9078 100644
> >>> --- a/arch/arm/cpu/armv7/omap-common/sec-common.c
> >>> +++ b/arch/arm/cpu/armv7/omap-common/sec-common.c
> >>> @@ -16,6 +16,9 @@
> >>> #include <asm/arch/sys_proto.h>
> >>> #include <asm/omap_common.h>
> >>>
> >>> +/* Index for signature verify ROM API */
> >>> +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
> >>> +
> >>> static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
> >>>
> >>> u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
> >>> @@ -47,3 +50,76 @@ u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
> >>>
> >>> return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
> >>> }
> >>> +
> >>> +static u32 find_sig_start(char *image, size_t size)
> >>> +{
> >>> + char *image_end = image + size;
> >>> + char *sig_start_magic = "CERT_";
> >>> + int magic_str_len = strlen(sig_start_magic);
> >>> + char *ch;
> >>> +
> >>> + while (--image_end > image) {
> >>> + if (*image_end == '_') {
> >>> + ch = image_end - magic_str_len + 1;
> >>> + if (!strncmp(ch, sig_start_magic, magic_str_len))
> >>> + return (u32)ch;
> >>> + }
> >>> + }
> >>> + return 0;
> >>> +}
> >>> +
> >>> +int secure_boot_verify_image(void **image, size_t *size)
> >>> +{
> >>> + int result = 1;
> >>> + u32 cert_addr, sig_addr;
> >>> + size_t cert_size;
> >>> +
> >>> + /* Perform cache writeback on input buffer */
> >>> + flush_dcache_range(
> >>> + (u32)*image,
> >>> + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
> >>> +
> >>> + cert_addr = (uint32_t)*image;
> >>> + sig_addr = find_sig_start((char *)*image, *size);
> >>> +
> >>> + if (sig_addr == 0) {
> >>> + printf("No signature found in image.\n");
> >>> + result = 1;
> >>> + goto auth_exit;
> >>> + }
> >>> +
> >>> + *size = sig_addr - cert_addr; /* Subtract out the signature size */
> >>> + cert_size = *size;
> >>> +
> >>> + /* Check if image load address is 32-bit aligned */
> >>> + if (0 != (0x3 & cert_addr)) {
> >>
> >> if (!IS_ALIGNED(cert_addr, 4)) { ?
> >>
> >>> + printf("Image is not 4-byte aligned.\n");
> >>> + result = 1;
> >>> + goto auth_exit;
> >>> + }
> >>> +
> >>> + /* Image size also should be multiple of 4 */
> >>> + if (0 != (0x3 & cert_size)) {
> >>
> >> if (!IS_ALIGNED(cert_size, 4)) { ?
> >>
> >>> + printf("Image size is not 4-byte aligned.\n");
> >>> + result = 1;
> >>> + goto auth_exit;
> >>> + }
> >>> +
> >>> + /* Call ROM HAL API to verify certificate signature */
> >>> + debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
> >>> + cert_addr, cert_size, sig_addr);
> >>> +
> >>> + result = secure_rom_call(
> >>> + API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
> >>> + 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
> >>> +auth_exit:
> >>> + if (result != 0) {
> >>> + printf("Authentication failed!\n");
> >>> + printf("Return Value = %08X\n", result);
> >>> + hang();
> >>> + }
> >>> +
> >>> + printf("Authentication passed: %s\n", (char *)sig_addr);
> >>
> >> Uart boot will break because of these prints during the FIT loading. Can
> >> you make this as debug?
> >
> > Are you sure it will break? There's usually a print in between loading
> > SPL via UART and then U-Boot itself via UART and Y-MODEM is smart enough
> > to re-transmit.
> >
>
> Yes, if the print is in between while Y-MODEM is transferring. The above
> print falls in this case.
Tom et al.,
so if this really breaks stuff I need to do something about it. As said
I'd really like to keep the "Authentication passed: <certificate name>"
message in the boot log. So if I implement something along the lines
what Lokesh suggested:
"...you can check if (spl_boot_device() != BOOT_DEVICE_UART) under the
config CONFIG_SPL_YMODEM_SUPPORT. Not sure if it is a good way to do..."
to selectivly suppress the message in case of UART boot, would this be
acceptable? Or is there a better way?
Thanks and Regards,
Andreas
next prev parent reply other threads:[~2016-06-22 14:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-21 3:34 [U-Boot] [PATCH 0/9] Secure Boot by Authenticating/Decrypting SPL FIT blobs Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 1/9] arm: cache: add missing dummy functions for when dcache disabled Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 2/9] spl: fit: add support for post-processing of images Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-23 2:38 ` Masahiro Yamada
2016-06-23 13:25 ` Andreas Dannenberg
2016-06-23 13:57 ` Simon Glass
2016-06-23 14:19 ` Andreas Dannenberg
2016-06-23 14:45 ` Simon Glass
2016-06-23 15:00 ` Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 3/9] arm: omap-common: add secure smc entry Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 4/9] arm: omap-common: add secure rom call API for secure devices Andreas Dannenberg
2016-06-21 23:56 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 5/9] arm: omap-common: secure ROM signature verify API Andreas Dannenberg
2016-06-21 4:31 ` Lokesh Vutla
2016-06-21 5:02 ` Andreas Dannenberg
2016-06-21 5:16 ` Lokesh Vutla
2016-06-21 23:56 ` Tom Rini
2016-06-22 9:43 ` Lokesh Vutla
2016-06-22 14:21 ` Andreas Dannenberg [this message]
2016-06-22 14:36 ` Tom Rini
2016-06-22 14:49 ` Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 6/9] arm: omap-common: Update to generate secure U-Boot FIT blob Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 7/9] arm: omap5: add U-Boot FIT signing and SPL image post-processing Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 8/9] arm: am4x: " Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 9/9] doc: Update info on using secure devices from TI Andreas Dannenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160622142128.GI26355@borg.dal.design.ti.com \
--to=dannenberg@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.