From: Stefano Babic <sbabic@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2] iMX: adding parsing to hab_status command
Date: Fri, 10 Jul 2015 10:01:39 +0200 [thread overview]
Message-ID: <559F7BE3.4070809@denx.de> (raw)
In-Reply-To: <1435890390-24017-1-git-send-email-Ulises.Cardenas@freescale.com>
Hi Ulises,
On 03/07/2015 04:26, Ulises.Cardenas at freescale.com wrote:
> From: Ulises Cardenas <Ulises.Cardenas@freescale.com>
>
> hab_status command returns a memory dump of the hab event log. But the
> raw data is not human-readable. Parsing such data into readable event
> will help to minimize debbuging time.
>
> Signed-off-by: Ulises Cardenas <Ulises.Cardenas@freescale.com>
> ---
>
> Changes in v2:
> -Refactored get_<*>_idx functions as recommended by Michael, to a single
> generic function to travese the enum.
>
> arch/arm/cpu/armv7/mx6/hab.c | 173 +++++++++++++++++++++++++++++++++++-
> arch/arm/include/asm/arch-mx6/hab.h | 85 +++++++++++++++---
> 2 files changed, 245 insertions(+), 13 deletions(-)
>
> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
> index 8dee595..87f422d 100644
> --- a/arch/arm/cpu/armv7/mx6/hab.c
> +++ b/arch/arm/cpu/armv7/mx6/hab.c
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
> + * Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
> *
> * SPDX-License-Identifier: GPL-2.0+
> */
> @@ -111,6 +111,153 @@
> * +------------+ + CSF_PAD_SIZE
> */
>
> +#define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
> +
> +struct record {
> + uint8_t tag; /* Tag */
> + uint8_t len[2]; /* Length */
> + uint8_t par; /* Version */
> + uint8_t contents[MAX_RECORD_BYTES];/* Record Data */
> + bool any_rec_flag;
> +};
> +
> +char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n",
> + "RSN = HAB_ENG_FAIL (0x30)\n",
> + "RSN = HAB_INV_ADDRESS (0x22)\n",
> + "RSN = HAB_INV_ASSERTION (0x0C)\n",
> + "RSN = HAB_INV_CALL (0x28)\n",
> + "RSN = HAB_INV_CERTIFICATE (0x21)\n",
> + "RSN = HAB_INV_COMMAND (0x06)\n",
> + "RSN = HAB_INV_CSF (0x11)\n",
> + "RSN = HAB_INV_DCD (0x27)\n",
> + "RSN = HAB_INV_INDEX (0x0F)\n",
> + "RSN = HAB_INV_IVT (0x05)\n",
> + "RSN = HAB_INV_KEY (0x1D)\n",
> + "RSN = HAB_INV_RETURN (0x1E)\n",
> + "RSN = HAB_INV_SIGNATURE (0x18)\n",
> + "RSN = HAB_INV_SIZE (0x17)\n",
> + "RSN = HAB_MEM_FAIL (0x2E)\n",
> + "RSN = HAB_OVR_COUNT (0x2B)\n",
> + "RSN = HAB_OVR_STORAGE (0x2D)\n",
> + "RSN = HAB_UNS_ALGORITHM (0x12)\n",
> + "RSN = HAB_UNS_COMMAND (0x03)\n",
> + "RSN = HAB_UNS_ENGINE (0x0A)\n",
> + "RSN = HAB_UNS_ITEM (0x24)\n",
> + "RSN = HAB_UNS_KEY (0x1B)\n",
> + "RSN = HAB_UNS_PROTOCOL (0x14)\n",
> + "RSN = HAB_UNS_STATE (0x09)\n",
> + "RSN = INVALID\n",
> + NULL};
> +
> +char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n",
> + "STS = HAB_FAILURE (0x33)\n",
> + "STS = HAB_WARNING (0x69)\n",
> + "STS = INVALID\n",
> + NULL};
> +
> +char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n",
> + "ENG = HAB_ENG_SCC (0x03)\n",
> + "ENG = HAB_ENG_RTIC (0x05)\n",
> + "ENG = HAB_ENG_SAHARA (0x06)\n",
> + "ENG = HAB_ENG_CSU (0x0A)\n",
> + "ENG = HAB_ENG_SRTC (0x0C)\n",
> + "ENG = HAB_ENG_DCP (0x1B)\n",
> + "ENG = HAB_ENG_CAAM (0x1D)\n",
> + "ENG = HAB_ENG_SNVS (0x1E)\n",
> + "ENG = HAB_ENG_OCOTP (0x21)\n",
> + "ENG = HAB_ENG_DTCP (0x22)\n",
> + "ENG = HAB_ENG_ROM (0x36)\n",
> + "ENG = HAB_ENG_HDCP (0x24)\n",
> + "ENG = HAB_ENG_RTL (0x77)\n",
> + "ENG = HAB_ENG_SW (0xFF)\n",
> + "ENG = INVALID\n",
> + NULL};
> +
> +char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n",
> + "CTX = HAB_CTX_FAB (0xFF)\n",
> + "CTX = HAB_CTX_ENTRY (0xE1)\n",
> + "CTX = HAB_CTX_TARGET (0x33)\n",
> + "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
> + "CTX = HAB_CTX_DCD (0xDD)\n",
> + "CTX = HAB_CTX_CSF (0xCF)\n",
> + "CTX = HAB_CTX_COMMAND (0xC0)\n",
> + "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
> + "CTX = HAB_CTX_ASSERT (0xA0)\n",
> + "CTX = HAB_CTX_EXIT (0xEE)\n",
> + "CTX = INVALID\n",
> + NULL};
> +
> +uint8_t hab_statuses[5] = {
> + HAB_STS_ANY,
> + HAB_FAILURE,
> + HAB_WARNING,
> + HAB_SUCCESS,
> + -1
> +};
> +
> +uint8_t hab_reasons[26] = {
> + HAB_RSN_ANY,
> + HAB_ENG_FAIL,
> + HAB_INV_ADDRESS,
> + HAB_INV_ASSERTION,
> + HAB_INV_CALL,
> + HAB_INV_CERTIFICATE,
> + HAB_INV_COMMAND,
> + HAB_INV_CSF,
> + HAB_INV_DCD,
> + HAB_INV_INDEX,
> + HAB_INV_IVT,
> + HAB_INV_KEY,
> + HAB_INV_RETURN,
> + HAB_INV_SIGNATURE,
> + HAB_INV_SIZE,
> + HAB_MEM_FAIL,
> + HAB_OVR_COUNT,
> + HAB_OVR_STORAGE,
> + HAB_UNS_ALGORITHM,
> + HAB_UNS_COMMAND,
> + HAB_UNS_ENGINE,
> + HAB_UNS_ITEM,
> + HAB_UNS_KEY,
> + HAB_UNS_PROTOCOL,
> + HAB_UNS_STATE,
> + -1
> +};
> +
> +uint8_t hab_contexts[12] = {
> + HAB_CTX_ANY,
> + HAB_CTX_FAB,
> + HAB_CTX_ENTRY,
> + HAB_CTX_TARGET,
> + HAB_CTX_AUTHENTICATE,
> + HAB_CTX_DCD,
> + HAB_CTX_CSF,
> + HAB_CTX_COMMAND,
> + HAB_CTX_AUT_DAT,
> + HAB_CTX_ASSERT,
> + HAB_CTX_EXIT,
> + -1
> +};
> +
> +uint8_t hab_engines[16] = {
> + HAB_ENG_ANY,
> + HAB_ENG_SCC,
> + HAB_ENG_RTIC,
> + HAB_ENG_SAHARA,
> + HAB_ENG_CSU,
> + HAB_ENG_SRTC,
> + HAB_ENG_DCP,
> + HAB_ENG_CAAM,
> + HAB_ENG_SNVS,
> + HAB_ENG_OCOTP,
> + HAB_ENG_DTCP,
> + HAB_ENG_ROM,
> + HAB_ENG_HDCP,
> + HAB_ENG_RTL,
> + HAB_ENG_SW,
> + -1
> +};
> +
> bool is_hab_enabled(void)
> {
> struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
> @@ -122,6 +269,28 @@ bool is_hab_enabled(void)
> return (reg & 0x2) == 0x2;
> }
>
> +static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
> +{
> + uint8_t idx = 0;
> + uint8_t element = list[idx];
> + while (element != -1) {
> + if (element == tgt)
> + return idx;
> + element = list[++idx];
> + }
> + return -1;
> +}
> +
> +void process_event_record(uint8_t *event_data, size_t bytes)
> +{
> + struct record *rec = (struct record *)event_data;
> +
> + printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]);
> + printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]);
> + printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]);
> + printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
> +}
> +
> void display_event(uint8_t *event_data, size_t bytes)
> {
> uint32_t i;
> @@ -137,6 +306,8 @@ void display_event(uint8_t *event_data, size_t bytes)
> else
> printf(" 0x%02x", event_data[i]);
> }
> +
> + process_event_record(event_data, bytes);
> }
>
> int get_hab_status(void)
> diff --git a/arch/arm/include/asm/arch-mx6/hab.h b/arch/arm/include/asm/arch-mx6/hab.h
> index c9e5318..d0eaa67 100644
> --- a/arch/arm/include/asm/arch-mx6/hab.h
> +++ b/arch/arm/include/asm/arch-mx6/hab.h
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved.
> + * Copyright (C) 2012-2015 Freescale Semiconductor, Inc. All Rights Reserved.
> *
> * SPDX-License-Identifier: GPL-2.0+
> *
> @@ -23,24 +23,68 @@ enum hab_status {
>
> /* Security Configuration definitions */
> enum hab_config {
> - HAB_CFG_RETURN = 0x33, /**< Field Return IC */
> - HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */
> - HAB_CFG_CLOSED = 0xcc /**< Secure IC */
> + HAB_CFG_RETURN = 0x33, /* < Field Return IC */
> + HAB_CFG_OPEN = 0xf0, /* < Non-secure IC */
> + HAB_CFG_CLOSED = 0xcc /* < Secure IC */
> };
>
> /* State definitions */
> enum hab_state {
> - HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */
> - HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */
> - HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */
> - HAB_STATE_TRUSTED = 0x99, /**< Trusted state */
> - HAB_STATE_SECURE = 0xaa, /**< Secure state */
> - HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */
> - HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */
> - HAB_STATE_NONE = 0xf0, /**< No security state machine */
> + HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */
> + HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */
> + HAB_STATE_NONSECURE = 0x66, /* Non-secure state */
> + HAB_STATE_TRUSTED = 0x99, /* Trusted state */
> + HAB_STATE_SECURE = 0xaa, /* Secure state */
> + HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
> + HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
> + HAB_STATE_NONE = 0xf0, /* No security state machine */
> HAB_STATE_MAX
> };
>
> +enum hab_reason {
> + HAB_RSN_ANY = 0x00, /* Match any reason */
> + HAB_ENG_FAIL = 0x30, /* Engine failure */
> + HAB_INV_ADDRESS = 0x22, /* Invalid address: access denied */
> + HAB_INV_ASSERTION = 0x0c, /* Invalid assertion */
> + HAB_INV_CALL = 0x28, /* Function called out of sequence */
> + HAB_INV_CERTIFICATE = 0x21, /* Invalid certificate */
> + HAB_INV_COMMAND = 0x06, /* Invalid command: command malformed */
> + HAB_INV_CSF = 0x11, /* Invalid csf */
> + HAB_INV_DCD = 0x27, /* Invalid dcd */
> + HAB_INV_INDEX = 0x0f, /* Invalid index: access denied */
> + HAB_INV_IVT = 0x05, /* Invalid ivt */
> + HAB_INV_KEY = 0x1d, /* Invalid key */
> + HAB_INV_RETURN = 0x1e, /* Failed callback function */
> + HAB_INV_SIGNATURE = 0x18, /* Invalid signature */
> + HAB_INV_SIZE = 0x17, /* Invalid data size */
> + HAB_MEM_FAIL = 0x2e, /* Memory failure */
> + HAB_OVR_COUNT = 0x2b, /* Expired poll count */
> + HAB_OVR_STORAGE = 0x2d, /* Exhausted storage region */
> + HAB_UNS_ALGORITHM = 0x12, /* Unsupported algorithm */
> + HAB_UNS_COMMAND = 0x03, /* Unsupported command */
> + HAB_UNS_ENGINE = 0x0a, /* Unsupported engine */
> + HAB_UNS_ITEM = 0x24, /* Unsupported configuration item */
> + HAB_UNS_KEY = 0x1b, /* Unsupported key type/parameters */
> + HAB_UNS_PROTOCOL = 0x14, /* Unsupported protocol */
> + HAB_UNS_STATE = 0x09, /* Unsuitable state */
> + HAB_RSN_MAX
> +};
> +
> +enum hab_context {
> + HAB_CTX_ANY = 0x00, /* Match any context */
> + HAB_CTX_FAB = 0xff, /* Event logged in hab_fab_test() */
> + HAB_CTX_ENTRY = 0xe1, /* Event logged in hab_rvt.entry() */
> + HAB_CTX_TARGET = 0x33, /* Event logged in hab_rvt.check_target() */
> + HAB_CTX_AUTHENTICATE = 0x0a,/* Logged in hab_rvt.authenticate_image() */
> + HAB_CTX_DCD = 0xdd, /* Event logged in hab_rvt.run_dcd() */
> + HAB_CTX_CSF = 0xcf, /* Event logged in hab_rvt.run_csf() */
> + HAB_CTX_COMMAND = 0xc0, /* Event logged executing csf/dcd command */
> + HAB_CTX_AUT_DAT = 0xdb, /* Authenticated data block */
> + HAB_CTX_ASSERT = 0xa0, /* Event logged in hab_rvt.assert() */
> + HAB_CTX_EXIT = 0xee, /* Event logged in hab_rvt.exit() */
> + HAB_CTX_MAX
> +};
> +
> /*Function prototype description*/
> typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
> uint8_t* , size_t*);
> @@ -53,6 +97,22 @@ typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t,
> void **, size_t *, hab_loader_callback_f_t);
> typedef void hapi_clock_init_t(void);
>
> +#define HAB_ENG_ANY 0x00 /* Select first compatible engine */
> +#define HAB_ENG_SCC 0x03 /* Security controller */
> +#define HAB_ENG_RTIC 0x05 /* Run-time integrity checker */
> +#define HAB_ENG_SAHARA 0x06 /* Crypto accelerator */
> +#define HAB_ENG_CSU 0x0a /* Central Security Unit */
> +#define HAB_ENG_SRTC 0x0c /* Secure clock */
> +#define HAB_ENG_DCP 0x1b /* Data Co-Processor */
> +#define HAB_ENG_CAAM 0x1d /* CAAM */
> +#define HAB_ENG_SNVS 0x1e /* Secure Non-Volatile Storage */
> +#define HAB_ENG_OCOTP 0x21 /* Fuse controller */
> +#define HAB_ENG_DTCP 0x22 /* DTCP co-processor */
> +#define HAB_ENG_ROM 0x36 /* Protected ROM area */
> +#define HAB_ENG_HDCP 0x24 /* HDCP co-processor */
> +#define HAB_ENG_RTL 0x77 /* RTL simulation engine */
> +#define HAB_ENG_SW 0xff /* Software engine */
> +
> #ifdef CONFIG_MX6SX
> #define HAB_RVT_BASE 0x00000100
> #else
> @@ -73,6 +133,7 @@ typedef void hapi_clock_init_t(void);
>
> #define HAB_CID_ROM 0 /**< ROM Caller ID */
> #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
> +
> /* ----------- end of HAB API updates ------------*/
>
> #endif
>
Applied to u-boot-imx, thanks !
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
prev parent reply other threads:[~2015-07-10 8:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-03 2:26 [U-Boot] [PATCH v2] iMX: adding parsing to hab_status command Ulises.Cardenas at freescale.com
2015-07-10 8:01 ` Stefano Babic [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559F7BE3.4070809@denx.de \
--to=sbabic@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.