From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8F831C77B73 for ; Mon, 22 May 2023 05:47:36 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3036E84670; Mon, 22 May 2023 07:47:34 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="lonflpe/"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 461588466B; Mon, 22 May 2023 07:47:33 +0200 (CEST) Received: from fllv0015.ext.ti.com (fllv0015.ext.ti.com [198.47.19.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E32FC8466B for ; Mon, 22 May 2023 07:47:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=m-chawdhry@ti.com Received: from lelv0265.itg.ti.com ([10.180.67.224]) by fllv0015.ext.ti.com (8.15.2/8.15.2) with ESMTP id 34M5lRrM126504 for ; Mon, 22 May 2023 00:47:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1684734447; bh=n2Auqw7Ru3WMDowzXVHg69YwvVYNvaAK3HjXzhbxPjM=; h=Date:Subject:To:CC:References:From:In-Reply-To; b=lonflpe/rv7AEtgXtPswrBapdHQDezjqdaX7gPlXeCr88iqPUMxrKsqiHkKG0gJkN E+qn4TcSvRzq5eODFkl0YpnPpGTzFqlpJ/Dxg5cBVPCHmmxvLhOpozmdBjZ8JMrco5 bc9UFHiZaQH4drnOdfHxKNmm/lKrZoAN5Mb9sJQc= Received: from DFLE112.ent.ti.com (dfle112.ent.ti.com [10.64.6.33]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 34M5lRig030527 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 22 May 2023 00:47:27 -0500 Received: from DFLE102.ent.ti.com (10.64.6.23) by DFLE112.ent.ti.com (10.64.6.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23; Mon, 22 May 2023 00:47:27 -0500 Received: from lelv0326.itg.ti.com (10.180.67.84) by DFLE102.ent.ti.com (10.64.6.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.23 via Frontend Transport; Mon, 22 May 2023 00:47:27 -0500 Received: from [172.24.145.216] (ileaxei01-snat.itg.ti.com [10.180.69.5]) by lelv0326.itg.ti.com (8.15.2/8.15.2) with ESMTP id 34M5lPlc032017; Mon, 22 May 2023 00:47:26 -0500 Message-ID: <081258fb-e97c-58e9-10d6-e7ce584b76fc@ti.com> Date: Mon, 22 May 2023 11:17:25 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH] arm: mach-k3: security: separate out validating binary logic To: "Andrew F. Davis" CC: , Vignesh Raghavendra , Kamlesh Gurudasani References: <20230512-b4-upstream-atf-optee-am62-gp-v1-1-7ff3ee46b36a@ti.com> Content-Language: en-US From: Manorit Chawdhry In-Reply-To: <20230512-b4-upstream-atf-optee-am62-gp-v1-1-7ff3ee46b36a@ti.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Hi Tom, On 18/05/23 12:44, Manorit Chawdhry wrote: > K3 GP devices allows booting the secure binaries on them by bypassing > the x509 header on them. > > ATF and OPTEE firewalling required the rproc_load to be called before > authentication. This change caused the failure for GP devices that > strips off the headers. The boot vector had been set before the headers > were stripped off causing the runtime stripping to fail and stripping > becoming in-effective. > > Separate out the secure binary check on GP/HS devices so that the > boot_vector could be stripped before calling rproc_load. This allows > keeping the authentication later when the cluster is on along with > allowing the stripping of the binaries in case of gp devices. > > Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee") > > Signed-off-by: Manorit Chawdhry > --- > arch/arm/mach-k3/common.c | 5 +++++ > arch/arm/mach-k3/common.h | 1 + > arch/arm/mach-k3/security.c | 32 ++++++++++++++++++++++++-------- > 3 files changed, 30 insertions(+), 8 deletions(-) > > diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c > index 3c85caee579d..34737a43aa08 100644 > --- a/arch/arm/mach-k3/common.c > +++ b/arch/arm/mach-k3/common.c > @@ -347,8 +347,13 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image, > if ((i != IMAGE_ID_ATF) && (i != IMAGE_ID_OPTEE)) > #endif > { > + ti_secure_image_check_binary(p_image, p_size); > ti_secure_image_post_process(p_image, p_size); > } > +#if IS_ENABLED(CONFIG_SYS_K3_SPL_ATF) > + else > + ti_secure_image_check_binary(p_image, p_size); > +#endif > } > #endif > > diff --git a/arch/arm/mach-k3/common.h b/arch/arm/mach-k3/common.h > index e7e59f533b70..899be64a50cb 100644 > --- a/arch/arm/mach-k3/common.h > +++ b/arch/arm/mach-k3/common.h > @@ -41,3 +41,4 @@ enum k3_device_type get_device_type(void); > void ti_secure_image_post_process(void **p_image, size_t *p_size); > struct ti_sci_handle *get_ti_sci_handle(void); > void do_board_detect(void); > +void ti_secure_image_check_binary(void **p_image, size_t *p_size); > diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c > index 6179f7373aa7..02a2c12dbd6f 100644 > --- a/arch/arm/mach-k3/security.c > +++ b/arch/arm/mach-k3/security.c > @@ -38,19 +38,16 @@ static size_t ti_secure_cert_length(void *p_image) > return seq_length + 4; > } > > -void ti_secure_image_post_process(void **p_image, size_t *p_size) > +void ti_secure_image_check_binary(void **p_image, size_t *p_size) > { > - struct ti_sci_handle *ti_sci = get_ti_sci_handle(); > - struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops; > - size_t cert_length; > - u64 image_addr; > u32 image_size; > - int ret; > - > + size_t cert_length; > image_size = *p_size; > > - if (!image_size) > + if (!image_size) { > + debug("%s: Image size is %d\n", __func__, image_size); > return; > + } > > if (get_device_type() == K3_DEVICE_TYPE_GP) { > if (ti_secure_cert_detected(*p_image)) { > @@ -78,6 +75,25 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size) > "This will fail on Security Enforcing(HS-SE) devices\n"); > return; > } > +} > + > +void ti_secure_image_post_process(void **p_image, size_t *p_size) > +{ > + struct ti_sci_handle *ti_sci = get_ti_sci_handle(); > + struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops; > + u64 image_addr; > + u32 image_size; > + int ret; > + > + image_size = *p_size; > + if (!image_size) { > + debug("%s: Image size is %d\n", __func__, image_size); > + return; > + } > + > + if (get_device_type() != K3_DEVICE_TYPE_HS_SE && > + get_device_type() != K3_DEVICE_TYPE_HS_FS) > + return; > > /* Clean out image so it can be seen by system firmware */ > image_addr = dma_map_single(*p_image, *p_size, DMA_BIDIRECTIONAL); > > --- > base-commit: 0a9a4384c1483a88776bca38e28f09be51161034 > change-id: 20230512-b4-upstream-atf-optee-am62-gp-20bfcb479ac4 > > Best regards, Please hold this patch. Regards, Manorit