From: Andreas Dannenberg <dannenberg@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 4/9] arm: omap-common: secure ROM signature verify API
Date: Mon, 27 Jun 2016 09:19:19 -0500 [thread overview]
Message-ID: <1467037164-28093-5-git-send-email-dannenberg@ti.com> (raw)
In-Reply-To: <1467037164-28093-1-git-send-email-dannenberg@ti.com>
Adds an API that verifies a signature attached to an image (binary
blob). This API is basically a entry to a secure ROM service provided by
the device and accessed via an SMC call, using a particular calling
convention.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
---
arch/arm/cpu/armv7/omap-common/sec-common.c | 88 +++++++++++++++++++++++++++++
arch/arm/include/asm/omap_sec_common.h | 9 +++
2 files changed, 97 insertions(+)
diff --git a/arch/arm/cpu/armv7/omap-common/sec-common.c b/arch/arm/cpu/armv7/omap-common/sec-common.c
index 4ec736f..246a239 100644
--- a/arch/arm/cpu/armv7/omap-common/sec-common.c
+++ b/arch/arm/cpu/armv7/omap-common/sec-common.c
@@ -17,6 +17,11 @@
#include <asm/arch/sys_proto.h>
#include <asm/omap_common.h>
#include <asm/omap_sec_common.h>
+#include <asm/spl.h>
+#include <spl.h>
+
+/* Index for signature verify ROM API */
+#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
@@ -49,3 +54,86 @@ u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
}
+
+static u32 find_sig_start(char *image, size_t size)
+{
+ char *image_end = image + size;
+ char *sig_start_magic = "CERT_";
+ int magic_str_len = strlen(sig_start_magic);
+ char *ch;
+
+ while (--image_end > image) {
+ if (*image_end == '_') {
+ ch = image_end - magic_str_len + 1;
+ if (!strncmp(ch, sig_start_magic, magic_str_len))
+ return (u32)ch;
+ }
+ }
+ return 0;
+}
+
+int secure_boot_verify_image(void **image, size_t *size)
+{
+ int result = 1;
+ u32 cert_addr, sig_addr;
+ size_t cert_size;
+
+ /* Perform cache writeback on input buffer */
+ flush_dcache_range(
+ (u32)*image,
+ (u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
+
+ cert_addr = (uint32_t)*image;
+ sig_addr = find_sig_start((char *)*image, *size);
+
+ if (sig_addr == 0) {
+ printf("No signature found in image!\n");
+ result = 1;
+ goto auth_exit;
+ }
+
+ *size = sig_addr - cert_addr; /* Subtract out the signature size */
+ cert_size = *size;
+
+ /* Check if image load address is 32-bit aligned */
+ if (!IS_ALIGNED(cert_addr, 4)) {
+ printf("Image is not 4-byte aligned!\n");
+ result = 1;
+ goto auth_exit;
+ }
+
+ /* Image size also should be multiple of 4 */
+ if (!IS_ALIGNED(cert_size, 4)) {
+ printf("Image size is not 4-byte aligned!\n");
+ result = 1;
+ goto auth_exit;
+ }
+
+ /* Call ROM HAL API to verify certificate signature */
+ debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
+ cert_addr, cert_size, sig_addr);
+
+ result = secure_rom_call(
+ API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
+ 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
+auth_exit:
+ if (result != 0) {
+ printf("Authentication failed!\n");
+ printf("Return Value = %08X\n", result);
+ hang();
+ }
+
+ /*
+ * Output notification of successful authentication as well the name of
+ * the signing certificate used to re-assure the user that the secure
+ * code is being processed as expected. However suppress any such log
+ * output in case of building for SPL and booting via YMODEM. This is
+ * done to avoid disturbing the YMODEM serial protocol transactions.
+ */
+ if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
+ IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
+ spl_boot_device() == BOOT_DEVICE_UART))
+ printf("Authentication passed: %s\n", (char *)sig_addr);
+
+ return result;
+}
diff --git a/arch/arm/include/asm/omap_sec_common.h b/arch/arm/include/asm/omap_sec_common.h
index 1f50f83..842f2af 100644
--- a/arch/arm/include/asm/omap_sec_common.h
+++ b/arch/arm/include/asm/omap_sec_common.h
@@ -18,4 +18,13 @@
*/
u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...);
+/*
+ * Invoke a secure ROM API on high-secure (HS) device variants that can be used
+ * to verify a secure blob by authenticating and optionally decrypting it. The
+ * exact operation performed depends on how the certificate that was embedded
+ * into the blob during the signing/encryption step when the secure blob was
+ * first created.
+ */
+int secure_boot_verify_image(void **p_image, size_t *p_size);
+
#endif /* _OMAP_SEC_COMMON_H_ */
--
2.6.4
next prev parent reply other threads:[~2016-06-27 14:19 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-27 14:19 [U-Boot] [PATCH v3 0/9] Secure Boot by Authenticating/Decrypting SPL FIT blobs Andreas Dannenberg
2016-06-27 14:19 ` [U-Boot] [PATCH v3 1/9] arm: cache: add missing dummy functions for when dcache disabled Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 2/9] arm: omap-common: add secure smc entry Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 3/9] arm: omap-common: add secure rom call API for secure devices Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` Andreas Dannenberg [this message]
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, 4/9] arm: omap-common: secure ROM signature verify API Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 5/9] arm: omap-common: Update to generate secure U-Boot FIT blob Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 6/9] spl: fit: add support for post-processing of images Andreas Dannenberg
2016-06-29 3:28 ` Simon Glass
2016-06-29 14:19 ` Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 7/9] arm: omap5: add U-Boot FIT signing and SPL image post-processing Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 8/9] arm: am4x: " Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-06-27 14:19 ` [U-Boot] [PATCH v3 9/9] doc: Update info on using secure devices from TI Andreas Dannenberg
2016-07-16 13:47 ` [U-Boot] [U-Boot, v3, " Tom Rini
2016-07-14 13:55 ` [U-Boot] [PATCH v3 0/9] Secure Boot by Authenticating/Decrypting SPL FIT blobs Andreas Dannenberg
2016-07-14 14:57 ` Tom Rini
2016-07-14 15:22 ` Andreas Dannenberg
2016-07-14 14:59 ` Simon Glass
2016-07-20 18:19 ` Andreas Dannenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467037164-28093-5-git-send-email-dannenberg@ti.com \
--to=dannenberg@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox