From: Andreas Dannenberg <dannenberg@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 5/9] arm: omap-common: secure ROM signature verify API
Date: Wed, 22 Jun 2016 09:21:28 -0500 [thread overview]
Message-ID: <20160622142128.GI26355@borg.dal.design.ti.com> (raw)
In-Reply-To: <576A5DA8.90605@ti.com>
On Wed, Jun 22, 2016 at 03:13:04PM +0530, Lokesh Vutla wrote:
>
>
> On Wednesday 22 June 2016 05:26 AM, Tom Rini wrote:
> > On Tue, Jun 21, 2016 at 10:01:54AM +0530, Lokesh Vutla wrote:
> >>
> >>
> >> On Tuesday 21 June 2016 09:04 AM, Andreas Dannenberg wrote:
> >>> Adds an API that verifies a signature attached to an image (binary
> >>> blob). This API is basically a entry to a secure ROM service provided by
> >>> the device and accessed via an SMC call, using a particular calling
> >>> convention.
> >>>
> >>> Signed-off-by: Daniel Allred <d-allred@ti.com>
> >>> Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
> >>> ---
> >>> arch/arm/cpu/armv7/omap-common/sec-common.c | 76 +++++++++++++++++++++++++++++
> >>> arch/arm/include/asm/omap_common.h | 9 ++++
> >>> 2 files changed, 85 insertions(+)
> >>>
> >>> diff --git a/arch/arm/cpu/armv7/omap-common/sec-common.c b/arch/arm/cpu/armv7/omap-common/sec-common.c
> >>> index b9c0a42..dbb9078 100644
> >>> --- a/arch/arm/cpu/armv7/omap-common/sec-common.c
> >>> +++ b/arch/arm/cpu/armv7/omap-common/sec-common.c
> >>> @@ -16,6 +16,9 @@
> >>> #include <asm/arch/sys_proto.h>
> >>> #include <asm/omap_common.h>
> >>>
> >>> +/* Index for signature verify ROM API */
> >>> +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
> >>> +
> >>> static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
> >>>
> >>> u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
> >>> @@ -47,3 +50,76 @@ u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
> >>>
> >>> return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
> >>> }
> >>> +
> >>> +static u32 find_sig_start(char *image, size_t size)
> >>> +{
> >>> + char *image_end = image + size;
> >>> + char *sig_start_magic = "CERT_";
> >>> + int magic_str_len = strlen(sig_start_magic);
> >>> + char *ch;
> >>> +
> >>> + while (--image_end > image) {
> >>> + if (*image_end == '_') {
> >>> + ch = image_end - magic_str_len + 1;
> >>> + if (!strncmp(ch, sig_start_magic, magic_str_len))
> >>> + return (u32)ch;
> >>> + }
> >>> + }
> >>> + return 0;
> >>> +}
> >>> +
> >>> +int secure_boot_verify_image(void **image, size_t *size)
> >>> +{
> >>> + int result = 1;
> >>> + u32 cert_addr, sig_addr;
> >>> + size_t cert_size;
> >>> +
> >>> + /* Perform cache writeback on input buffer */
> >>> + flush_dcache_range(
> >>> + (u32)*image,
> >>> + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
> >>> +
> >>> + cert_addr = (uint32_t)*image;
> >>> + sig_addr = find_sig_start((char *)*image, *size);
> >>> +
> >>> + if (sig_addr == 0) {
> >>> + printf("No signature found in image.\n");
> >>> + result = 1;
> >>> + goto auth_exit;
> >>> + }
> >>> +
> >>> + *size = sig_addr - cert_addr; /* Subtract out the signature size */
> >>> + cert_size = *size;
> >>> +
> >>> + /* Check if image load address is 32-bit aligned */
> >>> + if (0 != (0x3 & cert_addr)) {
> >>
> >> if (!IS_ALIGNED(cert_addr, 4)) { ?
> >>
> >>> + printf("Image is not 4-byte aligned.\n");
> >>> + result = 1;
> >>> + goto auth_exit;
> >>> + }
> >>> +
> >>> + /* Image size also should be multiple of 4 */
> >>> + if (0 != (0x3 & cert_size)) {
> >>
> >> if (!IS_ALIGNED(cert_size, 4)) { ?
> >>
> >>> + printf("Image size is not 4-byte aligned.\n");
> >>> + result = 1;
> >>> + goto auth_exit;
> >>> + }
> >>> +
> >>> + /* Call ROM HAL API to verify certificate signature */
> >>> + debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
> >>> + cert_addr, cert_size, sig_addr);
> >>> +
> >>> + result = secure_rom_call(
> >>> + API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
> >>> + 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
> >>> +auth_exit:
> >>> + if (result != 0) {
> >>> + printf("Authentication failed!\n");
> >>> + printf("Return Value = %08X\n", result);
> >>> + hang();
> >>> + }
> >>> +
> >>> + printf("Authentication passed: %s\n", (char *)sig_addr);
> >>
> >> Uart boot will break because of these prints during the FIT loading. Can
> >> you make this as debug?
> >
> > Are you sure it will break? There's usually a print in between loading
> > SPL via UART and then U-Boot itself via UART and Y-MODEM is smart enough
> > to re-transmit.
> >
>
> Yes, if the print is in between while Y-MODEM is transferring. The above
> print falls in this case.
Tom et al.,
so if this really breaks stuff I need to do something about it. As said
I'd really like to keep the "Authentication passed: <certificate name>"
message in the boot log. So if I implement something along the lines
what Lokesh suggested:
"...you can check if (spl_boot_device() != BOOT_DEVICE_UART) under the
config CONFIG_SPL_YMODEM_SUPPORT. Not sure if it is a good way to do..."
to selectivly suppress the message in case of UART boot, would this be
acceptable? Or is there a better way?
Thanks and Regards,
Andreas
next prev parent reply other threads:[~2016-06-22 14:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-21 3:34 [U-Boot] [PATCH 0/9] Secure Boot by Authenticating/Decrypting SPL FIT blobs Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 1/9] arm: cache: add missing dummy functions for when dcache disabled Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 2/9] spl: fit: add support for post-processing of images Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-23 2:38 ` Masahiro Yamada
2016-06-23 13:25 ` Andreas Dannenberg
2016-06-23 13:57 ` Simon Glass
2016-06-23 14:19 ` Andreas Dannenberg
2016-06-23 14:45 ` Simon Glass
2016-06-23 15:00 ` Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 3/9] arm: omap-common: add secure smc entry Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 4/9] arm: omap-common: add secure rom call API for secure devices Andreas Dannenberg
2016-06-21 23:56 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 5/9] arm: omap-common: secure ROM signature verify API Andreas Dannenberg
2016-06-21 4:31 ` Lokesh Vutla
2016-06-21 5:02 ` Andreas Dannenberg
2016-06-21 5:16 ` Lokesh Vutla
2016-06-21 23:56 ` Tom Rini
2016-06-22 9:43 ` Lokesh Vutla
2016-06-22 14:21 ` Andreas Dannenberg [this message]
2016-06-22 14:36 ` Tom Rini
2016-06-22 14:49 ` Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 6/9] arm: omap-common: Update to generate secure U-Boot FIT blob Andreas Dannenberg
2016-06-21 3:34 ` [U-Boot] [PATCH 7/9] arm: omap5: add U-Boot FIT signing and SPL image post-processing Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 8/9] arm: am4x: " Andreas Dannenberg
2016-06-21 23:57 ` Tom Rini
2016-06-21 3:34 ` [U-Boot] [PATCH 9/9] doc: Update info on using secure devices from TI Andreas Dannenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160622142128.GI26355@borg.dal.design.ti.com \
--to=dannenberg@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox