From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI Takahiro Date: Tue, 3 Sep 2019 08:45:30 +0900 Subject: [U-Boot] [PATCH] rpi3: Enable verified boot from FIT image In-Reply-To: <7f2302c4-2a47-8d5e-0bfe-fd4d8610113c@gmx.de> References: <1562817337-949-1-git-send-email-jun.nie@linaro.org> <630dc300-b668-d20e-62e5-314fa88e1985@suse.com> <92cf69d9-9cb7-4783-e169-0f83b7086893@gmail.com> <7f2302c4-2a47-8d5e-0bfe-fd4d8610113c@gmx.de> Message-ID: <20190902234529.GA4398@linaro.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: u-boot@lists.denx.de On Mon, Sep 02, 2019 at 01:19:06PM +0200, Heinrich Schuchardt wrote: > On 9/2/19 12:30 PM, Matthias Brugger wrote: > >+Alex, Lukas, Heinrich, Bin and Simon > > > >On 31/07/2019 10:16, Jun Nie wrote: > >>Matthias Brugger 于2019年7月31日周三 下午4:05写道: > >>> > >>> > >>> > >>>On 11/07/2019 05:55, Jun Nie wrote: > >>>>Enable verified boot from FIT image with select configs > >>>>and specify boot script image node in FIT image, the FIT > >>>>image is verified before it is run. > >>>> > >>>>Code that reusing dtb in firmware is disabled, so that > >>>>the dtb with pubic key packed in u-boot.bin can be used > >>>>to verify the signature of next stage FIT image. > >>>> > >>>>Signed-off-by: Jun Nie > >>>>--- > >>>> board/raspberrypi/rpi/rpi.c | 6 ++++++ > >>>> include/configs/rpi.h | 15 ++++++++++++++- > >>>> 2 files changed, 20 insertions(+), 1 deletion(-) > >>>> > >>>>diff --git a/board/raspberrypi/rpi/rpi.c b/board/raspberrypi/rpi/rpi.c > >>>>index 617c892..950ee84 100644 > >>>>--- a/board/raspberrypi/rpi/rpi.c > >>>>+++ b/board/raspberrypi/rpi/rpi.c > >>>>@@ -297,6 +297,7 @@ static void set_fdtfile(void) > >>>> env_set("fdtfile", fdtfile); > >>>> } > >>>> > >>>>+#ifndef CONFIG_FIT_SIGNATURE > >>>> /* > >>>> * If the firmware provided a valid FDT at boot time, let's expose it in > >>>> * ${fdt_addr} so it may be passed unmodified to the kernel. > >>>>@@ -311,6 +312,7 @@ static void set_fdt_addr(void) > >>>> > >>>> env_set_hex("fdt_addr", fw_dtb_pointer); > >>>> } > >>>>+#endif > >>>> > >>>> /* > >>>> * Prevent relocation from stomping on a firmware provided FDT blob. > >>>>@@ -393,7 +395,9 @@ static void set_serial_number(void) > >>>> > >>>> int misc_init_r(void) > >>>> { > >>>>+#ifndef CONFIG_FIT_SIGNATURE > >>>> set_fdt_addr(); > >>>>+#endif > >>>> set_fdtfile(); > >>>> set_usbethaddr(); > >>>> #ifdef CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG > >>>>@@ -470,6 +474,7 @@ int board_init(void) > >>>> return bcm2835_power_on_module(BCM2835_MBOX_POWER_DEVID_USB_HCD); > >>>> } > >>>> > >>>>+#ifndef CONFIG_FIT_SIGNATURE > >>>> /* > >>>> * If the firmware passed a device tree use it for U-Boot. > >>>> */ > >>>>@@ -479,6 +484,7 @@ void *board_fdt_blob_setup(void) > >>>> return NULL; > >>>> return (void *)fw_dtb_pointer; > >>>> } > >>>>+#endif > >>> > >>>Just to get this clear we need this because we want to pass the device tree via > >>>OF_SEPARATE, correct? > >> > >>You are right. U-boot need to read he signature from dtb. > >> > >>> > >>>> > >>>> int ft_board_setup(void *blob, bd_t *bd) > >>>> { > >>>>diff --git a/include/configs/rpi.h b/include/configs/rpi.h > >>>>index f76c7d1..ba91205 100644 > >>>>--- a/include/configs/rpi.h > >>>>+++ b/include/configs/rpi.h > >>>>@@ -180,11 +180,24 @@ > >>>> > >>>> #include > >>>> > >>>>+#ifdef CONFIG_FIT_SIGNATURE > >>>>+#define FIT_BOOT_CMD \ > >>>>+ "boot_a_script=" \ > >>>>+ "load ${devtype} ${devnum}:${distro_bootpart} " \ > >>>>+ "${scriptaddr} ${prefix}${script}; " \ > >>>>+ "iminfo ${scriptaddr};" \ > >>>>+ "if test $? -eq 1; then reset; fi;" \ > >>>>+ "source ${scriptaddr}:bootscr\0" > >>>>+#else > >>>>+#define FIT_BOOT_CMD "" > >>>>+#endif > >>>>+ > >>> > >>>Doesn't this overwrite the boot_a_script in distro_bootcmd? > >>> > >>>Would it make sense to add FIT booting to the distro boot command? > >>> > >>>Regards, > >>>Matthias > >> > >>Yes, it overwrite the boot_a_script in distro_bootcmd. It is make > >>sense to add this to the distro boot command. I can send another patch > >>to move these lines to common code later. > >> > > > >Question to the people just added, as you have relevant submission to > >distroboot. Do you think it makes sense to add FIT_BOOT_CMD to that? > > > >Regards, > >Matthias > > The idea of distro-boot was to make it easier for Linux distributions to > update the information needed by U-Boot to find the right kernel and > ramdisk. > > According to doc/README.distro file extlinux.conf should be used for the > communication between the distribution and U-Boot. Some distributions > like Debian still rely on boot.scr. > > Many distributions (OpenBSD, FreeBSD, Suse, Fedora) have moved from > distro-boot to UEFI as booting standard. Unfortunately we have not > documented our support for this in doc/README.distro (TODO for me). > Takahiro is working on secure boot using UEFI. Once completed this could > obsolete FIT images. Well, UEFI secure boot handles PE(+) images and doesn't cover dtb, initrd or whatever FIT may contain. -Takahiro Akashi > Would we expect Linux distributions to provide FIT images upon kernel > updates? > Is there any Linux distribution doing so? > > Only if we can answer these questions with yes, adding FIT_BOOT_CMD to > distro-boot would make sense to me. > > Best regards > > Heinrich > > > > >>> > >>>> #define CONFIG_EXTRA_ENV_SETTINGS \ > >>>> "dhcpuboot=usb start; dhcp u-boot.uimg; bootm\0" \ > >>>> ENV_DEVICE_SETTINGS \ > >>>> ENV_MEM_LAYOUT_SETTINGS \ > >>>>- BOOTENV > >>>>+ BOOTENV \ > >>>>+ FIT_BOOT_CMD > >>>> > >>>> > >>>> #endif > >>>> > >> > > >