From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EB019C433EF for ; Fri, 15 Jul 2022 16:35:22 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 487CA83F3D; Fri, 15 Jul 2022 18:35:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="HPYGLi7G"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3381B8341C; Fri, 15 Jul 2022 18:34:48 +0200 (CEST) Received: from fllv0016.ext.ti.com (fllv0016.ext.ti.com [198.47.19.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8ED3683445 for ; Fri, 15 Jul 2022 18:34:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=afd@ti.com Received: from fllv0035.itg.ti.com ([10.64.41.0]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 26FGYbiI087066; Fri, 15 Jul 2022 11:34:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1657902877; bh=udyBDY336G4G66KZdpFi0mdQSjWUAg7f23mB8ImqQyg=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=HPYGLi7GGkszyxvgO2J/MI5Z7eGGVWscnvTBhRz4e5dnx/nR853FWrnvnZa/zsRw8 9JQ+plY2UO3hG4S51MLEQZ3hmY9hTL8jBcEPZPHQ6kFzw1e5+j3lF2CWP7wsmVI4Q9 U4odWW8cS/SlMtxKV8mU1q5P0mOtxeE/GA28gX0Y= Received: from DFLE112.ent.ti.com (dfle112.ent.ti.com [10.64.6.33]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 26FGYb3u019866 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 15 Jul 2022 11:34:37 -0500 Received: from DFLE105.ent.ti.com (10.64.6.26) by DFLE112.ent.ti.com (10.64.6.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14; Fri, 15 Jul 2022 11:34:37 -0500 Received: from lelv0327.itg.ti.com (10.180.67.183) by DFLE105.ent.ti.com (10.64.6.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14 via Frontend Transport; Fri, 15 Jul 2022 11:34:37 -0500 Received: from ula0226330.dal.design.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by lelv0327.itg.ti.com (8.15.2/8.15.2) with ESMTP id 26FGYZe9103933; Fri, 15 Jul 2022 11:34:37 -0500 From: Andrew Davis To: Simon Glass , Tom Rini , CC: Andrew Davis Subject: [PATCH 4/4] arm: mach-k3: security: Remove certificate if detected on GP device Date: Fri, 15 Jul 2022 11:34:35 -0500 Message-ID: <20220715163435.1725-4-afd@ti.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220715163435.1725-1-afd@ti.com> References: <20220715163435.1725-1-afd@ti.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean If the device is a GP and we detect a signing certificate then remove it. It would fail to authenticate otherwise as the device is GP and has no secure authentication services in SYSFW. This shouldn't happen often as trying to boot signed images on GP devices doesn't make much sense, but if we run into a signed image we should at least try to ignore the certificate and boot the image anyway. This could help with users of GP devices who only have HS images available. If this does happen, print a nice big warning. Signed-off-by: Andrew Davis --- arch/arm/mach-k3/security.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c index add7f413a4..d8d41ec515 100644 --- a/arch/arm/mach-k3/security.c +++ b/arch/arm/mach-k3/security.c @@ -30,10 +30,19 @@ static bool ti_secure_cert_detected(void *p_image) ((u8 *)p_image)[4] == 0x30 && ((u8 *)p_image)[5] == 0x82); } +/* Primitive certificate length, assumes one 2-Octet sized SEQUENCE */ +static size_t ti_secure_cert_length(void *p_image) +{ + size_t seq_length = be16_to_cpu(readw_relaxed(p_image + 2)); + /* Add 4 for the SEQUENCE tag length */ + return seq_length + 4; +} + void ti_secure_image_post_process(void **p_image, size_t *p_size) { struct ti_sci_handle *ti_sci = get_ti_sci_handle(); struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops; + size_t cert_length; u64 image_addr; u32 image_size; int ret; @@ -41,9 +50,28 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size) image_addr = (uintptr_t)*p_image; image_size = *p_size; - if (!image_size || get_device_type() == K3_DEVICE_TYPE_GP) + if (!image_size) return; + if (get_device_type() == K3_DEVICE_TYPE_GP) { + if (ti_secure_cert_detected(*p_image)) { + printf("Warning: Detected image signing certificate on GP device. " + "Skipping certificate to prevent boot failure. " + "This will fail if the image was also encrypted\n"); + + cert_length = ti_secure_cert_length(*p_image); + if (cert_length > *p_size) { + printf("Invalid signing certificate size\n"); + return; + } + + *p_image += cert_length; + *p_size -= cert_length; + } + + return; + } + if (get_device_type() != K3_DEVICE_TYPE_HS_SE && !ti_secure_cert_detected(*p_image)) { printf("Warning: Did not detect image signing certificate. " -- 2.36.1