Re: [U-Boot] [PATCH v2 2/3] fsl: PPA: add support PPA image validation from NAND and SD

22 Apr 2017


      ...
-----Original Message-----
From: York Sun [mailto:york.sun@nxp.com]
Sent: Saturday, April 22, 2017 1:03 AM
To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de
Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha
prabhakar.kushwaha@nxp.com; Vini Pillai vinitha.pillai@nxp.com; Udit
Agarwal udit.agarwal@nxp.com
Subject: Re: [PATCH v2 2/3] fsl: PPA: add support PPA image validation from
NAND and SD
On 04/19/2017 05:16 AM, Sumit Garg wrote:
...
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com
Tested-by: Vinitha Pillai vinitha.pillai@nxp.com

Changes in v2:
Changed order of patch 1 & 2. Also moved assignment of ppa_esbc_hdr to
CONFIG_SYS_LS_PPA_ESBC_ADDR in XIP space as it's not required in case
of SD/NAND.
arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 72
++++++++++++++++++++++++++++++++-
 1 file changed, 70 insertions(+), 2 deletions(-)
<snip>
...
#ifdef CONFIG_CHAIN_OF_TRUST
   ppa_img_addr = (uintptr_t)ppa_fit_addr;
   if (fsl_check_boot_mode_secure() != 0) {

/*


 * In case of failure in validation, fsl_secboot_validate


 * would not return back in case of Production environment


 * with ITS=1. In Development environment (ITS=0 and


 * SB_EN=1), the function may return back in case of


 * non-fatal failures.


 */

ret = fsl_secboot_validate(ppa_esbc_hdr,
			   PPA_KEY_HASH,
			   &ppa_img_addr);

@@ -185,6 +249,10 @@ int ppa_init(void)
   	else
   		printf("PPA validation Successful\n");
   }
+#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \

defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
free(ppa_hdr_ddr);

+#endif
 #endif
#ifdef CONFIG_FSL_LSCH3
Do we want to return from this function if any error happens with
CONFIG_CHAIN_OF_TRUST enabled?
York
There are two scenarios in Secure boot validation, either there could be non-fatal
or fatal errors. In case of fatal error " fsl_secboot_validate" function will not
return. In case of non-fatal error " fsl_secboot_validate" func. will return and
booting should continue.
So in case of Production environment, all errors are fatal failures so function will
not pass control back. But in case of Development environment there is possibility
of non-fatal error, so function returns back and booting should continue.
Sumit

    