On 08/02/18 12:43, Jagan Teki wrote:
On Fri, Jan 12, 2018 at 6:09 PM, Bryan O'Donoghue bryan.odonoghue@linaro.org wrote:
v6:
Added patch 21/25 return zero on open (unlocked) board when calling authenticate_image() - Breno
Added Tested-by: Breno Matheus Lima brenomatheus@gmail.com as indicated for remainder 24/25 patches
Added Reviewed-by: Fabio Estevam fabio.estevam@nxp.com as indicated for remainder 24/25 patches
v5:
- Drop dcache disable across HAB call. We can't replicate this error on the current codebase and the available images. We'll have to wait for the error to crop up again before pushing that patch any further.
v4:
- No change mixed extra patches @ v3 unnoticed with previous git-send
v3:
Only call into ROM if headers are verified. - Bryan
Print HAB event log if and only if a call was made to HAB and a meaningful status code has been obtained. - Breno
v2:
Fix compilation warnings and errors in SPL highlighted by Breno Matheus Lima
Add CC: Breno Matheus Lima brenomatheus@gmail.com to all patches
v1: This patchset updates the i.MX HAB layer in u-boot to fix a list of identified issues and then to add and extend existing functionality.
The first block of patches 0001-0006 deal with fixing existing code,
- Fixes indentation
- Fixes the treatment of input parameters to hab_auth_image.
The second block of patches 0007-0013 are about tidying up the HAB code
- Remove reliance on hard-coding to specific offsets
- IVT header drives locating CSF
- Continue to support existing boards
Patches 0014 onwards extend out the HAB functionality.
- hab_rvt_check_target is a recommended check in the NXP documents to perform prior to hab_rvt_authenticate_image
- hab_rvt_failsafe is a useful function to set the board into BootROM USB recovery mode.
Bryan O'Donoghue (25): arm: imx: hab: Make authenticate_image return int arm: imx: hab: Fix authenticate_image result code arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail arm: imx: hab: Move IVT_SIZE to hab.h arm: imx: hab: Move CSF_PAD_SIZE to hab.h arm: imx: hab: Fix authenticate_image input parameters arm: imx: hab: Add IVT header definitions arm: imx: hab: Add IVT header verification arm: imx: hab: Verify IVT self matches calculated address arm: imx: hab: Only call ROM once headers are verified arm: imx: hab: Print CSF based on IVT descriptor arm: imx: hab: Print additional IVT elements during debug arm: imx: hab: Define rvt_check_target() arm: imx: hab: Implement hab_rvt_check_target arm: imx: hab: Add a hab_rvt_check_target to image auth arm: imx: hab: Print HAB event log only after calling ROM arm: imx: hab: Make internal functions and data static arm: imx: hab: Prefix authenticate_image with imx_hab arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled arm: imx: hab: Make authenticate_image() return zero on open boards arm: imx: hab: Make imx_hab_is_enabled global arm: imx: hab: Define rvt_failsafe() arm: imx: hab: Implement hab_rvt_failsafe arm: imx: hab: Add hab_failsafe console command
arch/arm/include/asm/mach-imx/hab.h | 46 +++- arch/arm/mach-imx/hab.c | 461 +++++++++++++++++++++--------------- arch/arm/mach-imx/spl.c | 38 ++- 3 files changed, 354 insertions(+), 191 deletions(-)
I tried Secure boot before[1] with SPL and U-Boot proper and work well.
I'm observing authentication issue while loading U-Boot proper, U-Boot proper now have features like SPL DM and SPL FIT etc
U-Boot SPL 2018.03-rc1-00182-gb81f7c9 (Feb 08 2018 - 17:19:03 +0530) Trying to boot from MMC1 Expected Linux image is not found. Trying to start U-boot
Authenticate image from DDR location 0x17800000... bad magic magic=0xb8 length=0x841b version=0x17 bad length magic=0xb8 length=0x841b version=0x17 bad version magic=0xb8 length=0x841b version=0x17 spl: ERROR: image authentication unsuccessful ### ERROR ### Please RESET the board ###
Please let me know where I missed, I'm authenticating SPL and u-boot-dtb.img now.
Can you send
1. The load address of the binary 2. The command you are using for authenticate image ?