-----Original Message----- From: Lim, Elly Siew Chin elly.siew.chin.lim@intel.com Sent: Saturday, February 27, 2021 12:11 AM To: u-boot@lists.denx.de Cc: Marek Vasut marex@denx.de; Tan, Ley Foon ley.foon.tan@intel.com; See, Chin Liang chin.liang.see@intel.com; Simon Goldschmidt simon.k.r.goldschmidt@gmail.com; Chee, Tien Fong tien.fong.chee@intel.com; Westergreen, Dalon dalon.westergreen@intel.com; Simon Glass sjg@chromium.org; Gan, Yau Wai yau.wai.gan@intel.com; Lim, Elly Siew Chin elly.siew.chin.lim@intel.com Subject: [v4 2/7] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating the images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and etc loaded from FIT. After those images are loaded from FIT, the VAB certificate and signature block appended at the end of each image are sent to Secure Device Manager (SDM) for authentication. U-Boot will validate the SHA384 of the image against the SHA384 hash stored in the VAB certificate before sending the image to SDM for authentication.
Signed-off-by: Siew Chin Lim elly.siew.chin.lim@intel.com
v4:
- Move function 'board_fit_image_post_process' and 'board_prep_linux' to arch/arm/mach-socfpga/board.c
v3:
- Add description for function 'socfpga_vendor_authentication'.
- Relocate vab certificate to first memory bank before trigger SMC call to send mailbox command because ATF only able to access first memory
bank.
- Report error instead of bypass the authentication in SPL if Secure Device Manager (SDM) does not support VAB.
- Print success string if VAB success.
- Replace #ifdef with if(IS_ENABLED(CONFIG_...)).
arch/arm/mach-socfpga/Kconfig | 15 ++ arch/arm/mach-socfpga/Makefile | 2 + arch/arm/mach-socfpga/board.c | 43 +++++- arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ arch/arm/mach-socfpga/secure_vab.c | 186 +++++++++++++++++++++++ common/Kconfig.boot | 2 +- 7 files changed, 307 insertions(+), 5 deletions(-) create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h create mode 100644 arch/arm/mach-socfpga/secure_vab.c
#include <common.h> -#include <errno.h> -#include <fdtdec.h> -#include <init.h> -#include <asm/arch/reset_manager.h> #include <asm/arch/clock_manager.h> #include <asm/arch/misc.h> +#include <asm/arch/reset_manager.h> +#include <asm/arch/secure_vab.h> #include <asm/io.h> +#include <errno.h> +#include <fdtdec.h> +#include <hang.h> +#include <image.h> +#include <init.h> #include <log.h> #include <usb.h> #include <usb/dwc2_udc.h> @@ -97,3 +100,35 @@ __weak int board_fit_config_name_match(const char *name) return 0; } #endif
+#if IS_ENABLED(CONFIG_SOCFPGA_SECURE_VAB_AUTH) +void board_fit_image_post_process(void **p_image, size_t *p_size) {
- if (socfpga_vendor_authentication(p_image, p_size))
hang();+}
+void board_prep_linux(bootm_headers_t *images) {
Check CONFIG_SOCFPGA_SECURE_VAB_AUTH setting, then only include code below.
- if (!IS_ENABLED(CONFIG_SPL_BUILD)) {
if(!IS_ENABLED(CONFIG_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE)) {
/** Ensure the OS is always booted from FIT and with* VAB signed certificate*/if (!images->fit_uname_cfg) {printf("Please use FIT with VAB signedimages!\n");
hang();}env_set_hex("fdt_addr", (ulong)images->ft_addr);debug("images->ft_addr = 0x%08lx\n",(ulong)images->ft_addr);
}if (IS_ENABLED(CONFIG_CADENCE_QSPI)) {if (env_get("linux_qspi_enable"))- run_command(env_get("linux_qspi_enable"), 0);
Can always run " linux_qspi_enable" command for all target SOC64? Then can remove linux_qspi_enable from BOOTCOMMAND.
Regards Ley Foon