[U-Boot] [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com --- Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT + bool "Support Flattened Image Tree within SPL" + depends on FIT + depends on SPL + config FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within SPL" + depends on SPL_FIT + depends on SPL_DM + select SPL_RSA + config FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw, + .flags = DM_FLAG_PRE_RELOC, };
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o + obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA + bool "Use RSA Library within SPL" + depends on RSA + if RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
May be you can use CONFIG_SPL_VERIFIED_BOOT?
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
- bool "Support Flattened Image Tree within SPL"
- depends on FIT
- depends on SPL
config FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
- bool "Enable signature verification of FIT firmware within SPL"
- depends on SPL_FIT
- depends on SPL_DM
- select SPL_RSA
config FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
- .flags = DM_FLAG_PRE_RELOC,
};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
- bool "Use RSA Library within SPL"
- depends on RSA
if RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Hi Sumit!
On Sun, May 29, 2016 at 10:32 PM, Sumit Garg sumit.garg@nxp.com wrote:
Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option.
This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and concise as possible.
Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :)
May be you can use CONFIG_SPL_VERIFIED_BOOT?
In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE.
Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :)
If that's the case, this patch is NOT the place to perform that refactor/rename. Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed.
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
bool "Support Flattened Image Tree within SPL"depends on FITdepends on SPLconfig FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"depends on SPL_FITdepends on SPL_DMselect SPL_RSAconfig FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
bool "Use RSA Library within SPL"depends on RSAif RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Take care!
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Tuesday, May 31, 2016 2:23 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
Hi Sumit!
On Sun, May 29, 2016 at 10:32 PM, Sumit Garg sumit.garg@nxp.com wrote:
Can you make this support more generic as you have used only
CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option.
This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and concise as possible.
Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :)
May be you can use CONFIG_SPL_VERIFIED_BOOT?
In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE.
Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :)
If that's the case, this patch is NOT the place to perform that refactor/rename. Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed.
Yeah you are correct this patch is not meant for refactoring. So rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA & CONFIG_SPL_HASH_SUPPORT for our platform and skip CONFIG_SPL_FIT_SIGNATURE.
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
bool "Support Flattened Image Tree within SPL"depends on FITdepends on SPLconfig FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"depends on SPL_FITdepends on SPL_DMselect SPL_RSAconfig FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
bool "Use RSA Library within SPL"depends on RSAif RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Take care!
Teddy Reed V
Sorry for late response. I will try to rebase my patches using this patch. Also let me know should I send those patches in parallel with this patch or wait for acceptance of this patch?
Best regards, Sumit
On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg sumit.garg@nxp.com wrote:
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Tuesday, May 31, 2016 2:23 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
Hi Sumit!
On Sun, May 29, 2016 at 10:32 PM, Sumit Garg sumit.garg@nxp.com wrote:
Can you make this support more generic as you have used only
CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option.
This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and concise as possible.
Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :)
May be you can use CONFIG_SPL_VERIFIED_BOOT?
In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE.
Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :)
If that's the case, this patch is NOT the place to perform that refactor/rename. Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed.
Yeah you are correct this patch is not meant for refactoring. So rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA & CONFIG_SPL_HASH_SUPPORT for our platform and skip CONFIG_SPL_FIT_SIGNATURE.
Ok, sounds like a plan. :)
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
bool "Support Flattened Image Tree within SPL"depends on FITdepends on SPLconfig FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"depends on SPL_FITdepends on SPL_DMselect SPL_RSAconfig FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
bool "Use RSA Library within SPL"depends on RSAif RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Take care!
Teddy Reed V
Sorry for late response. I will try to rebase my patches using this patch. Also let me know should I send those patches in parallel with this patch or wait for acceptance of this patch?
Either way, I think a rebase will not have any dependencies (ideally), but you also wont have any verified boot in SPL until [1] lands. :)
I have not seen any changes/clarifications requested. And I think Simon usually pulls in verified boot changes into his custodian -fdt tree. But I am very new to U-Boot development.
[1] https://patchwork.ozlabs.org/patch/627664/
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Monday, June 06, 2016 2:58 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com; york sun york.sun@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg sumit.garg@nxp.com wrote:
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Tuesday, May 31, 2016 2:23 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
Hi Sumit!
On Sun, May 29, 2016 at 10:32 PM, Sumit Garg sumit.garg@nxp.com
wrote:
Can you make this support more generic as you have used only
CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option.
This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and
concise as possible.
Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :)
May be you can use CONFIG_SPL_VERIFIED_BOOT?
In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE.
Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :)
If that's the case, this patch is NOT the place to perform that
refactor/rename.
Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed.
Yeah you are correct this patch is not meant for refactoring. So rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA
&
CONFIG_SPL_HASH_SUPPORT for our platform and skip
CONFIG_SPL_FIT_SIGNATURE.
Ok, sounds like a plan. :)
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
bool "Support Flattened Image Tree within SPL"depends on FITdepends on SPLconfig FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"depends on SPL_FITdepends on SPL_DMselect SPL_RSAconfig FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
endif #
!CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
bool "Use RSA Library within SPL"depends on RSAif RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Take care!
Teddy Reed V
Sorry for late response. I will try to rebase my patches using this patch. Also let me know should I send those patches in parallel with this patch or wait for acceptance of this patch?
Either way, I think a rebase will not have any dependencies (ideally), but you also wont have any verified boot in SPL until [1] lands. :)
I have not seen any changes/clarifications requested. And I think Simon usually pulls in verified boot changes into his custodian -fdt tree. But I am very new to U-Boot development.
[1] https://patchwork.ozlabs.org/patch/627664/
-- Teddy Reed V
York
Can you accept this patch in your tree as my other patches [1] and [2] have dependency on this patch?
[1] https://patchwork.ozlabs.org/patch/628987/ [2] https://patchwork.ozlabs.org/patch/628971/
Sumit Garg
Hi Teddy,
Can you please rebase this patch on upstream?
Tom,
I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch.
So my work is being affected, can you please merge this patch, if it is matured enough?
[1] https://patchwork.ozlabs.org/patch/628987/ [2] https://patchwork.ozlabs.org/patch/628971/
Thanks and regards, Sumit
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Monday, June 06, 2016 2:58 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com; york sun york.sun@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg sumit.garg@nxp.com wrote:
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Tuesday, May 31, 2016 2:23 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
Hi Sumit!
On Sun, May 29, 2016 at 10:32 PM, Sumit Garg sumit.garg@nxp.com
wrote:
Can you make this support more generic as you have used only
CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option.
This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and
concise as possible.
Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :)
May be you can use CONFIG_SPL_VERIFIED_BOOT?
In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE.
Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :)
If that's the case, this patch is NOT the place to perform that
refactor/rename.
Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed.
Yeah you are correct this patch is not meant for refactoring. So rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA
&
CONFIG_SPL_HASH_SUPPORT for our platform and skip
CONFIG_SPL_FIT_SIGNATURE.
Ok, sounds like a plan. :)
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
bool "Support Flattened Image Tree within SPL"depends on FITdepends on SPLconfig FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"depends on SPL_FITdepends on SPL_DMselect SPL_RSAconfig FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
endif #
!CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
bool "Use RSA Library within SPL"depends on RSAif RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Take care!
Teddy Reed V
Sorry for late response. I will try to rebase my patches using this patch. Also let me know should I send those patches in parallel with this patch or wait for acceptance of this patch?
Either way, I think a rebase will not have any dependencies (ideally), but you also wont have any verified boot in SPL until [1] lands. :)
I have not seen any changes/clarifications requested. And I think Simon usually pulls in verified boot changes into his custodian -fdt tree. But I am very new to U-Boot development.
[1] https://patchwork.ozlabs.org/patch/627664/
-- Teddy Reed V
On Wed, Jun 8, 2016 at 11:45 PM, Sumit Garg sumit.garg@nxp.com wrote:
Hi Teddy,
Can you please rebase this patch on upstream?
Sure! If there are any changes needed I can send a new patch version by EOD and will CC you.
Tom,
I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch.
So my work is being affected, can you please merge this patch, if it is matured enough?
[1] https://patchwork.ozlabs.org/patch/628987/ [2] https://patchwork.ozlabs.org/patch/628971/
Thanks and regards, Sumit
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Monday, June 06, 2016 2:58 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com; york sun york.sun@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg sumit.garg@nxp.com wrote:
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Tuesday, May 31, 2016 2:23 AM To: Sumit Garg sumit.garg@nxp.com Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
Hi Sumit!
On Sun, May 29, 2016 at 10:32 PM, Sumit Garg sumit.garg@nxp.com
wrote:
Can you make this support more generic as you have used only
CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option.
This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and
concise as possible.
Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :)
May be you can use CONFIG_SPL_VERIFIED_BOOT?
In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE.
Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :)
If that's the case, this patch is NOT the place to perform that
refactor/rename.
Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed.
Yeah you are correct this patch is not meant for refactoring. So rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA
&
CONFIG_SPL_HASH_SUPPORT for our platform and skip
CONFIG_SPL_FIT_SIGNATURE.
Ok, sounds like a plan. :)
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
-----Original Message----- From: Teddy Reed [mailto:teddy.reed@gmail.com] Sent: Sunday, May 29, 2016 7:28 AM To: u-boot@lists.denx.de Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg sumit.garg@nxp.com Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature.
+config SPL_FIT
bool "Support Flattened Image Tree within SPL"depends on FITdepends on SPLconfig FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY.
+config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"depends on SPL_FITdepends on SPL_DMselect SPL_RSAconfig FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
endif #
!CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,};
U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
+obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option.
+config SPL_RSA
bool "Use RSA Library within SPL"depends on RSAif RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ #
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o -- 2.7.4
Take care!
Teddy Reed V
Sorry for late response. I will try to rebase my patches using this patch. Also let me know should I send those patches in parallel with this patch or wait for acceptance of this patch?
Either way, I think a rebase will not have any dependencies (ideally), but you also wont have any verified boot in SPL until [1] lands. :)
I have not seen any changes/clarifications requested. And I think Simon usually pulls in verified boot changes into his custodian -fdt tree. But I am very new to U-Boot development.
[1] https://patchwork.ozlabs.org/patch/627664/
-- Teddy Reed V
On Thu, Jun 09, 2016 at 09:36:18AM -0700, Teddy Reed wrote:
On Wed, Jun 8, 2016 at 11:45 PM, Sumit Garg sumit.garg@nxp.com wrote:
Hi Teddy,
Can you please rebase this patch on upstream?
Sure! If there are any changes needed I can send a new patch version by EOD and will CC you.
Hi Teddy, Yes it needs rebasing, it doesn't apply cleanly anymore to the latest master. Otherwise it looks pretty good. I still wish we could get by without CONFIG_SPL_DM but let's take one step at a time ;)
Acked-by: Andreas Dannenberg dannenberg@ti.com
Thanks, Andreas
On Thu, Jun 09, 2016 at 06:45:58AM +0000, Sumit Garg wrote:
Hi Teddy,
Can you please rebase this patch on upstream?
Tom,
I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch.
So my work is being affected, can you please merge this patch, if it is matured enough?
[1] https://patchwork.ozlabs.org/patch/628987/ [2] https://patchwork.ozlabs.org/patch/628971/
I'm testing v2 now, thanks!
Hi Teddy,
On 28 May 2016 at 18:58, Teddy Reed teddy.reed@gmail.com wrote:
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation.
The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed teddy.reed@gmail.com Cc: Simon Glass sjg@chromium.org Cc: Andreas Dannenberg dannenberg@ti.com
Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)
Acked-by: Simon Glass sjg@chromium.org
participants (5)
-
dannenberg@ti.com -
Simon Glass -
Sumit Garg -
Teddy Reed -
Tom Rini