Hi Stefan, On Thu, Dec 1, 2016 at 10:15 AM, Stefan Roese <s...@denx.de> wrote: > On 23.11.2016 16:12, Mario Six wrote: >> The patch implements secure booting for the mvebu architecture. >> >> This includes: >> - The addition of secure headers and all needed signatures and keys in >> mkimage >> - Commands capable of writing the board's efuses to both write the >> needed cryptographic data and enable the secure booting mechanism >> - The creation of convenience text files containing the necessary >> commands to write the efuses >> >> The KAK and CSK keys are expected to reside in the files kwb_kak.key and >> kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory. >> >> Signed-off-by: Reinhard Pfau <reinhard.p...@gdsys.cc> >> Signed-off-by: Mario Six <mario....@gdsys.cc> > > Thanks Mario, I have to admit that I'm pretty new to this secure booting > support on A38x. So I can't really comment much on the technical details. > I would very much like to see some documentation being added for this > secure boot support on A38x (doc/...). With a more detailed explanation > of this procedure and best one exmaple on how this is done in practice. >
I'll add some documentation in v2. > Please find some more comments below. > >> --- >> Makefile | 3 +- >> arch/arm/mach-mvebu/Kconfig | 20 + >> arch/arm/mach-mvebu/Makefile | 1 + >> arch/arm/mach-mvebu/efuse.c | 293 ++++++++++++ >> arch/arm/mach-mvebu/include/mach/cpu.h | 2 + >> arch/arm/mach-mvebu/include/mach/efuse.h | 71 +++ >> tools/Makefile | 6 +- >> tools/kwbimage.c | 744 >> ++++++++++++++++++++++++++++++- >> tools/kwbimage.h | 37 ++ >> 9 files changed, 1169 insertions(+), 8 deletions(-) >> create mode 100644 arch/arm/mach-mvebu/efuse.c >> create mode 100644 arch/arm/mach-mvebu/include/mach/efuse.h >> >> diff --git a/Makefile b/Makefile >> index 96ddc59..05a38af 100644 >> --- a/Makefile >> +++ b/Makefile >> @@ -938,7 +938,8 @@ MKIMAGEFLAGS_u-boot.kwb = -n >> $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \ >> -T kwbimage -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_TEXT_BASE) >> >> MKIMAGEFLAGS_u-boot-spl.kwb = -n $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \ >> - -T kwbimage -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_TEXT_BASE) >> + -T kwbimage -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_TEXT_BASE) \ >> + $(if $(KEYDIR),-k $(KEYDIR)) >> >> MKIMAGEFLAGS_u-boot.pbl = -n $(srctree)/$(CONFIG_SYS_FSL_PBL_RCW:"%"=%) \ >> -R $(srctree)/$(CONFIG_SYS_FSL_PBL_PBI:"%"=%) -T pblimage >> diff --git a/arch/arm/mach-mvebu/Kconfig b/arch/arm/mach-mvebu/Kconfig >> index 6e8026b..1ca7b52 100644 >> --- a/arch/arm/mach-mvebu/Kconfig >> +++ b/arch/arm/mach-mvebu/Kconfig >> @@ -1,5 +1,9 @@ >> if ARCH_MVEBU >> >> +config HAVE_MVEBU_EFUSE >> + bool >> + default n >> + >> config ARMADA_32BIT >> bool >> select CPU_V7 >> @@ -21,6 +25,7 @@ config ARMADA_375 >> config ARMADA_38X >> bool >> select ARMADA_32BIT >> + select HAVE_MVEBU_EFUSE > > Do you know if this secure boot support provided in this patch (and > the one before it) also supports the Armada XP SoCs? > I just skimmed the Armada XP secure boot process, and it looks strikingly similar to the Armada 38x one. I haven't looked at the details, but I would tentatively say that the process implemented here should work on Armada XP as well. >> config ARMADA_XP >> bool >> @@ -136,4 +141,19 @@ config SYS_VENDOR >> config SYS_SOC >> default "mvebu" >> >> +config MVEBU_EFUSE >> + bool "Enable eFuse support" >> + default n >> + depends on HAVE_MVEBU_EFUSE > > Is this Kconfig option enabled in your board support patch? I can't > find it there. And could you please add a help text to this option > as well? > We're not using the secure boot in production yet, so it's not enabled in the board for now (we'll most likely activate it in a later revision). And I'll add a help text in v2. >> +config MVEBU_EFUSE_FAKE >> + bool "Fake eFuse access (dry run)" >> + default n >> + depends on MVEBU_EFUSE >> + help >> + This enables a "dry run" mode where eFuses are not really programmed. >> + Instead the eFuse accesses are emulated by writing to and reading >> + from a memory block. >> + This is can be used for testing prog scripts. >> + >> endif >> diff --git a/arch/arm/mach-mvebu/Makefile b/arch/arm/mach-mvebu/Makefile >> index 65e90c4..d4210af 100644 >> --- a/arch/arm/mach-mvebu/Makefile >> +++ b/arch/arm/mach-mvebu/Makefile >> @@ -27,6 +27,7 @@ ifndef CONFIG_SPL_BUILD >> obj-$(CONFIG_ARMADA_375) += ../../../drivers/ddr/marvell/axp/xor.o >> obj-$(CONFIG_ARMADA_38X) += ../../../drivers/ddr/marvell/a38x/xor.o >> obj-$(CONFIG_ARMADA_XP) += ../../../drivers/ddr/marvell/axp/xor.o >> +obj-$(CONFIG_MVEBU_EFUSE) += efuse.o >> endif # CONFIG_SPL_BUILD >> obj-y += gpio.o >> obj-y += mbus.o >> diff --git a/arch/arm/mach-mvebu/efuse.c b/arch/arm/mach-mvebu/efuse.c >> new file mode 100644 >> index 0000000..c8d04bf >> --- /dev/null >> +++ b/arch/arm/mach-mvebu/efuse.c >> @@ -0,0 +1,293 @@ >> +/* >> + * Copyright (C) 2015-2016 Reinhard Pfau <reinhard.p...@gdsys.cc> >> + * >> + * SPDX-License-Identifier: GPL-2.0+ >> + */ >> + >> +#include <config.h> >> +#include <common.h> >> +#include <errno.h> >> +#include <asm/io.h> >> +#include <asm/arch/cpu.h> >> +#include <asm/arch/efuse.h> >> +#include <asm/arch/soc.h> >> +#include <linux/mbus.h> >> + >> +#if defined(CONFIG_MVEBU_EFUSE) > > This check should not be needed, as this file only gets compiled if > CONFIG_MVEBU_EFUSE is defined. > Indeed, that's the case. Will be fixed in v2. >> + >> +#if defined(CONFIG_MVEBU_EFUSE_FAKE) >> +#define DRY_RUN >> +#else >> +#undef DRY_RUN >> +#endif >> + >> +#define MBUS_EFUSE_BASE 0xF6000000 >> +#define MBUS_EFUSE_SIZE BIT(20) >> + >> +#define MVEBU_EFUSE_CONTROL (MVEBU_REGISTER(0xE4008)) >> + >> +enum { >> + MVEBU_EFUSE_CTRL_PROGRAM_ENABLE = (1 << 31), >> +}; >> + >> +struct mvebu_hd_efuse { >> + u32 bits_31_0; >> + u32 bits_63_32; >> + u32 bit64; >> + u32 reserved0; >> +}; >> + >> +#ifndef DRY_RUN >> +static struct mvebu_hd_efuse *efuses = >> + (struct mvebu_hd_efuse *)(MBUS_EFUSE_BASE + 0xF9000); >> +#else >> +static struct mvebu_hd_efuse efuses[EFUSE_LINE_MAX + 1]; >> +#endif >> + >> +static int efuse_initialised; >> + >> +static struct mvebu_hd_efuse *get_efuse_line(int nr) >> +{ >> + if (nr < 0 || nr > 63 || !efuse_initialised) >> + return NULL; >> + >> + return efuses + nr; >> +} >> + >> +static void enable_efuse_program(void) >> +{ >> +#ifndef DRY_RUN >> + setbits_le32(MVEBU_EFUSE_CONTROL, MVEBU_EFUSE_CTRL_PROGRAM_ENABLE); >> +#endif >> +} >> + >> +static void disable_efuse_program(void) >> +{ >> +#ifndef DRY_RUN >> + u32 reg = readl(MVEBU_EFUSE_CONTROL); >> + >> + reg &= ~MVEBU_EFUSE_CTRL_PROGRAM_ENABLE; >> + writel(MVEBU_EFUSE_CONTROL, reg); > > clrbits_le32() please. > I apparently converted enable_efuse_program, but forgot disable_efuse program. Will be fixed in v2. >> +#endif >> +} >> + >> +static int do_prog_efuse(struct mvebu_hd_efuse *efuse, >> + struct efuse_val *new_val, u32 mask0, u32 mask1) >> +{ >> + struct efuse_val val; >> + >> + val.dwords.d[0] = readl(&efuse->bits_31_0); >> + val.dwords.d[1] = readl(&efuse->bits_63_32); >> + val.lock = readl(&efuse->bit64); >> + >> + if (val.lock & 1) >> + return -EPERM; >> + >> + val.dwords.d[0] |= (new_val->dwords.d[0] & mask0); >> + val.dwords.d[1] |= (new_val->dwords.d[1] & mask1); >> + val.lock |= new_val->lock; >> + >> + writel(val.dwords.d[0], &efuse->bits_31_0); >> + mdelay(1); >> + writel(val.dwords.d[1], &efuse->bits_63_32); >> + mdelay(1); >> + writel(val.lock, &efuse->bit64); >> + mdelay(5); >> + >> + return 0; >> +} >> + >> +static int prog_efuse(int nr, struct efuse_val *new_val, u32 mask0, u32 >> mask1) >> +{ >> + struct mvebu_hd_efuse *efuse; >> + int res = 0; >> + >> + res = mvebu_efuse_init_hw(); >> + if (res) >> + return res; >> + >> + efuse = get_efuse_line(nr); >> + if (!efuse) >> + return -ENODEV; >> + >> + if (!new_val) >> + return -EINVAL; >> + >> + /* only write a fuse line with lock bit */ >> + if (!new_val->lock) >> + return -EINVAL; >> + >> + /* according to specs ECC protection bits must be 0 on write */ >> + if (new_val->bytes.d[7] & 0xFE) >> + return -EINVAL; >> + >> + if (!new_val->dwords.d[0] && !new_val->dwords.d[1] && (mask0 | mask1)) >> + return 0; >> + >> + enable_efuse_program(); >> + >> + res = do_prog_efuse(efuse, new_val, mask0, mask1); >> + >> + disable_efuse_program(); >> + >> + return res; >> +} >> + >> +int mvebu_efuse_init_hw(void) >> +{ >> + int ret; >> + >> + if (efuse_initialised) >> + return 0; >> + >> + ret = mvebu_mbus_add_window_by_id( >> + CPU_TARGET_SATA23_DFX, 0xA, MBUS_EFUSE_BASE, MBUS_EFUSE_SIZE); >> + >> + if (ret) >> + return ret; >> + >> + efuse_initialised = 1; >> + >> + return 0; >> +} >> + >> +int mvebu_read_efuse(int nr, struct efuse_val *val) >> +{ >> + struct mvebu_hd_efuse *efuse; >> + int res; >> + >> + res = mvebu_efuse_init_hw(); >> + if (res) >> + return res; >> + >> + efuse = get_efuse_line(nr); >> + if (!efuse) >> + return -ENODEV; >> + >> + if (!val) >> + return -EINVAL; >> + >> + val->dwords.d[0] = readl(&efuse->bits_31_0); >> + val->dwords.d[1] = readl(&efuse->bits_63_32); >> + val->lock = readl(&efuse->bit64); >> + return 0; >> +} >> + >> +int mvebu_write_efuse(int nr, struct efuse_val *val) >> +{ >> + return prog_efuse(nr, val, ~0, ~0); >> +} >> + >> +int mvebu_lock_efuse(int nr) >> +{ >> + struct efuse_val val = { >> + .lock = 1, >> + }; >> + >> + return prog_efuse(nr, &val, 0, 0); >> +} >> + >> +#else >> + >> +int mvebu_efuse_init_hw(void) >> +{ >> + return -ENODEV; >> +} >> + >> +int mvebu_read_efuse(int nr, struct efuse_val *val) >> +{ >> + return -ENODEV; >> +} >> + >> +int mvebu_write_efuse(int nr, struct efuse_val *val) >> +{ >> + return -ENODEV; >> +} >> + >> +int mvebu_lock_efuse(int nr) >> +{ >> + return -ENODEV; >> +} >> + >> +#endif >> + >> +/* >> + * wrapper funcs providing the fuse API >> + * >> + * we use the following mapping: >> + * "bank" -> eFuse line >> + * "word" -> 0: bits 0-31 >> + * 1: bits 32-63 >> + * 2: bit 64 (lock) >> + */ >> + >> +static struct efuse_val prog_val; >> +static int valid_prog_words; >> + >> +int fuse_read(u32 bank, u32 word, u32 *val) >> +{ >> + struct efuse_val fuse_line; >> + int res; >> + >> + if (bank < EFUSE_LINE_MIN || bank > EFUSE_LINE_MAX || word > 2) >> + return -EINVAL; >> + >> + res = mvebu_read_efuse(bank, &fuse_line); >> + if (res) >> + return res; >> + >> + if (word < 2) >> + *val = fuse_line.dwords.d[word]; >> + else >> + *val = fuse_line.lock; >> + >> + return res; >> +} >> + >> +int fuse_sense(u32 bank, u32 word, u32 *val) >> +{ >> + /* not supported */ >> + return -ENOSYS; >> +} >> + >> +int fuse_prog(u32 bank, u32 word, u32 val) >> +{ >> + int res = 0; >> + >> + /* >> + * NOTE: Fuse line should be written as whole. >> + * So how can we do that with this API? >> + * For now: remember values for word == 0 and word == 1 and write the >> + * whole line when word == 2. >> + * This implies that we always require all 3 fuse prog cmds (one for >> + * for each word) to write a single fuse line. >> + * Exception is a single write to word 2 which will lock the fuse line. >> + * >> + * Hope that will be OK. >> + */ >> + >> + if (bank < EFUSE_LINE_MIN || bank > EFUSE_LINE_MAX || word > 2) >> + return -EINVAL; >> + >> + if (word < 2) { >> + prog_val.dwords.d[word] = val; >> + valid_prog_words |= (1 << word); >> + } else if ((valid_prog_words & 3) == 0 && val) { >> + res = mvebu_lock_efuse(bank); >> + valid_prog_words = 0; >> + } else if ((valid_prog_words & 3) != 3 || !val) { >> + res = -EINVAL; >> + } else { >> + prog_val.lock = val != 0; >> + res = mvebu_write_efuse(bank, &prog_val); >> + valid_prog_words = 0; >> + } >> + >> + return res; >> +} >> + >> +int fuse_override(u32 bank, u32 word, u32 val) >> +{ >> + /* not supported */ >> + return -ENOSYS; >> +} >> diff --git a/arch/arm/mach-mvebu/include/mach/cpu.h >> b/arch/arm/mach-mvebu/include/mach/cpu.h >> index 66f7680..d241eea 100644 >> --- a/arch/arm/mach-mvebu/include/mach/cpu.h >> +++ b/arch/arm/mach-mvebu/include/mach/cpu.h >> @@ -36,7 +36,9 @@ enum cpu_target { >> CPU_TARGET_ETH01 = 0x7, >> CPU_TARGET_PCIE13 = 0x8, >> CPU_TARGET_SASRAM = 0x9, >> + CPU_TARGET_SATA01 = 0xa, /* A38X */ >> CPU_TARGET_NAND = 0xd, >> + CPU_TARGET_SATA23_DFX = 0xe, /* A38X */ >> }; > > This looks like an unrelated change, perhaps better moved into > a separate patch? > That's what I thought too when I saw this for the first time, but take a look at arch/arm/mach-mvebu/efuse:c:138. To access the efuses, you actually need to add the SATA23_DFX window using mvebu_mbus_add_window_by_id; and the SATA01 enum is then added just for completeness' sake. >> >> enum cpu_attrib { >> diff --git a/arch/arm/mach-mvebu/include/mach/efuse.h >> b/arch/arm/mach-mvebu/include/mach/efuse.h >> new file mode 100644 >> index 0000000..454f6b8 >> --- /dev/null >> +++ b/arch/arm/mach-mvebu/include/mach/efuse.h >> @@ -0,0 +1,71 @@ >> +/* >> + * Copyright (C) 2015 Reinhard Pfau <reinhard.p...@gdsys.cc> > > Only 2015? This might need to get changed in more files, I didn't check > closely. > Reinhard actually wrote the secure boot code last year, and I just rebased and tested it, so that's correct. >> + * >> + * SPDX-License-Identifier: GPL-2.0+ >> + */ >> + >> +#ifndef _MVEBU_EFUSE_H >> +#define _MVEBU_EFUSE_H >> + >> +#include <common.h> >> + >> +struct efuse_val { >> + union { >> + struct { >> + u8 d[8]; >> + } bytes; >> + struct { >> + u16 d[4]; >> + } words; >> + struct { >> + u32 d[2]; >> + } dwords; >> + }; >> + u32 lock; >> +}; >> + >> +#if defined(CONFIG_ARMADA_38X) >> + >> +enum efuse_line { >> + EFUSE_LINE_SECURE_BOOT = 24, >> + EFUSE_LINE_PUBKEY_DIGEST_0 = 26, >> + EFUSE_LINE_PUBKEY_DIGEST_1 = 27, >> + EFUSE_LINE_PUBKEY_DIGEST_2 = 28, >> + EFUSE_LINE_PUBKEY_DIGEST_3 = 29, >> + EFUSE_LINE_PUBKEY_DIGEST_4 = 30, >> + EFUSE_LINE_CSK_0_VALID = 31, >> + EFUSE_LINE_CSK_1_VALID = 32, >> + EFUSE_LINE_CSK_2_VALID = 33, >> + EFUSE_LINE_CSK_3_VALID = 34, >> + EFUSE_LINE_CSK_4_VALID = 35, >> + EFUSE_LINE_CSK_5_VALID = 36, >> + EFUSE_LINE_CSK_6_VALID = 37, >> + EFUSE_LINE_CSK_7_VALID = 38, >> + EFUSE_LINE_CSK_8_VALID = 39, >> + EFUSE_LINE_CSK_9_VALID = 40, >> + EFUSE_LINE_CSK_10_VALID = 41, >> + EFUSE_LINE_CSK_11_VALID = 42, >> + EFUSE_LINE_CSK_12_VALID = 43, >> + EFUSE_LINE_CSK_13_VALID = 44, >> + EFUSE_LINE_CSK_14_VALID = 45, >> + EFUSE_LINE_CSK_15_VALID = 46, >> + EFUSE_LINE_FLASH_ID = 47, >> + EFUSE_LINE_BOX_ID = 48, >> + >> + EFUSE_LINE_MIN = 0, >> + EFUSE_LINE_MAX = 63, >> +}; >> + >> +#endif >> + >> + >> +int mvebu_efuse_init_hw(void); >> + >> +int mvebu_read_efuse(int nr, struct efuse_val *val); >> + >> +int mvebu_write_efuse(int nr, struct efuse_val *val); >> + >> +int mvebu_lock_efuse(int nr); >> + >> + > > Double empty line not needed. > Will remove in v2. >> +#endif >> diff --git a/tools/Makefile b/tools/Makefile >> index 9edb504..887ef77 100644 >> --- a/tools/Makefile >> +++ b/tools/Makefile >> @@ -141,8 +141,12 @@ ifdef CONFIG_SYS_U_BOOT_OFFS >> HOSTCFLAGS_kwbimage.o += -DCONFIG_SYS_U_BOOT_OFFS=$(CONFIG_SYS_U_BOOT_OFFS) >> endif >> >> +ifneq ($(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X),) >> +HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE >> +endif >> + >> # MXSImage needs LibSSL >> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_FIT_SIGNATURE),) >> +ifneq >> ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE),) >> HOSTLOADLIBES_mkimage += \ >> $(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl >> -lcrypto") >> >> diff --git a/tools/kwbimage.c b/tools/kwbimage.c >> index 1bc0102..2d40594 100644 >> --- a/tools/kwbimage.c >> +++ b/tools/kwbimage.c >> @@ -1,30 +1,47 @@ >> /* >> * Image manipulator for Marvell SoCs >> - * supports Kirkwood, Dove, Armada 370, and Armada XP >> + * supports Kirkwood, Dove, Armada 370, Armada XP, and Armada 38x >> * >> * (C) Copyright 2013 Thomas Petazzoni >> * <thomas.petazz...@free-electrons.com> >> * >> * SPDX-License-Identifier: GPL-2.0+ >> * >> - * Not implemented: support for the register headers and secure >> - * headers in v1 images >> + * Not implemented: support for the register headers in v1 images >> */ >> >> #include "imagetool.h" >> #include <limits.h> >> #include <image.h> >> +#include <stdarg.h> >> #include <stdint.h> >> #include "kwbimage.h" >> >> +#ifdef CONFIG_KWB_SECURE >> +#include <openssl/rsa.h> >> +#include <openssl/pem.h> >> +#include <openssl/err.h> >> +#include <openssl/evp.h> >> +#endif >> + >> static struct image_cfg_element *image_cfg; >> static int cfgn; >> +#ifdef CONFIG_KWB_SECURE >> +static int verbose_mode; >> +#endif >> >> struct boot_mode { >> unsigned int id; >> const char *name; >> }; >> >> +/* >> + * SHA2-256 hash >> + */ >> +struct hash_v1 { >> + uint8_t hash[32]; >> +}; >> + >> struct boot_mode boot_modes[] = { >> { 0x4D, "i2c" }, >> { 0x5A, "spi" }, >> @@ -68,6 +85,16 @@ enum image_cfg_type { >> IMAGE_CFG_BINARY, >> IMAGE_CFG_PAYLOAD, >> IMAGE_CFG_DATA, >> + IMAGE_CFG_KAK, >> + IMAGE_CFG_CSK, >> + IMAGE_CFG_CSK_INDEX, >> + IMAGE_CFG_JTAG_DELAY, >> + IMAGE_CFG_BOX_ID, >> + IMAGE_CFG_FLASH_ID, >> + IMAGE_CFG_SEC_COMMON_IMG, >> + IMAGE_CFG_SEC_SPECIALIZED_IMG, >> + IMAGE_CFG_SEC_BOOT_DEV, >> + IMAGE_CFG_SEC_FUSE_DUMP, >> >> IMAGE_CFG_COUNT >> } type; >> @@ -84,6 +111,16 @@ static const char * const id_strs[] = { >> [IMAGE_CFG_BINARY] = "BINARY", >> [IMAGE_CFG_PAYLOAD] = "PAYLOAD", >> [IMAGE_CFG_DATA] = "DATA", >> + [IMAGE_CFG_KAK] = "KAK", >> + [IMAGE_CFG_CSK] = "CSK", >> + [IMAGE_CFG_CSK_INDEX] = "CSK_INDEX", >> + [IMAGE_CFG_JTAG_DELAY] = "JTAG_DELAY", >> + [IMAGE_CFG_BOX_ID] = "BOX_ID", >> + [IMAGE_CFG_FLASH_ID] = "FLASH_ID", >> + [IMAGE_CFG_SEC_COMMON_IMG] = "SEC_COMMON_IMG", >> + [IMAGE_CFG_SEC_SPECIALIZED_IMG] = "SEC_SPECIALIZED_IMG", >> + [IMAGE_CFG_SEC_BOOT_DEV] = "SEC_BOOT_DEV", >> + [IMAGE_CFG_SEC_FUSE_DUMP] = "SEC_FUSE_DUMP" >> }; >> >> struct image_cfg_element { >> @@ -104,6 +141,14 @@ struct image_cfg_element { >> unsigned int nandeccmode; >> unsigned int nandpagesz; >> struct ext_hdr_v0_reg regdata; >> + const char *key_name; >> + int csk_idx; >> + uint8_t jtag_delay; >> + uint32_t boxid; >> + uint32_t flashid; >> + bool sec_specialized_img; >> + unsigned int sec_boot_dev; >> + const char *name; >> }; >> }; >> >> @@ -172,6 +217,32 @@ image_count_options(unsigned int optiontype) >> return count; >> } >> >> +#if defined(CONFIG_KWB_SECURE) >> + >> +static int image_get_csk_index(void) >> +{ >> + struct image_cfg_element *e; >> + >> + e = image_find_option(IMAGE_CFG_CSK_INDEX); >> + if (!e) >> + return -1; >> + >> + return e->csk_idx; >> +} >> + >> +static bool image_get_spezialized_img(void) >> +{ >> + struct image_cfg_element *e; >> + >> + e = image_find_option(IMAGE_CFG_SEC_SPECIALIZED_IMG); >> + if (!e) >> + return false; >> + >> + return e->sec_specialized_img; >> +} >> + >> +#endif >> + >> /* >> * Compute a 8-bit checksum of a memory area. This algorithm follows >> * the requirements of the Marvell SoC BootROM specifications. >> @@ -217,6 +288,493 @@ static uint32_t image_checksum32(void *start, uint32_t >> len) >> return csum; >> } >> >> +#if defined(CONFIG_KWB_SECURE) >> +static void kwb_msg(const char *fmt, ...) >> +{ >> + if (verbose_mode) { >> + va_list ap; >> + >> + va_start(ap, fmt); >> + vfprintf(stdout, fmt, ap); >> + va_end(ap); >> + } >> +} >> + >> +static int openssl_err(const char *msg) >> +{ >> + unsigned long ssl_err = ERR_get_error(); >> + >> + fprintf(stderr, "%s", msg); >> + fprintf(stderr, ": %s\n", >> + ERR_error_string(ssl_err, 0)); >> + >> + return -1; >> +} >> + >> +static int kwb_load_rsa_key(const char *keydir, const char *name, RSA >> **p_rsa) >> +{ >> + char path[PATH_MAX]; >> + RSA *rsa; >> + FILE *f; >> + >> + if (!keydir) >> + keydir = "."; >> + >> + snprintf(path, sizeof(path), "%s/%s.key", keydir, name); >> + f = fopen(path, "r"); >> + if (!f) { >> + fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n", >> + path, strerror(errno)); >> + return -ENOENT; >> + } >> + >> + rsa = PEM_read_RSAPrivateKey(f, 0, NULL, ""); >> + if (!rsa) { >> + openssl_err("Failure reading private key"); >> + fclose(f); >> + return -EPROTO; >> + } >> + fclose(f); >> + *p_rsa = rsa; >> + >> + return 0; >> +} >> + >> +static int kwb_load_cfg_key(struct image_tool_params *params, >> + unsigned int cfg_option, const char *key_name, >> + RSA **p_key) >> +{ >> + struct image_cfg_element *e_key; >> + RSA *key; >> + int res; >> + >> + *p_key = NULL; >> + >> + e_key = image_find_option(cfg_option); >> + if (!e_key) { >> + fprintf(stderr, "%s not configured\n", key_name); >> + return -ENOENT; >> + } >> + >> + res = kwb_load_rsa_key(params->keydir, e_key->key_name, &key); >> + if (res < 0) { >> + fprintf(stderr, "Failed to load %s\n", key_name); >> + return -ENOENT; >> + } >> + >> + *p_key = key; >> + >> + return 0; >> +} >> + >> +static int kwb_load_kak(struct image_tool_params *params, RSA **p_kak) >> +{ >> + return kwb_load_cfg_key(params, IMAGE_CFG_KAK, "KAK", p_kak); >> +} >> + >> +static int kwb_load_csk(struct image_tool_params *params, RSA **p_csk) >> +{ >> + return kwb_load_cfg_key(params, IMAGE_CFG_CSK, "CSK", p_csk); >> +} >> + >> +static int kwb_compute_pubkey_hash(struct pubkey_der_v1 *pk, >> + struct hash_v1 *hash) >> +{ >> + EVP_MD_CTX *ctx; >> + unsigned int key_size; >> + unsigned int hash_size; >> + int ret = 0; >> + >> + if (!pk || !hash || pk->key[0] != 0x30 || pk->key[1] != 0x82) >> + return -EINVAL; >> + >> + key_size = (pk->key[2] << 8) + pk->key[3] + 4; >> + >> + ctx = EVP_MD_CTX_create(); >> + if (!ctx) >> + return openssl_err("EVP context creation failed"); >> + >> + EVP_MD_CTX_init(ctx); >> + if (!EVP_DigestInit(ctx, EVP_sha256())) { >> + ret = openssl_err("Digest setup failed"); >> + goto hash_err_ctx; >> + } >> + >> + if (!EVP_DigestUpdate(ctx, pk->key, key_size)) { >> + ret = openssl_err("Hashing data failed"); >> + goto hash_err_ctx; >> + } >> + >> + if (!EVP_DigestFinal(ctx, hash->hash, &hash_size)) { >> + ret = openssl_err("Could not obtain hash"); >> + goto hash_err_ctx; >> + } >> + >> + EVP_MD_CTX_cleanup(ctx); >> + >> +hash_err_ctx: >> + EVP_MD_CTX_destroy(ctx); >> + return ret; >> +} >> + >> +static int kwb_import_pubkey(RSA **key, struct pubkey_der_v1 *src, char >> *keyname) >> +{ >> + RSA *rsa; >> + const unsigned char *ptr; >> + >> + if (!key || !src) >> + goto fail; >> + >> + ptr = src->key; >> + rsa = d2i_RSAPublicKey(key, &ptr, sizeof(src->key)); >> + if (!rsa) { >> + openssl_err("error decoding public key"); >> + goto fail; >> + } >> + >> + return 0; >> +fail: >> + fprintf(stderr, "Failed to decode %s pubkey\n", keyname); >> + return -EINVAL; >> +} >> + >> +static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE >> *hashf, >> + char *keyname) >> +{ >> + int size_exp, size_mod, size_seq; >> + uint8_t *cur; >> + char *errmsg = "Failed to encode %s\n"; >> + >> + if (!key || !key->e || !key->n || !dst) { >> + fprintf(stderr, "export pk failed: (%p, %p, %p, %p)", >> + key, key->e, key->n, dst); >> + fprintf(stderr, errmsg, keyname); >> + return -EINVAL; >> + } >> + >> + /* >> + * According to the specs, the key should be PKCS#1 DER encoded. >> + * But unfortunately the really required encoding seems to be >> different; >> + * it violates DER...! (But it still conformes to BER.) >> + * (Length always in long form w/ 2 byte length code; no leading zero >> + * when MSB of first byte is set...) >> + * So we cannot use the encoding func provided by OpenSSL and have to >> + * do the encoding manually. >> + */ >> + >> + size_exp = BN_num_bytes(key->e); >> + size_mod = BN_num_bytes(key->n); >> + size_seq = 4 + size_mod + 4 + size_exp; >> + >> + if (size_mod > 256) { >> + fprintf(stderr, "export pk failed: wrong mod size: %d\n", >> + size_mod); >> + fprintf(stderr, errmsg, keyname); >> + return -EINVAL; >> + } >> + >> + if (4 + size_seq > sizeof(dst->key)) { >> + fprintf(stderr, "export pk failed: seq too large (%d, %lu)\n", >> + 4 + size_seq, sizeof(dst->key)); >> + fprintf(stderr, errmsg, keyname); >> + return -ENOBUFS; >> + } >> + >> + cur = dst->key; >> + >> + /* PKCS#1 (RFC3447) RSAPublicKey structure */ >> + *cur++ = 0x30; /* SEQUENCE */ >> + *cur++ = 0x82; >> + *cur++ = (size_seq >> 8) & 0xFF; >> + *cur++ = size_seq & 0xFF; >> + /* Modulus */ >> + *cur++ = 0x02; /* INTEGER */ >> + *cur++ = 0x82; >> + *cur++ = (size_mod >> 8) & 0xFF; >> + *cur++ = size_mod & 0xFF; >> + BN_bn2bin(key->n, cur); >> + cur += size_mod; >> + /* Exponent */ >> + *cur++ = 0x02; /* INTEGER */ >> + *cur++ = 0x82; >> + *cur++ = (size_exp >> 8) & 0xFF; >> + *cur++ = size_exp & 0xFF; >> + BN_bn2bin(key->e, cur); >> + >> + if (hashf) { >> + struct hash_v1 pk_hash; >> + int i; >> + int ret = 0; >> + >> + ret = kwb_compute_pubkey_hash(dst, &pk_hash); >> + if (ret < 0) { >> + fprintf(stderr, errmsg, keyname); >> + return ret; >> + } >> + >> + fprintf(hashf, "SHA256 = "); >> + for (i = 0 ; i < sizeof(pk_hash.hash); ++i) >> + fprintf(hashf, "%02X", pk_hash.hash[i]); >> + fprintf(hashf, "\n"); >> + } >> + >> + return 0; >> +} >> + >> +int kwb_sign(RSA *key, void *data, int datasz, struct sig_v1 *sig, char >> *signame) >> +{ >> + EVP_PKEY *evp_key; >> + EVP_MD_CTX *ctx; >> + unsigned int sig_size; >> + int size; >> + int ret = 0; >> + >> + evp_key = EVP_PKEY_new(); >> + if (!evp_key) >> + return openssl_err("EVP_PKEY object creation failed"); >> + >> + if (!EVP_PKEY_set1_RSA(evp_key, key)) { >> + ret = openssl_err("EVP key setup failed"); >> + goto err_key; >> + } >> + >> + size = EVP_PKEY_size(evp_key); >> + if (size > sizeof(sig->sig)) { >> + fprintf(stderr, "Buffer to small for signature (%d bytes)\n", >> + size); >> + ret = -ENOBUFS; >> + goto err_key; >> + } >> + >> + ctx = EVP_MD_CTX_create(); >> + if (!ctx) { >> + ret = openssl_err("EVP context creation failed"); >> + goto err_key; >> + } >> + EVP_MD_CTX_init(ctx); >> + if (!EVP_SignInit(ctx, EVP_sha256())) { >> + ret = openssl_err("Signer setup failed"); >> + goto err_ctx; >> + } >> + >> + if (!EVP_SignUpdate(ctx, data, datasz)) { >> + ret = openssl_err("Signing data failed"); >> + goto err_ctx; >> + } >> + >> + if (!EVP_SignFinal(ctx, sig->sig, &sig_size, evp_key)) { >> + ret = openssl_err("Could not obtain signature"); >> + goto err_ctx; >> + } >> + >> + EVP_MD_CTX_cleanup(ctx); >> + EVP_MD_CTX_destroy(ctx); >> + EVP_PKEY_free(evp_key); >> + >> + return 0; >> + >> +err_ctx: >> + EVP_MD_CTX_destroy(ctx); >> +err_key: >> + EVP_PKEY_free(evp_key); >> + fprintf(stderr, "Failed to create %s signature\n", signame); >> + return ret; >> +} >> + >> +int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig, >> + char *signame) >> +{ >> + EVP_PKEY *evp_key; >> + EVP_MD_CTX *ctx; >> + int size; >> + int ret = 0; >> + >> + evp_key = EVP_PKEY_new(); >> + if (!evp_key) >> + return openssl_err("EVP_PKEY object creation failed"); >> + >> + if (!EVP_PKEY_set1_RSA(evp_key, key)) { >> + ret = openssl_err("EVP key setup failed"); >> + goto err_key; >> + } >> + >> + size = EVP_PKEY_size(evp_key); >> + if (size > sizeof(sig->sig)) { >> + fprintf(stderr, "Invalid signature size (%d bytes)\n", >> + size); >> + ret = -EINVAL; >> + goto err_key; >> + } >> + >> + ctx = EVP_MD_CTX_create(); >> + if (!ctx) { >> + ret = openssl_err("EVP context creation failed"); >> + goto err_key; >> + } >> + EVP_MD_CTX_init(ctx); >> + if (!EVP_VerifyInit(ctx, EVP_sha256())) { >> + ret = openssl_err("Verifier setup failed"); >> + goto err_ctx; >> + } >> + >> + if (!EVP_VerifyUpdate(ctx, data, datasz)) { >> + ret = openssl_err("Hashing data failed"); >> + goto err_ctx; >> + } >> + >> + if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) { >> + ret = openssl_err("Could not verify signature"); >> + goto err_ctx; >> + } >> + >> + EVP_MD_CTX_cleanup(ctx); >> + EVP_MD_CTX_destroy(ctx); >> + EVP_PKEY_free(evp_key); >> + >> + return 0; >> + >> +err_ctx: >> + EVP_MD_CTX_destroy(ctx); >> +err_key: >> + EVP_PKEY_free(evp_key); >> + fprintf(stderr, "Failed to verify %s signature\n", signame); >> + return ret; >> +} >> + >> +int kwb_sign_and_verify(RSA *key, void *data, int datasz, struct sig_v1 >> *sig, >> + char *signame) >> +{ >> + if (kwb_sign(key, data, datasz, sig, signame) < 0) >> + return -1; >> + >> + if (kwb_verify(key, data, datasz, sig, signame) < 0) >> + return -1; >> + >> + return 0; >> +} >> + >> + >> +int kwb_dump_fuse_cmds_38x(FILE *out, struct secure_hdr_v1 *sec_hdr) >> +{ >> + struct hash_v1 kak_pub_hash; >> + struct image_cfg_element *e; >> + unsigned int fuse_line; >> + int i, idx; >> + uint8_t *ptr; >> + uint32_t val; >> + int ret = 0; >> + >> + if (!out || !sec_hdr) >> + return -EINVAL; >> + >> + ret = kwb_compute_pubkey_hash(&sec_hdr->kak, &kak_pub_hash); >> + if (ret < 0) >> + goto done; >> + >> + fprintf(out, "# burn KAK pub key hash\n"); >> + ptr = kak_pub_hash.hash; >> + for (fuse_line = 26; fuse_line <= 30; ++fuse_line) { >> + fprintf(out, "fuse prog -y %u 0 ", fuse_line); >> + >> + for (i = 4; i-- > 0;) >> + fprintf(out, "%02hx", (ushort)ptr[i]); >> + ptr += 4; >> + fprintf(out, " 00"); >> + >> + if (fuse_line < 30) { >> + for (i = 3; i-- > 0;) >> + fprintf(out, "%02hx", (ushort)ptr[i]); >> + ptr += 3; >> + } else { >> + fprintf(out, "000000"); >> + } >> + >> + fprintf(out, " 1\n"); >> + } >> + >> + fprintf(out, "# burn CSK selection\n"); >> + >> + idx = image_get_csk_index(); >> + if (idx < 0 || idx > 15) { >> + ret = -EINVAL; >> + goto done; >> + } >> + if (idx > 0) { >> + for (fuse_line = 31; fuse_line < 31 + idx; ++fuse_line) >> + fprintf(out, "fuse prog -y %u 0 00000001 00000000 1\n", >> + fuse_line); >> + } else { >> + fprintf(out, "# CSK index is 0; no mods needed\n"); >> + } >> + >> + e = image_find_option(IMAGE_CFG_BOX_ID); >> + if (e) { >> + fprintf(out, "# set box ID\n"); >> + fprintf(out, "fuse prog -y 48 0 %08x 00000000 1\n", e->boxid); >> + } >> + >> + e = image_find_option(IMAGE_CFG_FLASH_ID); >> + if (e) { >> + fprintf(out, "# set flash ID\n"); >> + fprintf(out, "fuse prog -y 47 0 %08x 00000000 1\n", >> e->flashid); >> + } >> + >> + fprintf(out, "# enable secure mode "); >> + fprintf(out, "(must be the last fuse line written)\n"); >> + >> + val = 1; >> + e = image_find_option(IMAGE_CFG_SEC_BOOT_DEV); >> + if (!e) { >> + fprintf(stderr, "ERROR: secured mode boot device not given\n"); >> + ret = -EINVAL; >> + goto done; >> + } >> + >> + if (e->sec_boot_dev > 0xff) { >> + fprintf(stderr, "ERROR: secured mode boot device invalid\n"); >> + ret = -EINVAL; >> + goto done; >> + } >> + >> + val |= (e->sec_boot_dev << 8); >> + >> + fprintf(out, "fuse prog -y 24 0 %08x 0103e0a9 1\n", val); >> + >> + fprintf(out, "# lock (unused) fuse lines (0-23)s\n"); >> + for (fuse_line = 0; fuse_line < 24; ++fuse_line) >> + fprintf(out, "fuse prog -y %u 2 1\n", fuse_line); >> + >> + fprintf(out, "# OK, that's all :-)\n"); >> + >> +done: >> + return ret; >> +} >> + >> +static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr) >> +{ >> + int ret = 0; >> + struct image_cfg_element *e; >> + >> + e = image_find_option(IMAGE_CFG_SEC_FUSE_DUMP); >> + if (!e) >> + return 0; >> + >> + if (!strcmp(e->name, "a38x")) { >> + FILE *out = fopen("kwb_fuses_a38x.txt", "w+"); >> + >> + kwb_dump_fuse_cmds_38x(out, sec_hdr); >> + fclose(out); >> + goto done; >> + } >> + >> + ret = -ENOSYS; >> + >> +done: >> + return ret; >> +} >> + >> +#endif >> + >> static void *image_create_v0(size_t *imagesz, struct image_tool_params >> *params, >> int payloadsz) >> { >> @@ -353,6 +911,14 @@ static size_t image_headersz_v1(int *hasext) >> *hasext = 1; >> } >> >> +#if defined(CONFIG_KWB_SECURE) >> + if (image_get_csk_index() >= 0) { >> + headersz += sizeof(struct secure_hdr_v1); >> + if (hasext) >> + *hasext = 1; >> + } >> +#endif >> + >> #if defined(CONFIG_SYS_U_BOOT_OFFS) >> if (headersz > CONFIG_SYS_U_BOOT_OFFS) { >> fprintf(stderr, >> @@ -448,14 +1014,129 @@ int add_binary_header_v1(uint8_t *cur) >> return 0; >> } >> >> +#if defined(CONFIG_KWB_SECURE) >> + >> +int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr) >> +{ >> + FILE *hashf; >> + int res; >> + >> + hashf = fopen("pub_kak_hash.txt", "w"); >> + >> + res = kwb_export_pubkey(kak, &secure_hdr->kak, hashf, "KAK"); >> + >> + fclose(hashf); >> + >> + return res < 0 ? 1 : 0; >> +} >> + >> +int kwb_sign_csk_with_kak(struct image_tool_params *params, >> + struct secure_hdr_v1 *secure_hdr, RSA *csk) >> +{ >> + RSA *kak = NULL; >> + RSA *kak_pub = NULL; >> + int csk_idx = image_get_csk_index(); >> + struct sig_v1 tmp_sig; >> + >> + if (csk_idx >= 16) { >> + fprintf(stderr, "Invalid CSK index %d\n", csk_idx); >> + return 1; >> + } >> + >> + if (kwb_load_kak(params, &kak) < 0) >> + return 1; >> + >> + if (export_pub_kak_hash(kak, secure_hdr)) >> + return 1; >> + >> + if (kwb_import_pubkey(&kak_pub, &secure_hdr->kak, "KAK") < 0) >> + return 1; >> + >> + if (kwb_export_pubkey(csk, &secure_hdr->csk[csk_idx], NULL, "CSK") < 0) >> + return 1; >> + >> + if (kwb_sign_and_verify(kak, &secure_hdr->csk, >> + sizeof(secure_hdr->csk) + >> + sizeof(secure_hdr->csksig), >> + &tmp_sig, "CSK") < 0) >> + return 1; >> + >> + if (kwb_verify(kak_pub, &secure_hdr->csk, >> + sizeof(secure_hdr->csk) + >> + sizeof(secure_hdr->csksig), >> + &tmp_sig, "CSK (2)") < 0) >> + return 1; >> + >> + secure_hdr->csksig = tmp_sig; >> + >> + return 0; >> +} >> + >> +int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr, >> + int payloadsz, size_t headersz, uint8_t *image, >> + struct secure_hdr_v1 *secure_hdr) >> +{ >> + struct image_cfg_element *e_jtagdelay; >> + struct image_cfg_element *e_boxid; >> + struct image_cfg_element *e_flashid; >> + RSA *csk = NULL; >> + unsigned char *image_ptr; >> + size_t image_size; >> + struct sig_v1 tmp_sig; >> + bool specialized_img = image_get_spezialized_img(); >> + >> + kwb_msg("Create secure header content\n"); >> + >> + e_jtagdelay = image_find_option(IMAGE_CFG_JTAG_DELAY); >> + e_boxid = image_find_option(IMAGE_CFG_BOX_ID); >> + e_flashid = image_find_option(IMAGE_CFG_FLASH_ID); >> + >> + if (kwb_load_csk(params, &csk) < 0) >> + return 1; >> + >> + secure_hdr->headertype = OPT_HDR_V1_SECURE_TYPE; >> + secure_hdr->headersz_msb = 0; >> + secure_hdr->headersz_lsb = cpu_to_le16(sizeof(struct secure_hdr_v1)); >> + if (e_jtagdelay) >> + secure_hdr->jtag_delay = e_jtagdelay->jtag_delay; >> + if (e_boxid && specialized_img) >> + secure_hdr->boxid = cpu_to_le32(e_boxid->boxid); >> + if (e_flashid && specialized_img) >> + secure_hdr->flashid = cpu_to_le32(e_flashid->flashid); >> + >> + if (kwb_sign_csk_with_kak(params, secure_hdr, csk)) >> + return 1; >> + >> + image_ptr = ptr + headersz; >> + image_size = payloadsz - headersz; >> + >> + if (kwb_sign_and_verify(csk, image_ptr, image_size, >> + &secure_hdr->imgsig, "image") < 0) >> + return 1; >> + >> + if (kwb_sign_and_verify(csk, image, headersz, &tmp_sig, "header") < 0) >> + return 1; >> + >> + secure_hdr->hdrsig = tmp_sig; >> + >> + kwb_dump_fuse_cmds(secure_hdr); >> + >> + return 0; >> +} >> +#endif >> + >> static void *image_create_v1(size_t *imagesz, struct image_tool_params >> *params, >> - int payloadsz) >> + uint8_t *ptr, int payloadsz) >> { >> struct image_cfg_element *e; >> struct main_hdr_v1 *main_hdr; >> +#if defined(CONFIG_KWB_SECURE) >> + struct secure_hdr_v1 *secure_hdr = NULL; >> +#endif >> size_t headersz; >> uint8_t *image, *cur; >> int hasext = 0; >> + uint8_t *next_ext = NULL; >> >> /* >> * Calculate the size of the header and the size of the >> @@ -474,7 +1155,9 @@ static void *image_create_v1(size_t *imagesz, struct >> image_tool_params *params, >> memset(image, 0, headersz); >> >> main_hdr = (struct main_hdr_v1 *)image; >> - cur = image + sizeof(struct main_hdr_v1); >> + cur = image; >> + cur += sizeof(struct main_hdr_v1); >> + next_ext = &main_hdr->ext; >> >> /* Fill the main header */ >> main_hdr->blocksize = >> @@ -497,9 +1180,28 @@ static void *image_create_v1(size_t *imagesz, struct >> image_tool_params *params, >> if (e) >> main_hdr->nandbadblklocation = e->nandbadblklocation; >> >> +#if defined(CONFIG_KWB_SECURE) >> + if (image_get_csk_index() >= 0) { >> + /* >> + * only reserve the space here; we fill the header later since >> + * we need the header to be complete to compute the signatures >> + */ >> + secure_hdr = (struct secure_hdr_v1 *)cur; >> + cur += sizeof(struct secure_hdr_v1); >> + next_ext = &secure_hdr->next; >> + } >> +#endif >> + *next_ext = 1; >> + >> if (add_binary_header_v1(cur)) >> return NULL; >> >> +#if defined(CONFIG_KWB_SECURE) >> + if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz, >> + headersz, image, secure_hdr)) >> + return NULL; >> +#endif >> + >> /* Calculate and set the header checksum */ >> main_hdr->checksum = image_checksum8(main_hdr, headersz); >> >> @@ -605,6 +1307,36 @@ static int image_create_config_parse_oneline(char >> *line, >> el->regdata.raddr = strtoul(value1, NULL, 16); >> el->regdata.rdata = strtoul(value2, NULL, 16); >> break; >> + case IMAGE_CFG_KAK: >> + el->key_name = strdup(value1); >> + break; >> + case IMAGE_CFG_CSK: >> + el->key_name = strdup(value1); >> + break; >> + case IMAGE_CFG_CSK_INDEX: >> + el->csk_idx = strtol(value1, NULL, 0); >> + break; >> + case IMAGE_CFG_JTAG_DELAY: >> + el->jtag_delay = strtoul(value1, NULL, 0); >> + break; >> + case IMAGE_CFG_BOX_ID: >> + el->boxid = strtoul(value1, NULL, 0); >> + break; >> + case IMAGE_CFG_FLASH_ID: >> + el->flashid = strtoul(value1, NULL, 0); >> + break; >> + case IMAGE_CFG_SEC_SPECIALIZED_IMG: >> + el->sec_specialized_img = true; >> + break; >> + case IMAGE_CFG_SEC_COMMON_IMG: >> + el->sec_specialized_img = false; >> + break; >> + case IMAGE_CFG_SEC_BOOT_DEV: >> + el->sec_boot_dev = strtoul(value1, NULL, 0); >> + break; >> + case IMAGE_CFG_SEC_FUSE_DUMP: >> + el->name = strdup(value1); >> + break; >> default: >> fprintf(stderr, unknown_msg, line); >> } >> @@ -764,7 +1496,7 @@ static void kwbimage_set_header(void *ptr, struct stat >> *sbuf, int ifd, >> break; >> >> case 1: >> - image = image_create_v1(&headersz, params, sbuf->st_size); >> + image = image_create_v1(&headersz, params, ptr, sbuf->st_size); >> break; >> >> default: >> diff --git a/tools/kwbimage.h b/tools/kwbimage.h >> index e6e3d1d..c31755c 100644 >> --- a/tools/kwbimage.h >> +++ b/tools/kwbimage.h >> @@ -102,6 +102,43 @@ struct opt_hdr_v1 { >> }; >> >> /* >> + * Public Key data in DER format >> + */ >> +struct pubkey_der_v1 { >> + uint8_t key[524]; >> +}; >> + >> +/* >> + * Signature (RSA 2048) >> + */ >> +struct sig_v1 { >> + uint8_t sig[256]; >> +}; >> + >> +/* >> + * Structure of secure header (Armada 38x) >> + */ >> +struct secure_hdr_v1 { >> + uint8_t headertype; /* 0x0 */ >> + uint8_t headersz_msb; /* 0x1 */ >> + uint16_t headersz_lsb; /* 0x2 - 0x3 */ >> + uint32_t reserved1; /* 0x4 - 0x7 */ >> + struct pubkey_der_v1 kak; /* 0x8 - 0x213 */ >> + uint8_t jtag_delay; /* 0x214 */ >> + uint8_t reserved2; /* 0x215 */ >> + uint16_t reserved3; /* 0x216 - 0x217 */ >> + uint32_t boxid; /* 0x218 - 0x21B */ >> + uint32_t flashid; /* 0x21C - 0x21F */ >> + struct sig_v1 hdrsig; /* 0x220 - 0x31F */ >> + struct sig_v1 imgsig; /* 0x320 - 0x41F */ >> + struct pubkey_der_v1 csk[16]; /* 0x420 - 0x24DF */ >> + struct sig_v1 csksig; /* 0x24E0 - 0x25DF */ >> + uint8_t next; /* 0x25E0 */ >> + uint8_t reserved4; /* 0x25E1 */ >> + uint16_t reserved5; /* 0x25E2 - 0x25E3 */ >> +}; >> + >> +/* >> * Various values for the opt_hdr_v1->headertype field, describing the >> * different types of optional headers. The "secure" header contains >> * informations related to secure boot (encryption keys, etc.). The >> > > Thanks, > Stefan > Thanks for the review! Best regards, Mario _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot