On 08/02/18 12:43, Jagan Teki wrote:
On Fri, Jan 12, 2018 at 6:09 PM, Bryan O'Donoghue
<bryan.odonog...@linaro.org> wrote:
v6:
- Added patch 21/25 return zero on open (unlocked) board when
   calling authenticate_image() - Breno

- Added Tested-by: Breno Matheus Lima <brenomath...@gmail.com>
   as indicated for remainder 24/25 patches

- Added Reviewed-by: Fabio Estevam <fabio.este...@nxp.com>
   as indicated for remainder 24/25 patches

v5:
- Drop dcache disable across HAB call.
   We can't replicate this error on the current codebase and the available
   images. We'll have to wait for the error to crop up again before pushing
   that patch any further.

v4:
- No change mixed extra patches @ v3 unnoticed with previous
   git-send

v3:
- Only call into ROM if headers are verified. - Bryan

- Print HAB event log if and only if a call was made to HAB
   and a meaningful status code has been obtained. - Breno

v2:
- Fix compilation warnings and errors in SPL highlighted by
   Breno Matheus Lima

- Add CC: Breno Matheus Lima <brenomath...@gmail.com> to all patches

v1:
This patchset updates the i.MX HAB layer in u-boot to fix a list of
identified issues and then to add and extend existing functionality.

The first block of patches 0001-0006 deal with fixing existing code,

- Fixes indentation
- Fixes the treatment of input parameters to hab_auth_image.

The second block of patches 0007-0013 are about tidying up the HAB code

- Remove reliance on hard-coding to specific offsets
- IVT header drives locating CSF
- Continue to support existing boards

Patches 0014 onwards extend out the HAB functionality.

- hab_rvt_check_target is a recommended check in the NXP documents to
   perform prior to hab_rvt_authenticate_image
- hab_rvt_failsafe is a useful function to set the board into BootROM
   USB recovery mode.



Bryan O'Donoghue (25):
   arm: imx: hab: Make authenticate_image return int
   arm: imx: hab: Fix authenticate_image result code
   arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
   arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
   arm: imx: hab: Move IVT_SIZE to hab.h
   arm: imx: hab: Move CSF_PAD_SIZE to hab.h
   arm: imx: hab: Fix authenticate_image input parameters
   arm: imx: hab: Add IVT header definitions
   arm: imx: hab: Add IVT header verification
   arm: imx: hab: Verify IVT self matches calculated address
   arm: imx: hab: Only call ROM once headers are verified
   arm: imx: hab: Print CSF based on IVT descriptor
   arm: imx: hab: Print additional IVT elements during debug
   arm: imx: hab: Define rvt_check_target()
   arm: imx: hab: Implement hab_rvt_check_target
   arm: imx: hab: Add a hab_rvt_check_target to image auth
   arm: imx: hab: Print HAB event log only after calling ROM
   arm: imx: hab: Make internal functions and data static
   arm: imx: hab: Prefix authenticate_image with imx_hab
   arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
   arm: imx: hab: Make authenticate_image() return zero on open boards
   arm: imx: hab: Make imx_hab_is_enabled global
   arm: imx: hab: Define rvt_failsafe()
   arm: imx: hab: Implement hab_rvt_failsafe
   arm: imx: hab: Add hab_failsafe console command

  arch/arm/include/asm/mach-imx/hab.h |  46 +++-
  arch/arm/mach-imx/hab.c             | 461 +++++++++++++++++++++---------------
  arch/arm/mach-imx/spl.c             |  38 ++-
  3 files changed, 354 insertions(+), 191 deletions(-)

I tried Secure boot before[1] with SPL and U-Boot proper and work well.

I'm observing authentication issue while loading U-Boot proper, U-Boot
proper now have features like SPL DM and SPL FIT etc

U-Boot SPL 2018.03-rc1-00182-gb81f7c9 (Feb 08 2018 - 17:19:03 +0530)
Trying to boot from MMC1
Expected Linux image is not found. Trying to start U-boot

Authenticate image from DDR location 0x17800000...
bad magic magic=0xb8 length=0x841b version=0x17
bad length magic=0xb8 length=0x841b version=0x17
bad version magic=0xb8 length=0x841b version=0x17
spl: ERROR:  image authentication unsuccessful
### ERROR ### Please RESET the board ###

Please let me know where I missed, I'm authenticating SPL and
u-boot-dtb.img now.

Can you send

1. The load address of the binary
2. The command you are using for authenticate image ?

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Reply via email to