Hi Ley Foon, > -----Original Message----- > From: Tan, Ley Foon <[email protected]> > Sent: Monday, January 18, 2021 3:29 PM > To: Lim, Elly Siew Chin <[email protected]>; [email protected] > Cc: Marek Vasut <[email protected]>; See, Chin Liang > <[email protected]>; Simon Goldschmidt > <[email protected]>; Chee, Tien Fong > <[email protected]>; Westergreen, Dalon > <[email protected]>; Simon Glass <[email protected]>; Gan, Yau > Wai <[email protected]> > Subject: RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > (VAB) > > > > > -----Original Message----- > > From: Lim, Elly Siew Chin <[email protected]> > > Sent: Thursday, January 7, 2021 6:04 PM > > To: [email protected] > > Cc: Marek Vasut <[email protected]>; Tan, Ley Foon > > <[email protected]>; See, Chin Liang <[email protected]>; > > Simon Goldschmidt <[email protected]>; Chee, Tien Fong > > <[email protected]>; Westergreen, Dalon > > <[email protected]>; Simon Glass <[email protected]>; Gan, > > Yau Wai <[email protected]>; Lim, Elly Siew Chin > > <[email protected]> > > Subject: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > > (VAB) > > > > Vendor Authorized Boot is a security feature for authenticating the > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree > > blob and etc loaded from FIT. After those images are loaded from FIT, > > the VAB certificate and signature block appended at the end of each > > image are sent to Secure Device Manager (SDM) for authentication. > > U-Boot will validate the > > SHA384 of the image against the SHA384 hash stored in the VAB > > certificate before sending the image to SDM for authentication. > > > > Signed-off-by: Siew Chin Lim <[email protected]> > > > > --- > > v2 > > --- > > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > > - Changes in secure_vab.c > > - Changed to use SZ_1K for 1024 > > - Updated comment in secure_vab.c of "... the certificate for T" > > - The code will report error before end of the function if reach > > maximum retry. > > - In board_prep_linux function, only execute linux_qspi_enable > > command if it exists in enviroment variable. It is optional. > > --- > > arch/arm/mach-socfpga/Kconfig | 15 ++ > > arch/arm/mach-socfpga/Makefile | 2 + > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ > > arch/arm/mach-socfpga/secure_vab.c | 193 > > +++++++++++++++++++++++ > > common/Kconfig.boot | 2 +- > > 6 files changed, 275 insertions(+), 1 deletion(-) create mode 100644 > > arch/arm/mach-socfpga/include/mach/secure_vab.h > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > > > diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach- > > socfpga/Kconfig index 9b1abdaabd..0c35406232 100644 > > --- a/arch/arm/mach-socfpga/Kconfig > > +++ b/arch/arm/mach-socfpga/Kconfig > > @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET config NR_DRAM_BANKS > > default 1 > > > > +config SOCFPGA_SECURE_VAB_AUTH > > + bool "Enable boot image authentication with Secure Device > > Manager" > > + depends on TARGET_SOCFPGA_AGILEX > > + select FIT_IMAGE_POST_PROCESS > > + select SHA384 > > + select SHA512_ALGO > > + select SPL_FIT_IMAGE_POST_PROCESS > > + help > > + All images loaded from FIT will be authenticated by Secure Device > > + Manager. > > + > > +config SOCFPGA_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE > > + bool "Allow non-FIT VAB signed images" > > + depends on SOCFPGA_SECURE_VAB_AUTH > > + > > config SPL_SIZE_LIMIT > > default 0x10000 if TARGET_SOCFPGA_GEN5 > > > > diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach- > > socfpga/Makefile index 82b681d870..1f1e21766d 100644 > > --- a/arch/arm/mach-socfpga/Makefile > > +++ b/arch/arm/mach-socfpga/Makefile > > @@ -4,6 +4,7 @@ > > # Wolfgang Denk, DENX Software Engineering, [email protected]. > > # > > # Copyright (C) 2012-2017 Altera Corporation <www.altera.com> > > +# Copyright (C) 2017-2020 Intel Corporation <www.intel.com> > > > > obj-y += board.o > > obj-y += clock_manager.o > > @@ -47,6 +48,7 @@ obj-y += mailbox_s10.o > > obj-y += misc_s10.o > > obj-y += mmu-arm64_s10.o > > obj-y += reset_manager_s10.o > > +obj-$(CONFIG_SOCFPGA_SECURE_VAB_AUTH) += secure_vab.o > > obj-y += system_manager_s10.o > > obj-y += timer_s10.o > > obj-y += wrap_pinmux_config_s10.o > > diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h > > b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h > > index 4d783119ea..fbaf11597e 100644 > > --- a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h > > +++ b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h > > @@ -118,6 +118,7 @@ enum ALT_SDM_MBOX_RESP_CODE { > > #define MBOX_RECONFIG_MSEL 7 > > #define MBOX_RECONFIG_DATA 8 > > #define MBOX_RECONFIG_STATUS 9 > > +#define MBOX_VAB_SRC_CERT 11 > > #define MBOX_QSPI_OPEN 50 > > #define MBOX_QSPI_CLOSE 51 > > #define MBOX_QSPI_DIRECT 59 > > diff --git a/arch/arm/mach-socfpga/include/mach/secure_vab.h > > b/arch/arm/mach-socfpga/include/mach/secure_vab.h > > new file mode 100644 > > index 0000000000..42588588e8 > > --- /dev/null > > +++ b/arch/arm/mach-socfpga/include/mach/secure_vab.h > > @@ -0,0 +1,63 @@ > > +/* SPDX-License-Identifier: GPL-2.0 > > + * > > + * Copyright (C) 2020 Intel Corporation <www.intel.com> > > + * > > + */ > > + > > +#ifndef _SECURE_VAB_H_ > > +#define _SECURE_VAB_H_ > > + > > +#include <linux/sizes.h> > > +#include <linux/stddef.h> > > +#include <u-boot/sha512.h> > > + > > +#define VAB_DATA_SZ 64 > > + > > +#define SDM_CERT_MAGIC_NUM 0x25D04E7F > > +#define FCS_HPS_VAB_MAGIC_NUM 0xD0564142 > > + > > +#define MAX_CERT_SIZE (SZ_4K) > > + > > +/* > > + * struct fcs_hps_vab_certificate_data > > + * @vab_cert_magic_num: VAB Certificate Magic Word (0xD0564142) > > + * @flags: TBD > > + * @fcs_data: Data words being certificate signed. > > + * @cert_sign_keychain: Certificate Signing Keychain */ struct > > +fcs_hps_vab_certificate_data { > > + u32 vab_cert_magic_num; /* offset 0x10 */ > > + u32 flags; > > + u8 rsvd0_1[8]; > > + u8 fcs_sha384[SHA384_SUM_LEN]; /* offset 0x20 */ > > +}; > > + > > +/* > > + * struct fcs_hps_vab_certificate_header > > + * @cert_magic_num: Certificate Magic Word (0x25D04E7F) > > + * @cert_data_sz: size of this certificate header (0x80) > > + * Includes magic number all the way to the certificate > > + * signing keychain (excludes cert. signing keychain) > > + * @cert_ver: Certificate Version > > + * @cert_type: Certificate Type > > + * @data: VAB HPS Image Certificate data */ struct > > +fcs_hps_vab_certificate_header { > > + u32 cert_magic_num; /* offset 0 */ > > + u32 cert_data_sz; > > + u32 cert_ver; > > + u32 cert_type; > > + struct fcs_hps_vab_certificate_data d; /* offset 0x10 */ > > + /* keychain starts at offset 0x50 */ }; > > + > > +#define VAB_CERT_HEADER_SIZE sizeof(struct > > fcs_hps_vab_certificate_header) > > +#define VAB_CERT_MAGIC_OFFSET offsetof \ > > + (struct fcs_hps_vab_certificate_header, d) > > +#define VAB_CERT_FIT_SHA384_OFFSET offsetof \ > > + (struct fcs_hps_vab_certificate_data, > > \ > > + fcs_sha384[0]) > > + > > +int socfpga_vendor_authentication(void **p_image, size_t *p_size); > > + > > +#endif /* _SECURE_VAB_H_ */ > > diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach- > > socfpga/secure_vab.c new file mode 100644 index 0000000000..ea1109611a > > --- /dev/null > > +++ b/arch/arm/mach-socfpga/secure_vab.c > > @@ -0,0 +1,193 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +/* > > + * Copyright (C) 2020 Intel Corporation <www.intel.com> > > + * > > + */ > > + > > +#include <common.h> > Sort alphanumerically. > > > +#include <asm/arch/mailbox_s10.h> > > +#include <asm/arch/secure_vab.h> > > +#include <asm/arch/smc_api.h> > > +#include <asm/unaligned.h> > > +#include <exports.h> > > +#include <hang.h> > > +#include <image.h> > > +#include <linux/errno.h> > > +#include <linux/intel-smc.h> > > +#include <log.h> > > + > > + /* > > + * Compare the SHA384 found in certificate against the SHA384 > > + * calculated from image > > + */ > > + if (memcmp(hash384, cert_hash_ptr, SHA384_SUM_LEN)) { > > + puts("SHA384 not match!\n"); > > + return -EKEYREJECTED; > > + } > > + > > + mbox_data_addr = img_addr + img_sz - sizeof(u32); > > + /* Size in word (32bits) */ > > + mbox_data_sz = (ALIGN(*p_size - img_sz, 4)) >> 2; > Change 4 to sizeof(). > > > [...] > > > + > > + debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp, > > + resp_len); > > + > > + if (ret) { > > + /* > > + * Unsupported mailbox command or device not in the > > + * owned/secure state > > + */ > > + if (ret == MBOX_RESP_UNKNOWN || > > + ret == > > MBOX_RESP_NOT_ALLOWED_UNDER_SECURITY_SETTINGS) { > > + /* SDM bypass authentication */ > > + printf("%s 0x%016llx (%ld bytes)\n", > > + "Image Authentication bypassed at address", > > + img_addr, img_sz); > > + return 0; > > + } > Should we continue boot if MBOX_RESP_UNKNOWN? That mean user can > bypass authentication when mailbox error? >
Yes, per my understand from Jeremy before, we should allow HPS to boot if the FW is old version which does not support VAB. > > Regards > Ley Foon
