| Message ID | 20200610201634.8457-25-trini@konsulko.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Finish some Kconfig migrations | expand |
Hi Tom, > -----Original Message----- > From: Tom Rini <trini at konsulko.com> > Sent: 2020?6?11? 4:16 > To: u-boot at lists.denx.de > Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam > <festevam at gmail.com>; dl-uboot-imx <uboot-imx at nxp.com> > Subject: [EXT] [PATCH 24/30] arm: imx: Finish migration of CONFIG_CSF_SIZE > to Kconfig > > Caution: EXT Email > > While the normal case of CSF_SIZE is handled via Kconfig we have entries in > config headers related to CONFIG_SECURE_BOOT. However in commit > d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with > CONFIG_IMX_HAB") this was renamed to CONFIG_IMX_HAB. Update the > CSF_SIZE entry to have the correct default value if we have IMX_HAB > enabled. > > Cc: Stefano Babic <sbabic at denx.de> > Cc: Fabio Estevam <festevam at gmail.com> > Cc: NXP i.MX U-Boot Team <uboot-imx at nxp.com> > Fixes: d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with > CONFIG_IMX_HAB") > Signed-off-by: Tom Rini <trini at konsulko.com> > --- > arch/arm/mach-imx/Kconfig | 1 + > include/configs/imx8mm_beacon.h | 4 ---- > include/configs/imx8mm_evk.h | 4 ---- > include/configs/imx8mn_evk.h | 4 ---- > include/configs/imx8mp_evk.h | 4 ---- > include/configs/verdin-imx8mm.h | 4 ---- > 6 files changed, 1 insertion(+), 20 deletions(-) > > diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index > 6c3fedf665d6..0648c2725bf8 100644 > --- a/arch/arm/mach-imx/Kconfig > +++ b/arch/arm/mach-imx/Kconfig > @@ -52,6 +52,7 @@ config IMX_HAB > > config CSF_SIZE > hex "Maximum size for Command Sequence File (CSF) binary" > + default 0x2000 if IMX_HAB I suggest using "default 0x2000 if ARCH_IMX8M", because i.MX6/7 may also enable IMX_HAB. Best regards, Ye Li > default 0x2060 > help > Define the maximum size for Command Sequence File (CSF) binary diff - > -git a/include/configs/imx8mm_beacon.h > b/include/configs/imx8mm_beacon.h index 21102d3c14d2..ce3ba7492435 > 100644 > --- a/include/configs/imx8mm_beacon.h > +++ b/include/configs/imx8mm_beacon.h > @@ -9,10 +9,6 @@ > #include <linux/sizes.h> > #include <asm/arch/imx-regs.h> > > -#ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE SZ_8K > -#endif > - > #define CONFIG_SPL_MAX_SIZE (148 * 1024) > #define CONFIG_SYS_MONITOR_LEN SZ_512K > #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR > diff --git a/include/configs/imx8mm_evk.h b/include/configs/imx8mm_evk.h > index 901a1bed6dd1..382ba620ccf4 100644 > --- a/include/configs/imx8mm_evk.h > +++ b/include/configs/imx8mm_evk.h > @@ -10,10 +10,6 @@ > #include <linux/stringify.h> > #include <asm/arch/imx-regs.h> > > -#ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE SZ_8K > -#endif > - > #define CONFIG_SPL_MAX_SIZE (148 * 1024) > #define CONFIG_SYS_MONITOR_LEN SZ_512K > #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR > diff --git a/include/configs/imx8mn_evk.h b/include/configs/imx8mn_evk.h > index a07440c73ba8..4350b5a62aff 100644 > --- a/include/configs/imx8mn_evk.h > +++ b/include/configs/imx8mn_evk.h > @@ -10,10 +10,6 @@ > #include <linux/stringify.h> > #include <asm/arch/imx-regs.h> > > -#ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE SZ_8K > -#endif > - > #define CONFIG_SPL_MAX_SIZE (148 * 1024) > #define CONFIG_SYS_MONITOR_LEN SZ_512K > #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR > diff --git a/include/configs/imx8mp_evk.h b/include/configs/imx8mp_evk.h > index 7f38f21c09c5..9c13235982c6 100644 > --- a/include/configs/imx8mp_evk.h > +++ b/include/configs/imx8mp_evk.h > @@ -10,10 +10,6 @@ > #include <linux/stringify.h> > #include <asm/arch/imx-regs.h> > > -#ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE 0x2000 /* 8K region */ > -#endif > - > #define CONFIG_SPL_MAX_SIZE (152 * 1024) > #define CONFIG_SYS_MONITOR_LEN (512 * 1024) > #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR > diff --git a/include/configs/verdin-imx8mm.h b/include/configs/verdin- > imx8mm.h index ca528598f2f1..878c4996df42 100644 > --- a/include/configs/verdin-imx8mm.h > +++ b/include/configs/verdin-imx8mm.h > @@ -9,10 +9,6 @@ > #include <asm/arch/imx-regs.h> > #include <linux/sizes.h> > > -#ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE SZ_8K > -#endif > - > #define CONFIG_SPL_MAX_SIZE (148 * 1024) > #define CONFIG_SYS_MONITOR_LEN SZ_512K > #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR > -- > 2.17.1
On Thu, Jun 11, 2020 at 05:28:45AM +0000, Ye Li wrote: > Hi Tom, > > > -----Original Message----- > > From: Tom Rini <trini at konsulko.com> > > Sent: 2020?6?11? 4:16 > > To: u-boot at lists.denx.de > > Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam > > <festevam at gmail.com>; dl-uboot-imx <uboot-imx at nxp.com> > > Subject: [EXT] [PATCH 24/30] arm: imx: Finish migration of CONFIG_CSF_SIZE > > to Kconfig > > > > Caution: EXT Email > > > > While the normal case of CSF_SIZE is handled via Kconfig we have entries in > > config headers related to CONFIG_SECURE_BOOT. However in commit > > d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with > > CONFIG_IMX_HAB") this was renamed to CONFIG_IMX_HAB. Update the > > CSF_SIZE entry to have the correct default value if we have IMX_HAB > > enabled. > > > > Cc: Stefano Babic <sbabic at denx.de> > > Cc: Fabio Estevam <festevam at gmail.com> > > Cc: NXP i.MX U-Boot Team <uboot-imx at nxp.com> > > Fixes: d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with > > CONFIG_IMX_HAB") > > Signed-off-by: Tom Rini <trini at konsulko.com> > > --- > > arch/arm/mach-imx/Kconfig | 1 + > > include/configs/imx8mm_beacon.h | 4 ---- > > include/configs/imx8mm_evk.h | 4 ---- > > include/configs/imx8mn_evk.h | 4 ---- > > include/configs/imx8mp_evk.h | 4 ---- > > include/configs/verdin-imx8mm.h | 4 ---- > > 6 files changed, 1 insertion(+), 20 deletions(-) > > > > diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index > > 6c3fedf665d6..0648c2725bf8 100644 > > --- a/arch/arm/mach-imx/Kconfig > > +++ b/arch/arm/mach-imx/Kconfig > > @@ -52,6 +52,7 @@ config IMX_HAB > > > > config CSF_SIZE > > hex "Maximum size for Command Sequence File (CSF) binary" > > + default 0x2000 if IMX_HAB > I suggest using "default 0x2000 if ARCH_IMX8M", because i.MX6/7 may also enable IMX_HAB. So ARCH_IMX8M && IMX_HAB? I would have expected the CSF size to be limited in all cases from the default value due to something security related eating up that 0x60 in overhead. Is that not the case? Thanks!
On Thu, Jun 11, 2020 at 08:11:57AM -0400, Tom Rini wrote: > On Thu, Jun 11, 2020 at 05:28:45AM +0000, Ye Li wrote: > > Hi Tom, > > > > > -----Original Message----- > > > From: Tom Rini <trini at konsulko.com> > > > Sent: 2020?6?11? 4:16 > > > To: u-boot at lists.denx.de > > > Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam > > > <festevam at gmail.com>; dl-uboot-imx <uboot-imx at nxp.com> > > > Subject: [EXT] [PATCH 24/30] arm: imx: Finish migration of CONFIG_CSF_SIZE > > > to Kconfig > > > > > > Caution: EXT Email > > > > > > While the normal case of CSF_SIZE is handled via Kconfig we have entries in > > > config headers related to CONFIG_SECURE_BOOT. However in commit > > > d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with > > > CONFIG_IMX_HAB") this was renamed to CONFIG_IMX_HAB. Update the > > > CSF_SIZE entry to have the correct default value if we have IMX_HAB > > > enabled. > > > > > > Cc: Stefano Babic <sbabic at denx.de> > > > Cc: Fabio Estevam <festevam at gmail.com> > > > Cc: NXP i.MX U-Boot Team <uboot-imx at nxp.com> > > > Fixes: d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with > > > CONFIG_IMX_HAB") > > > Signed-off-by: Tom Rini <trini at konsulko.com> > > > --- > > > arch/arm/mach-imx/Kconfig | 1 + > > > include/configs/imx8mm_beacon.h | 4 ---- > > > include/configs/imx8mm_evk.h | 4 ---- > > > include/configs/imx8mn_evk.h | 4 ---- > > > include/configs/imx8mp_evk.h | 4 ---- > > > include/configs/verdin-imx8mm.h | 4 ---- > > > 6 files changed, 1 insertion(+), 20 deletions(-) > > > > > > diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index > > > 6c3fedf665d6..0648c2725bf8 100644 > > > --- a/arch/arm/mach-imx/Kconfig > > > +++ b/arch/arm/mach-imx/Kconfig > > > @@ -52,6 +52,7 @@ config IMX_HAB > > > > > > config CSF_SIZE > > > hex "Maximum size for Command Sequence File (CSF) binary" > > > + default 0x2000 if IMX_HAB > > I suggest using "default 0x2000 if ARCH_IMX8M", because i.MX6/7 may also enable IMX_HAB. > > So ARCH_IMX8M && IMX_HAB? I would have expected the CSF size to be > limited in all cases from the default value due to something security > related eating up that 0x60 in overhead. Is that not the case? Thanks! Ah, looking at the actual usage now, I get it. I'll make a v2 that has the right ddefault for ARCH_IMX8M and make CSF_SIZE itself depend on IMX_HAB.
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 6c3fedf665d6..0648c2725bf8 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -52,6 +52,7 @@ config IMX_HAB config CSF_SIZE hex "Maximum size for Command Sequence File (CSF) binary" + default 0x2000 if IMX_HAB default 0x2060 help Define the maximum size for Command Sequence File (CSF) binary diff --git a/include/configs/imx8mm_beacon.h b/include/configs/imx8mm_beacon.h index 21102d3c14d2..ce3ba7492435 100644 --- a/include/configs/imx8mm_beacon.h +++ b/include/configs/imx8mm_beacon.h @@ -9,10 +9,6 @@ #include <linux/sizes.h> #include <asm/arch/imx-regs.h> -#ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE SZ_8K -#endif - #define CONFIG_SPL_MAX_SIZE (148 * 1024) #define CONFIG_SYS_MONITOR_LEN SZ_512K #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR diff --git a/include/configs/imx8mm_evk.h b/include/configs/imx8mm_evk.h index 901a1bed6dd1..382ba620ccf4 100644 --- a/include/configs/imx8mm_evk.h +++ b/include/configs/imx8mm_evk.h @@ -10,10 +10,6 @@ #include <linux/stringify.h> #include <asm/arch/imx-regs.h> -#ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE SZ_8K -#endif - #define CONFIG_SPL_MAX_SIZE (148 * 1024) #define CONFIG_SYS_MONITOR_LEN SZ_512K #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR diff --git a/include/configs/imx8mn_evk.h b/include/configs/imx8mn_evk.h index a07440c73ba8..4350b5a62aff 100644 --- a/include/configs/imx8mn_evk.h +++ b/include/configs/imx8mn_evk.h @@ -10,10 +10,6 @@ #include <linux/stringify.h> #include <asm/arch/imx-regs.h> -#ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE SZ_8K -#endif - #define CONFIG_SPL_MAX_SIZE (148 * 1024) #define CONFIG_SYS_MONITOR_LEN SZ_512K #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR diff --git a/include/configs/imx8mp_evk.h b/include/configs/imx8mp_evk.h index 7f38f21c09c5..9c13235982c6 100644 --- a/include/configs/imx8mp_evk.h +++ b/include/configs/imx8mp_evk.h @@ -10,10 +10,6 @@ #include <linux/stringify.h> #include <asm/arch/imx-regs.h> -#ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 /* 8K region */ -#endif - #define CONFIG_SPL_MAX_SIZE (152 * 1024) #define CONFIG_SYS_MONITOR_LEN (512 * 1024) #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR diff --git a/include/configs/verdin-imx8mm.h b/include/configs/verdin-imx8mm.h index ca528598f2f1..878c4996df42 100644 --- a/include/configs/verdin-imx8mm.h +++ b/include/configs/verdin-imx8mm.h @@ -9,10 +9,6 @@ #include <asm/arch/imx-regs.h> #include <linux/sizes.h> -#ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE SZ_8K -#endif - #define CONFIG_SPL_MAX_SIZE (148 * 1024) #define CONFIG_SYS_MONITOR_LEN SZ_512K #define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR
While the normal case of CSF_SIZE is handled via Kconfig we have entries in config headers related to CONFIG_SECURE_BOOT. However in commit d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB") this was renamed to CONFIG_IMX_HAB. Update the CSF_SIZE entry to have the correct default value if we have IMX_HAB enabled. Cc: Stefano Babic <sbabic at denx.de> Cc: Fabio Estevam <festevam at gmail.com> Cc: NXP i.MX U-Boot Team <uboot-imx at nxp.com> Fixes: d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB") Signed-off-by: Tom Rini <trini at konsulko.com> --- arch/arm/mach-imx/Kconfig | 1 + include/configs/imx8mm_beacon.h | 4 ---- include/configs/imx8mm_evk.h | 4 ---- include/configs/imx8mn_evk.h | 4 ---- include/configs/imx8mp_evk.h | 4 ---- include/configs/verdin-imx8mm.h | 4 ---- 6 files changed, 1 insertion(+), 20 deletions(-)