From patchwork Fri Mar 30 14:18:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 132608 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3097069ljb; Fri, 30 Mar 2018 07:18:59 -0700 (PDT) X-Google-Smtp-Source: AIpwx49duf74xNKs8LPxda83VkwXHZTDCpUMVBo07LHAkLDLY9ddmQQpj20kfEzxQFHS6BeMuB+K X-Received: by 10.80.234.204 with SMTP id u12mr3132964edp.130.1522419539640; Fri, 30 Mar 2018 07:18:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522419539; cv=none; d=google.com; s=arc-20160816; b=kIPVfuZx1Zth01E5nK1jhM3RWfgXWgaSc6HOYO3Z8B7gVVwRw6+cm8Bd76qcfwQ8Nc BGZo7hwpRvjLWCnUYfjJoK6/oqrCRoFw1B6Qpidu1zoGr2VUuB4rfCn3obJIj4fke27d oKHgezhzRSAqIUEO7lfn0hzq2fMLZp9ie3qr3+Q4MP4yGRK4x+YRlUpwZe99Q1j7YQI6 6kMVbzjSjl3qEql8nyNuYMfiWYGuaJJoB/4SyH4XIILW61AhRkAzJAMq8D8lJGa9EKy4 aphBJfIJS7Cc5VLK7sbRjQu+gJ4e6AdybuAHuDHpSAsZWP9UVLESxg2OrOyZuw4gg5U8 mDOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:arc-authentication-results; bh=KQNjOJ2FHduIyWKM/oa1LYtTMwBt1FdhPK931YPRCJE=; b=J1vEz2ZVlXQZD4MuPjXuJ5agZTSSTtkblgMHfKdMPVKdVm+p7IRKKi6Uuw7eOENeKF iPQWsSlWQy1H9rfWlB2vbUoXsta3Zk3+RPUH8d9M5YtwXrPFJlBo70hR+kJrGADqeeLB HrdbQFm7fry7y7qPP/ttm4TKQK9zUdbMa6HKREBUbj+Y+w90BO91RWRXFtsNP4IQ107L EfNZHxl5FOcS9gfWNEQHMp80TexYz1dKywOEYGv606ZRj73hJJxWAd/4AO9rd6uNAMmh mD3V7UXADa32pKxQ2+jBxLQGbc2Wy2TIyOmjzyAOn3DrDkoCiOYcEEqGk9leaQA1Ug3k jEXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=dKOJdOcv; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id v1si1302672edm.114.2018.03.30.07.18.59; Fri, 30 Mar 2018 07:18:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=dKOJdOcv; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 1A890C221D2; Fri, 30 Mar 2018 14:18:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 60B5BC2216C; Fri, 30 Mar 2018 14:18:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0C30BC2216C; Fri, 30 Mar 2018 14:18:50 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id B193CC21E96 for ; Fri, 30 Mar 2018 14:18:49 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id h76so15896876wme.4 for ; Fri, 30 Mar 2018 07:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=YbkdphpPechBp6m8RBigC+uZpiC1c2w8LLKKqtIBJ+Q=; b=dKOJdOcv3sXMfyJVJ25XeZKtjV3TAXMRTlEuiK2aZh7yi8gVTjjSJUqWJn0FzUcdVr Aeire2D2IAX3dh7OHAYMBH//W9yE66wm0jX7Ovldq3VgK5pAaCLdeXdFslvmEC6cjgzs oqsNqSMXmaIsyLa3LigG9PxeGVvlmaUVCzS74= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=YbkdphpPechBp6m8RBigC+uZpiC1c2w8LLKKqtIBJ+Q=; b=jikLVxKJRXNqdiCUJ6Z34aPijtArY2MLibH327X7QVPX0a0tCPITKXuk0Kc8T9ebNE oREM1uVCUwZJ7WY39rM+/5Ww5+mt6ohvb6DXTw9lHql/IYpE8xbrKCONxdl3nEGB/IWZ L0CjXQV2Eb3UezNK1Dxs9dJsmEEKwuuRXcMZV15zCPiei3dYRwTjAToWpXGTSJXX4Iz5 RC2px4giPRz35a+Jm49oaanpI3vYLbYG4ugpu6U7AYioS22rFx1E4vxvRMI1aTOsackz CvmD9dbImBJBj8QO3gVmrZ96xtJRDQUMSfqWTJUBxFwHkQzFzTZuqFz+BjEcFdrSc2fo 4njQ== X-Gm-Message-State: AElRT7H+xvN4LZWwNtcdegZ9oqh7X2CXedTmWOSo+/bUwnx53aG7EbUI XpjC+GXZIioGDW2sQD9hTCjusyOuvaA= X-Received: by 10.80.250.1 with SMTP id b1mr3062264edq.157.1522419529068; Fri, 30 Mar 2018 07:18:49 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d22sm5831758eda.31.2018.03.30.07.18.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 30 Mar 2018 07:18:48 -0700 (PDT) From: Bryan O'Donoghue To: u-boot@lists.denx.de, fabio.estevam@nxp.com Date: Fri, 30 Mar 2018 15:18:28 +0100 Message-Id: <1522419526-29494-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 Cc: rui.silva@linaro.org, paul.liu@linaro.org Subject: [U-Boot] [PATCH 00/18] warp7: Enable automated OPTEE/HAB boot flow X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This series enables an automated HAB verified secure boot which chain-loads via OPTEE see `git show 5cf3251..c225e7c` for details. This set depends on three in-flight patchsets 1. [PATCH v3 0/3] NXP WaARP7 set serial# from OTP fuses for USB iSerial Already has a Reviewed-by from Fabio 2. [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth Has a Reviewed-by: from Breno 3. [PATCH] configs: warp7: Fix CAAM on boot with tip-of-tree I'm trying not to make this cover email too long. So - once this set is applied it is possible to boot from the BootROM using HAB to verify - u-boot - boot.scr - Kernel - DTB Chainload via OPTEE and boot up to Linux. If there is a HAB failure at any stage of the process we force-drop down to the USB HID failover mode, from which we can send up a recovery image to unblock. I've run the WaRP7 default u-boot and this new version on NXP's reference yocto image and verified that that yocto image boots with both versions of the WaRP7 -> warp7_defconfig and warp7_secure_defconfig. http://freescale.github.io/#download -> BoardsWaRPboard community - WaRP - Wearable Reference PlatformFSL Community BSP 2.3fsl-image-multimediawayland In addition the modifications targeting warp7_secure_defconfig mean it is possible to chain-load via OPTEE using scripted HAB to verify images prior to exiting the u-boot domain. Here is an example of the scripting we are doing which shows further reuse of shell functions introduced in previous patches. #### Example secure-boot boot.scr.imx-signed #### # This section is responsbile for loading a signed Linux kernel setenv image_signed zImage.imx-signed if test ${hab_enabled} -eq 1; then setexpr hab_ivt_addr ${loadaddr} - ${ivt_offset} ${loadcmd} mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${image_signed} run warp7_auth_or_fail else run loadimage; fi # This section is responsbile for loading a signed FDT image setenv fdt_file_signed imx7s-warp.dtb.imx-signed if test ${hab_enabled} -eq 1; then setexpr hab_ivt_addr ${fdt_addr} - ${ivt_offset} ${loadcmd} mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${fdt_file_signed} run warp7_auth_or_fail else run loadfdt; fi # Set the filesystem type and partition target setenv loadcmd ext4load # Boot from rootfs1 by default setenv mmcpart 3 # But if the rootfs2 file exists in partition 2, boot from rootfs2 ext4size mmc 0:2 rootfs2 && setenv mmcpart 5 # This section is responsbile for loading a signed OPTEE image setenv optee_file /lib/firmware/uTee.optee setenv optee_file_signed /lib/firmware/uTee.optee.imx-signed setenv loadoptee "${loadcmd} mmc ${mmcdev}:${mmcpart} ${optee_addr} ${optee_file}" if test ${hab_enabled} -eq 1; then setexpr hab_ivt_addr ${optee_addr} - ${ivt_offset} ${loadcmd} mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${optee_file_signed} run warp7_auth_or_fail else run loadoptee; fi # Set UUID mmcpart will be used to pass root id to kernel setenv rootpart ${mmcpart} run finduuid; run mmcargs; # Now boot echo Booting secure Linux/OPTEE OS from mmc ...; bootm ${optee_addr} - ${fdt_addr}; # Failsafe if something goes wrong hab_failsafe Bryan O'Donoghue (18): imximage: Specify default IVT offset in IMX image warp7: hab: Add a CSF location definition warp7: hab: Set environment variable indicating HAB enable warp7: defconfig: Enable OPTEE for WaRP7 warp7: Allocate specific region of memory to OPTEE warp7: Print out the OPTEE DRAM region warp7: Specify CONFIG_OPTEE_LOAD_ADDR warp7: defconfig: Enable CONFIG_SECURE_BOOT warp7: defconfig: Enable CONFIG_BOOTM_TEE warp7: Make CONFIG_SYS_FDT_ADDR a define warp7: Add Kconfig WARP7_ROOT_PART warp7: select uuid partition based on rootpart warp7: Define the name of a signed boot-script file warp7: add warp7_auth_or_fail warp7: Make load command an environment variable warp7: hab: Set environment variable indicating IVT offset warp7_secure: defconfig: Enable CMD_SETEXPR warp7: Add support for automated secure boot.scr verification board/warp7/Kconfig | 14 ++++++++++++++ board/warp7/imximage.cfg | 4 ++++ board/warp7/warp7.c | 23 +++++++++++++++++++++++ configs/warp7_secure_defconfig | 6 +++++- include/configs/warp7.h | 29 ++++++++++++++++++++++++----- include/imximage.h | 3 +++ 6 files changed, 73 insertions(+), 6 deletions(-)