Secure boot header signature is calculated from the image header with
zeroed header checksum. Calculation is done in add_secure_header_v1()
function. So after calling this function no header member except
main_hdr->checksum can be modified. Commit 2b0980c240 ("tools: kwbimage:
Fill the real header size into the main header") broke this requirement as
final header size started to be filled into main_hdr->headersz_* members
after the add_secure_header_v1() call.
Fix this issue by following steps:
- Split header size and image data offset into two variables (headersz and
*dataoff).
- Change image_headersz_v0() and add_binary_header_v1() functions to return
real (unaligned) header size instead of image data offset.
- On every place use correct variable (headersz or *dataoff)
After these steps variable headersz is correctly filled into the
main_hdr->headersz_* members and so overwriting them in the end of the
image_create_v1() function is not needed anymore. Remove those overwriting
which effectively reverts changes in problematic commit without affecting
value in main_hdr->headersz_* members and makes secure boot header
signature valid again.
Fixes: 2b0980c240 ("tools: kwbimage: Fill the real header size into the main header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Secure boot data image signature is calculated from the data image without
trailing 4-bit checksum. Commit 37cb9c15d7 ("tools: kwbimage: Simplify
aligning and calculating checksum") unintentionally broke this calculation
when it increased payloadsz variable by 4 bytes which was propagated also
into the add_secure_header_v1() function. Fix this issue by decreasing size
of buffer by 4 bytes from which is calculated secure boot data image
signature.
Fixes: 37cb9c15d7 ("tools: kwbimage: Simplify aligning and calculating checksum")
Signed-off-by: Pali Rohár <pali@kernel.org>
Variable imagesz in functions image_create_v0(), image_create_v1() and
kwbimage_set_header() stores offset to data from the beginning of the main
header. So it is not image size.
Signed-off-by: Pali Rohár <pali@kernel.org>
To make add_secure_header_v1() function more readable, call it directly
with arguments: header pointer with header size and data image pointer with
data image size. No functional change.
Signed-off-by: Pali Rohár <pali@kernel.org>
For all images except SATA is data offset in bytes. For SATA it is in LBA
format (number of sectors). This is how Marvell BootROM interprets it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Use for it pretty print function: genimg_print_size(). This makes it more
human readable, like other offset and sizes printed by this tool.
Signed-off-by: Pali Rohár <pali@kernel.org>
In Dove functional specification, which use kwbimage v0, is also defined
nand block size field. So dump NAND_BLKSZ also for v0 images.
In Kirkwood functional specification, which also use kwbimage v0, this
field is not defined. So when it is zero and Kirkwood is detected, do not
dump it.
Fixes: f76ae2571f ("tools: kwbimage: Add support for dumping extended and binary v0 headers")
Signed-off-by: Pali Rohár <pali@kernel.org>
mkimage -F option (re-sign existing FIT image) signaled by fflag is not
supported by kwbimage. So mark its usage as invalid parameter.
Signed-off-by: Pali Rohár <pali@kernel.org>
Checksum for v0 image must be generated after filling all fields in the
main header. Otherwise it would be invalid.
Exactly same problem for v1 images was already fixed in the past in commit
9203c73895 ("tools: kwbimage: Fix checksum calculation for v1 images").
Fixes: 5c61710c98 ("tools: kwbimage: Properly set srcaddr in kwbimage v0")
Signed-off-by: Pali Rohár <pali@kernel.org>
kwbimage nandblocksize field is in 64 kB unit, but NAND_BLKSZ command
expects it in bytes. So do required unit conversion.
Also zero value in nandblocksize field has special meaning. When this field
is set to zero, the default block size is used. This default size is
defined by the NAND flash page size (16 KB for a 512B page or small page
NAND and 64 KB for a large page NAND flash).
Fixes: 1a8e6b63e2 ("tools: kwbimage: Dump kwbimage config file on '-p -1' option")
Signed-off-by: Pali Rohár <pali@kernel.org>
Value 0x0 for NAND_BADBLK_LOCATION/nandbadblklocation means that BBI is on
the first or second page and value 0x1 means that BBI is on the last page.
This indicates also NAND Flash Technology, value 0x0 is SLC NAND and value
0x1 is MLC NAND.
Therefore we need to dump NAND_BADBLK_LOCATION also when it is zero.
Note that in v0 images, nandbadblklocation field overlaps with ddrinitdelay
field in one union. ddrinitdelay is used in Kirkwood and nandbadblklocation
is used in Dove. For Dove images is_v0_ext should be set, so use it to
distinguish if nandbadblklocation is available or not. In v1 images there
is always nandbadblklocation field.
Fixes: 1a8e6b63e2 ("tools: kwbimage: Dump kwbimage config file on '-p -1' option")
Signed-off-by: Pali Rohár <pali@kernel.org>
Upper-bound for iterating for-loop over register set entries is incorrect.
Fix it byt calculating correct number of entries.
And fix also dumping the last entry DATA_DELAY, which is the last and not
first (zero).
Fixes: 1a8e6b63e2 ("tools: kwbimage: Dump kwbimage config file on '-p -1' option")
Signed-off-by: Pali Rohár <pali@kernel.org>
'secure_mode' and 'fuse_read_u64' are used only on A38x and A37xx.
Fixes: f7b0bbca2b ("cmd: mvebu/bubt: Check for A38x/A37xx OTP secure bits and secure boot")
Signed-off-by: Pali Rohár <pali@kernel.org>
For 32-bit Armada boards which use SPL we can determinate boot device from
existing MVEBU_SPL_BOOT_DEVICE_* option. For all other boards (e.g. 64-bit
Armada) default option still needs to be set manually.
Signed-off-by: Pali Rohár <pali@kernel.org>
32-bit Armada SoCs uses u-boot binary packed in kwbimage format. Name of
the image is in CONFIG_BUILD_TARGET option. So use it as a default option
in Kconfig.
Signed-off-by: Pali Rohár <pali@kernel.org>
Variable image_size contains size of the header, not size of the whole
image. Rename this variable to reflect content.
Signed-off-by: Pali Rohár <pali@kernel.org>
This change allows to load boot image from the first SATA/SCSI device
partition and burn it to board boot location (e.g. SPI-NOR). This is
particularly when storage device is not handled by U-Boot as USB mass
storage (which is already supported by bubt) but as SATA/SCSI device.
Signed-off-by: Pali Rohár <pali@kernel.org>
All 32-bit Armada SoCs and also 64-bit Armada 3720 SoC can load and boot
firmware from SATA disk. This adds support for updating firmware binary for
these SoCs. On 32-bit Armada SoC is firmware stored at sector 1 and on
Armada 3720 is stored at MBR partition 0x4d or GPT partition with type GUID
6828311A-BA55-42A4-BCDE-A89BB5EDECAE (Marvell Armada 3700 Boot partition).
Signed-off-by: Pali Rohár <pali@kernel.org>
Support for burning into the correct eMMC HW boot partition was broken and
removed in commit 96be2f0727 ("mvebu: bubt: Drop dead code"). Reimplement
this functionality and bring it back again.
Fixes: 96be2f0727 ("mvebu: bubt: Drop dead code")
Signed-off-by: Pali Rohár <pali@kernel.org>
Show image type and version during parsing of kwbimage.
And show reasons in error messages when parsing failed.
This can help to debug issues with invalid images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Marvell BootROM interprets execaddr of SPI/NOR XIP images as relative byte
offset from the from the beginning of the flash device. So if data image
offset and execute offset are not same then it is needed to adjust them
also in DDR RAM.
Fixes: f2c644e0b8 ("tools: kwboot: Patch destination address to DDR area for SPI image")
Signed-off-by: Pali Rohár <pali@kernel.org>
Some NOR images may be execute-in-place and do not contain DDR init code in
its kwbimage header. Such images cannot be booted over UART as BootROM
loads them to RAM. Add check that kwbimage contains DDR init code in its
header (either as binary code header or as the simple register-value set).
In some cases it is possible to load very small image into L2SRAM and when
DDR init code is not required. So check for L2SRAM load address and skip
DDR init code check in this case.
Signed-off-by: Pali Rohár <pali@kernel.org>
Before starting parsing of kwbimage, first validate that all optional v1
headers and correct. This prevents kwboot crashes on invalid input.
Signed-off-by: Pali Rohár <pali@kernel.org>
The 32-bit data checksum in UART image is not checked by the BootROM and
also Marvell tools do not generate it.
So if data checksum stored in UART image does not match calculated checksum
from the image then treat those checksum bytes as part of the executable
image code (and not as the checksum) and for compatibility with the rest of
the code manually insert data checksum into the in-memory image after the
executable code, without overwriting it.
This should allow to boot UART images generated by Marvell tools.
Signed-off-by: Pali Rohár <pali@kernel.org>
Add information of all available image types and where they should be
stored. Storage location offsets where documented from the disassembly of
the A385 BootROM image dump.
Signed-off-by: Pali Rohár <pali@kernel.org>
Add reference to Avanta Boot Flow documentation, BobCat2, AlleyCat3 and
PONCat3 BootROM Firmware documentation and links to public Marvell tools:
hdrparser.c and doimage.c
Signed-off-by: Pali Rohár <pali@kernel.org>
Marvell BootROM loads MMC image from sector 0 (HW boot or data partition)
and SD image from sector 1.
So for SD card booting it is needed to not use constant CONFIG MMC options
and instead of them it is needed to define functions spl_mmc_boot_mode()
spl_mmc_get_uboot_raw_sector() which determinate offsets at SPL runtime
based on MMC or SD card.
Calculation of SD card sector expects following values:
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_DATA_PART_OFFSET=0
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0
Fixes: 2226ca1734 ("arm: mvebu: Load U-Boot proper binary in SPL code based on kwbimage header")
Signed-off-by: Pali Rohár <pali@kernel.org>
On some platforms is SYS_MMCSD_FS_BOOT_PARTITION unsupported. So allow to
completely disable MMC FS Boot support via new option SYS_MMCSD_FS_BOOT.
By default MMC FS Boot support is enabled (like it was before) except for
ARCH_MVEBU where MMC FS Boot supported is unsupported due to Marvell
BootROM limitations.
Signed-off-by: Pali Rohár <pali@kernel.org>
When eMMC boot is selected then BootROM loads kwbimage header (U-Boot SPL)
from the selected eMMC boot partition. So for eMMC boot ensure that U-Boot
SPL loads U-Boot proper (from kwbimage) also from the same selected eMMC
boot partition.
Fixes: 2226ca1734 ("arm: mvebu: Load U-Boot proper binary in SPL code based on kwbimage header")
Signed-off-by: Pali Rohár <pali@kernel.org>
BOOT_DEVICE_MMC2 and BOOT_DEVICE_MMC2_2 are representing mmc dev 1 but all
Armada SoCs have only one mmc controller. So remove references to
non-existent second mmc controller.
Fixes: f830703f42 ("arm: mvebu: Check that kwbimage blockid matches boot mode")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SATA image as number of sectors the beginning of the hard
drive, but as number of sectors relative to the main header.
Reject invalid and accept valid SATA images.
Fixes: 5a06534933 ("cmd: mvebu/bubt: Check for A38x image data checksum")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SATA image as number of sectors the beginning of the hard
drive, but as number of sectors relative to the main header.
To process SATA kwbimage and load U-Boot proper from it in the same way as
Marvell BootROM, it is needed to interpret srcaddr as relative offset to
the main header. This change fixes booting of U-Boot proper from SPL code
in SATA image.
Fixes: 2226ca1734 ("arm: mvebu: Load U-Boot proper binary in SPL code based on kwbimage header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SATA image as number of sectors the beginning of the hard
drive, but as number of sectors relative to the main header.
To parse SATA kwbimage in the same way as Marvell BootROM, it is needed to
interpret srcaddr as relative offset to the main header. This change fixes
loading of SATA images via kwboot over UART.
Fixes: 792e423550 ("tools: kwboot: Patch source address in image header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SATA image as number of sectors the beginning of the hard
drive, but as number of sectors relative to the main header.
The main header is stored at absolute sector number 1. So do not add or
subtract it when calculating with relative offsets to the main header.
Fixes: 501a54a29c ("tools: kwbimage: Fix generation of SATA, SDIO and PCIe images")
Fixes: 5c61710c98 ("tools: kwbimage: Properly set srcaddr in kwbimage v0")
Fixes: e0c243c398 ("tools: kwbimage: Validate data checksum of v1 images")
Fixes: aa6943ca31 ("kwbimage: Add support for extracting images via dumpimage tool")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SDIO image as offset in number of sectors (like for SATA
image), but as offset in bytes (like for all other images except SATA).
To ensure that we do not store invalid SDIO image to the boot location
(read by the Marvell BootROM), we need to check that image is valid
and srcaddr is intepreted in bytes, in the same way as it is done by
Marvell BootROM.
This fixes rejecting valid and accepting invalid SDIO images by bubt command.
Fixes: 5a06534933 ("cmd: mvebu/bubt: Check for A38x image data checksum")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SDIO image as offset in number of sectors (like for SATA
image), but as offset in bytes (like for all other images except SATA).
To process SDIO kwbimage and load U-Boot proper from it in the same way as
Marvell BootROM, it is needed to interpret srcaddr in bytes. This change
fixes booting of U-Boot proper from SPL code stored in SDIO image.
Fixes: 2226ca1734 ("arm: mvebu: Load U-Boot proper binary in SPL code based on kwbimage header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SDIO image as offset in number of sectors (like for SATA
image), but as offset in bytes (like for all other images except SATA).
To parse SDIO kwbimage in the same way as Marvell BootROM, it is needed to
interpret srcaddr in bytes. This change fixes loading of SDIO images via
kwboot over UART.
Fixes: 792e423550 ("tools: kwboot: Patch source address in image header")
Signed-off-by: Pali Rohár <pali@kernel.org>
Despite the official specification, Marvell BootROM does not interpret
srcaddr from SDIO image as offset in number of sectors (like for SATA
image), but as offset in bytes (like for all other images except SATA).
To generate SDIO kwbimage compatible with Marvell BootROM, it is needed to
have srcaddr in bytes. This change fixes SDIO images for Armada 38x SoCs.
Fixes: 501a54a29c ("tools: kwbimage: Fix generation of SATA, SDIO and PCIe images")
Fixes: 5c61710c98 ("tools: kwbimage: Properly set srcaddr in kwbimage v0")
Fixes: e0c243c398 ("tools: kwbimage: Validate data checksum of v1 images")
Fixes: aa6943ca31 ("kwbimage: Add support for extracting images via dumpimage tool")
Signed-off-by: Pali Rohár <pali@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmP9sq4ACgkQgS8AYozs
+qJ0tA//T46yeQ5H33yCxOTlNOwvtqfYWc4zQhJsTHkrXx9vdqW/Woz2GGxhADac
MVe1RyqHwWKymyNKCyi8nZIYdkpzaGutUhaCK4S8iddnL9A15oe3jxNtvrVfmvZw
jHPgJUrYdDvX0SoJy5xcRaxiO48+ja005ILw7H2zS+/vR7lQPJQJ1IuHStKCny6j
uYksHFcFK+qRscWjKGNdgcZLjQNpBIcigyGYPOxJ0swIDmZd84vSFoOG5p48QpAu
yo6VCnGgtaDKGOBPBICzyCw7J7a4zt3hM2mQ6xMI66IEBLpHwA999RSl1Gxtxhzz
3QG5Ore6E6hmkZk++jiA5VVhkX5ZpmoMDY2SiveCLyjknhKIwY5/lOmVn/kPAwHt
jAUbagf1ntrFnTum8OFtyg7skAmTckmZzaf4OuUhtrD3710dfdZ0dPuFxFDXRfTX
yLZaprwI+M8ziXbw1/Ao5iMx8ck5zGVn+mOBawYx/x/h5X76BxqqzPBExzQ+Qj6E
UgWKccPxVvbDENB2EZY05j3/JylGGU2Sxn2idu+UPXkfZRO/9CQKGiLmmhQ/aX4C
zAREx0/XSux/lkas9yXVjJXnvTCBcAbiu24MlTZDLdOQK+kGSIBY9yA+9fAxWtFG
33npVegUjMG+EPqpntVHPS/NuFOxuNu/X7kk2ievjsCPnLkVpts=
=6a0G
-----END PGP SIGNATURE-----
Merge tag 'tpm-next-28022023' of https://source.denx.de/u-boot/custodians/u-boot-tpm into next
TPM auto startup and testing:
Due to U-Boot's lazy binding we always relied on command line tools to
initialize the TPM subsystem and devices. One exception is the EFI
subsystem. When compiled with TCG2 measured boot support the TPM was
automatically initialized.
However that init was not complete. The TCG specs [0] (and specifically
§12.3 Self-test modes) describe how self-tests on the device should be
performed. This PR is adding an extra API function, that can be used to
initialize the TPM2.0 properly.
Simon added the equivalent for TPM1.2 and refactored the DM tests to
include the new funtion.
[0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf
- mark reserved blocks from Ashok Reddy Soma
- backport BRCMNAND changes from Linux from Linus Walleij
- fix display of unknown raw ID from Patrice Chotard
- show reserved block in chip.erase from Michael Trimarchi
-----BEGIN PGP SIGNATURE-----
iQJYBAABCgBCFiEE6GOTDNYiFygVXvMmQBtB6IWRjvEFAmP83RIkHGRhcmlvLmJp
bmFjY2hpQGFtYXJ1bGFzb2x1dGlvbnMuY29tAAoJEEAbQeiFkY7xpp8P/1gykNwl
UvIjmhKu2pLDSJd9g75Ao4SDrkSYqVK1FT0RusxgB0YPfu1beWK9JPpfcabt+VHS
i/h4Qy40MJk3VpJ0mRH4OqPL2Ezl3RAuFp0P9mz5gVlLZGUKWRXRuNoh0ZAxrBcu
nYydUdh+p9Ov323969P2+7P8Ld/4Zb/dNsycRSsXXNI0FpyA7O5Prxrlk0aujtNa
0bONHEJ/wp68qqp4bucJjhMiLD5dZAJQxtzW/TZCYoJ+i2juWHgSZbA/4kDx9Mii
jV2pdHMkBcPBmF2HZujQxxorIxw+NXep0aydH/VxKfZxXzZU6PPO22wzKjbaZSYP
dkWL7Gik16T2RtU7QNqQq8UnAwzAIIaqFQo7UtG1vYfaPeB/TI5jNpQL3uQamMD9
4GwaU6jr6MjhIi/waoGsJLlUBBxmFlPVfSp95qY1UGUNtC9QsbvONmqvmH0dfhug
2vWYSVpXoSZG7DftxIIEg0Y2N+WZvODPyftsj3j/jp7e6ghBzvBeGtkIaKYYzSOx
dbEWsdKQOHFIhBBTan3MihVQUJFNkeWyRcO+DMGBuTZwMAifASg46mbLxBjysBXc
yccNNfDJUhHR/GGOJTZJlJ6av60OqCjPY9rGcUFfZUrT/Qmef2mQ/wylAf7ep47L
/bcvPoQv9xnowd9IztLyJJ0LFbhKONVTvDlz
=0HB0
-----END PGP SIGNATURE-----
Merge tag 'u-boot-nand-20230227' of https://source.denx.de/u-boot/custodians/u-boot-nand-flash into next
Pull request for u-boot-nand-20230227
- mark reserved blocks from Ashok Reddy Soma
- backport BRCMNAND changes from Linux from Linus Walleij
- fix display of unknown raw ID from Patrice Chotard
- show reserved block in chip.erase from Michael Trimarchi
Add an implementation of this, moving the common call to tpm_init() up
into the common API implementation.
Add a test.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Currently there is only one test and it only works on TPM v2. Update it
to work on v1.2 as well, using a new function to pick up the required
TPM.
Update sandbox to include both a v1.2 and v2 TPM so that this works.
Split out the existing test into two pieces, one for init and one for
the v2-only report_state feature.
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
A prior patch adds a new API function for TPM2.0, which performs
the full startup sequence of the TPM. Add a selftest for that.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
All the TPM drivers as well as out TCG TIS API for a TPM2.0 device
return -EBUSY if the device has already been opened. Adjust
the sandbox TPM do return the same error code.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>