Commit graph

7 commits

Author SHA1 Message Date
Saksham Jain
85bb389654 SECURE BOOT: Change fsl_secboot_validate func to pass image addr
Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:23 -07:00
Saksham Jain
c4666cf695 SECURE BOOT: Halt execution when secure boot fail
In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.

Add esbh_halt() after the reset to make sure execution stops.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:23 -07:00
Aneesh Bansal
856b284617 secure_boot: change error handler for esbc_validate
In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.

Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:13:03 -08:00
Aneesh Bansal
b055a0fd86 SECURE BOOT: support for validation of dynamic image
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
bc71f926e3 SECURE BOOT: change prototype of fsl_secboot_validate function
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
gaurav rana
98cb0efde8 Add bootscript support to esbc_validate.
1. Default environment will be used for secure boot flow
 which can't be edited or saved.
2. Command for secure boot is predefined in the default
 environment which will run on autoboot (and autoboot is
 the only option allowed in case of secure boot) and it
 looks like this:
 #define CONFIG_SECBOOT \
 "setenv bs_hdraddr 0xe8e00000;"                 \
 "esbc_validate $bs_hdraddr;"                    \
 "source $img_addr;"                             \
 "esbc_halt;"
 #endif
3. Boot Script can contain esbc_validate commands and bootm command.
 Uboot source command used in default secure boot command will
 run the bootscript.
4. Command esbc_halt added to ensure either bootm executes
 after validation of images or core should just spin.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-04-21 10:19:19 -07:00
gaurav rana
47151e4bcc SECURE BOOT: Add command for validation of images
1. esbc_validate command is meant for validating header and
   signature of images (Boot Script and ESBC uboot client).
   SHA-256 and RSA operations are performed using SEC block in HW.
   This command works on both PBL based and Non PBL based Freescale
   platforms.
   Command usage:
   esbc_validate img_hdr_addr [pub_key_hash]
2. ESBC uboot client can be linux. Additionally, rootfs and device
   tree blob can also be signed.
3. In the event of header or signature failure in validation,
   ITS and ITF bits determine further course of action.
4. In case of soft failure, appropriate error is dumped on console.
5. In case of hard failure, SoC is issued RESET REQUEST after
   dumping error on the console.
6. KEY REVOCATION Feature:
   QorIQ platforms like B4/T4 have support of srk key table and key
   revocation in ISBC code in Silicon.
   The srk key table allows the user to have a key table with multiple
   keys and revoke any key in case of particular key gets compromised.
   In case the ISBC code uses the key revocation and srk key table to
   verify the u-boot code, the subsequent chain of trust should also
   use the same.
6. ISBC KEY EXTENSION Feature:
   This feature allows large number of keys to be used for esbc validation
   of images. A set of public keys is being signed and validated by ISBC
   which can be further used for esbc validation of images.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-05 12:04:59 -08:00