From 40af7d39aab46383e3b0d52b4b06928231807637 Mon Sep 17 00:00:00 2001 From: Breno Matheus Lima Date: Thu, 18 Jul 2019 12:34:15 +0000 Subject: habv4: tools: Avoid hardcoded CSF size for SPL targets Currently it's not possible to authenticate the U-Boot proper of mx6ul_14x14_evk_defconfig target: Authenticate image from DDR location 0x877fffc0... bad magic magic=0x0 length=0x00 version=0x3 bad length magic=0x0 length=0x00 version=0x3 bad version magic=0x0 length=0x00 version=0x3 spl: ERROR: image authentication fail Commit 0633e134784a ("imx: hab: Increase CSF_SIZE for i.MX6 and i.MX7 devices") has increased CSF_SIZE to avoid a possible issue when booting encrypted boot images. Commit d21bd69b6e95 ("tools: mkimage: add firmware-ivt image type for HAB verification") is hardcoding the CSF and IVT sizes, the new CSF size is not being considered and u-boot-ivt.img fails to boot. Avoid hardcoded CSF and IVT size to fix this issue. Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- common/image.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'common/image.c') diff --git a/common/image.c b/common/image.c index 179eef0bd2d..9badb915f48 100644 --- a/common/image.c +++ b/common/image.c @@ -61,6 +61,8 @@ static const image_header_t *image_get_ramdisk(ulong rd_addr, uint8_t arch, #endif /* !USE_HOSTCC*/ #include +#include +#include #ifndef CONFIG_SYS_BARGSIZE #define CONFIG_SYS_BARGSIZE 512 @@ -378,9 +380,9 @@ void image_print_contents(const void *ptr) } } else if (image_check_type(hdr, IH_TYPE_FIRMWARE_IVT)) { printf("HAB Blocks: 0x%08x 0x0000 0x%08x\n", - image_get_load(hdr) - image_get_header_size(), - image_get_size(hdr) + image_get_header_size() - - 0x1FE0); + image_get_load(hdr) - image_get_header_size(), + (int)(image_get_size(hdr) + image_get_header_size() + + sizeof(flash_header_v2_t) - CONFIG_CSF_SIZE)); } } -- cgit v1.2.3 From 70026345ed9131ef74b923f6b81196581235f127 Mon Sep 17 00:00:00 2001 From: Stefano Babic Date: Fri, 13 Sep 2019 18:53:03 +0200 Subject: Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets" This reverts commit 62a52f3f85bf33e286632e99f0d39b2c166af0c4. --- common/image.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'common/image.c') diff --git a/common/image.c b/common/image.c index 9badb915f48..179eef0bd2d 100644 --- a/common/image.c +++ b/common/image.c @@ -61,8 +61,6 @@ static const image_header_t *image_get_ramdisk(ulong rd_addr, uint8_t arch, #endif /* !USE_HOSTCC*/ #include -#include -#include #ifndef CONFIG_SYS_BARGSIZE #define CONFIG_SYS_BARGSIZE 512 @@ -380,9 +378,9 @@ void image_print_contents(const void *ptr) } } else if (image_check_type(hdr, IH_TYPE_FIRMWARE_IVT)) { printf("HAB Blocks: 0x%08x 0x0000 0x%08x\n", - image_get_load(hdr) - image_get_header_size(), - (int)(image_get_size(hdr) + image_get_header_size() - + sizeof(flash_header_v2_t) - CONFIG_CSF_SIZE)); + image_get_load(hdr) - image_get_header_size(), + image_get_size(hdr) + image_get_header_size() + - 0x1FE0); } } -- cgit v1.2.3 From 5b20d141f209a62596f38ee42b0622280636a7ae Mon Sep 17 00:00:00 2001 From: Breno Matheus Lima Date: Mon, 23 Sep 2019 18:39:47 +0000 Subject: imx: Kconfig: Reduce default CONFIG_CSF_SIZE The default CSF_SIZE defined in Kconfig is too high and SPL cannot fit into the OCRAM in certain cases. The CSF cannot achieve 0x2000 length when using RSA 4K key which is the largest key size supported by HABv4. According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" it's recommended to pad CSF binary to 0x2000 and append DEK blob to deploy encrypted boot images. As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060 which should cover both CSF and DEK blob length. Update default_image.c and image.c to align with this change and avoid a U-Boot proper authentication failure in HAB closed devices: Authenticate image from DDR location 0x877fffc0... bad magic magic=0x32 length=0x6131 version=0x38 bad length magic=0x32 length=0x6131 version=0x38 bad version magic=0x32 length=0x6131 version=0x38 spl: ERROR: image authentication fail Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets") Reported-by: Jagan Teki Signed-off-by: Breno Lima --- common/image.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'common/image.c') diff --git a/common/image.c b/common/image.c index 179eef0bd2d..62ba6b3bfe9 100644 --- a/common/image.c +++ b/common/image.c @@ -61,6 +61,7 @@ static const image_header_t *image_get_ramdisk(ulong rd_addr, uint8_t arch, #endif /* !USE_HOSTCC*/ #include +#include #ifndef CONFIG_SYS_BARGSIZE #define CONFIG_SYS_BARGSIZE 512 @@ -378,9 +379,9 @@ void image_print_contents(const void *ptr) } } else if (image_check_type(hdr, IH_TYPE_FIRMWARE_IVT)) { printf("HAB Blocks: 0x%08x 0x0000 0x%08x\n", - image_get_load(hdr) - image_get_header_size(), - image_get_size(hdr) + image_get_header_size() - - 0x1FE0); + image_get_load(hdr) - image_get_header_size(), + (int)(image_get_size(hdr) + image_get_header_size() + + sizeof(flash_header_v2_t) - 0x2060)); } } -- cgit v1.2.3