[U-Boot] [PATCH v1 0/7] The patchset fixes some issue in the generation of the imx image

[U-Boot] [PATCH v1 0/7] The patchset fixes some issue in the generation of the imx image

[Stefano Babic]

(header for Freescale's i.MX processors) to allow the usage of
Freescale's tools to sign the u-boot image and provide a secure boot.

This has nothing to do with the Secure Boot extensions implemented by
Simon Glass, that can be in any case used to boot later a secure image.
Freescale's secure boot ensures that a signed bootloader
is started only if it is verified with a key that is burned into the iMX fuses.
Documentation about the Freescale's secure process can be read from the
AN4591, available on the Freescale's Website.

The patchset allows to add to the imx Header the CSF (command Sequence File)
generated by the tools provided by Freescale. The CSF is then simply concatenated
to the u-boot image, making a signed bootloader, that the processor can verify
if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
start a bootloader that cannot be verified - further infos how to configure
the SOC to verify the bootloader can be found in the User Manual of the specific
SOC.

Next step is to verify the kernel, that can be still done using Simon's patches for
verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).



Stefano Babic (7):
  tools: imx_header should not include flash_offset
  tools: rename mximage_flash_offset to imximage_ivt_offset
  tools: dynamically allocate imx_header in imximage
  tools: add variable padding of data image in mkimage
  tools: add padding of data image file for imximage
  tools: add support for setting the CSF into imximage
  imx: add status reporting for HAB status

 arch/arm/cpu/armv7/mx6/Makefile          |    2 +-
 arch/arm/cpu/armv7/mx6/hab.c             |  127 ++++++++++++++++++++++
 arch/arm/include/asm/arch-mx6/hab.h      |   80 ++++++++++++++
 arch/arm/include/asm/arch-mx6/imx-regs.h |    8 +-
 doc/README.imximage                      |   18 +++-
 doc/README.mxc_hab                       |   48 +++++++++
 tools/imximage.c                         |  168 +++++++++++++++++++++++++++---
 tools/imximage.h                         |   20 +++-
 tools/mkimage.c                          |   24 ++++-
 tools/mkimage.h                          |    5 +-
 10 files changed, 471 insertions(+), 29 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
 create mode 100644 arch/arm/include/asm/arch-mx6/hab.h
 create mode 100644 doc/README.mxc_hab

-- 
1.7.9.5

[U-Boot] [PATCH v1 1/7] tools: imx_header should not include flash_offset

[Stefano Babic]

Doing a  make distclean; make mx6qsabresd_config; make
and      hexdump -C u-boot.imx | less

 ...
 00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 000003f0  00 00 00 00 00 00 00 00  00 00 00 00 00 04 00 00  |................|
                                                ^^^^^^^^^^^
 00000400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...?.?.?.?.?.?.?|
 ...

shows the flash_offset value being written into the final
generated image, wich is not correct.

Instead create flash_offset as static variable such that the
generated image is "clean".

 00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...?.?.?.?.?.?.?|

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
 tools/imximage.c |   15 ++++++++-------
 tools/imximage.h |    1 -
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 5e8e470..013fa80 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -68,6 +68,7 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
+static uint32_t imximage_flash_offset;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -343,9 +344,9 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imxhdr->flash_offset = get_table_entry_id(imximage_bootops,
+		imximage_flash_offset = get_table_entry_id(imximage_bootops,
 					"imximage boot option", token);
-		if (imxhdr->flash_offset == -1) {
+		if (imximage_flash_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
@@ -354,7 +355,7 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 			cmd_ver_first = 0;
 		break;
 	case CMD_BOOT_OFFSET:
-		imxhdr->flash_offset = get_cfg_value(token, name, lineno);
+		imximage_flash_offset = get_cfg_value(token, name, lineno);
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -455,7 +456,7 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 	fclose(fd);
 
 	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
-	if (imxhdr->flash_offset == FLASH_OFFSET_UNDEFINED) {
+	if (imximage_flash_offset == FLASH_OFFSET_UNDEFINED) {
 		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
 		exit(EXIT_FAILURE);
 	}
@@ -513,14 +514,14 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 */
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
-	imxhdr->flash_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_flash_offset = FLASH_OFFSET_UNDEFINED;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
 	dcd_len = parse_cfg_file(imxhdr, params->imagename);
 
 	/* Set the imx header */
-	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imxhdr->flash_offset);
+	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_flash_offset);
 
 	/*
 	 * ROM bug alert
@@ -531,7 +532,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imxhdr->flash_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size + imximage_flash_offset, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index 5c929e4..da1c4ff 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -163,7 +163,6 @@ struct imx_header {
 		imx_header_v1_t hdr_v1;
 		imx_header_v2_t hdr_v2;
 	} header;
-	uint32_t flash_offset;
 } __attribute__((aligned(4096)));
 
 typedef void (*set_dcd_val_t)(struct imx_header *imxhdr,
-- 
1.7.9.5

[U-Boot] [PATCH v1 2/7] tools: rename mximage_flash_offset to imximage_ivt_offset

[Stefano Babic]

This better reflects the naming from the Reference Manual
as well as fits better since "flash" is not really applicabe
for SATA.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 tools/imximage.c |   17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 013fa80..d87e94d 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -68,7 +68,8 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
-static uint32_t imximage_flash_offset;
+/* Image Vector Table Offset */
+static uint32_t imximage_ivt_offset;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -344,9 +345,9 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imximage_flash_offset = get_table_entry_id(imximage_bootops,
+		imximage_ivt_offset = get_table_entry_id(imximage_bootops,
 					"imximage boot option", token);
-		if (imximage_flash_offset == -1) {
+		if (imximage_ivt_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
@@ -355,7 +356,7 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 			cmd_ver_first = 0;
 		break;
 	case CMD_BOOT_OFFSET:
-		imximage_flash_offset = get_cfg_value(token, name, lineno);
+		imximage_ivt_offset = get_cfg_value(token, name, lineno);
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -456,7 +457,7 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 	fclose(fd);
 
 	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
-	if (imximage_flash_offset == FLASH_OFFSET_UNDEFINED) {
+	if (imximage_ivt_offset == FLASH_OFFSET_UNDEFINED) {
 		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
 		exit(EXIT_FAILURE);
 	}
@@ -514,14 +515,14 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 */
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
-	imximage_flash_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
 	dcd_len = parse_cfg_file(imxhdr, params->imagename);
 
 	/* Set the imx header */
-	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_flash_offset);
+	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_ivt_offset);
 
 	/*
 	 * ROM bug alert
@@ -532,7 +533,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imximage_flash_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size + imximage_ivt_offset, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
-- 
1.7.9.5

[U-Boot] [PATCH v1 3/7] tools: dynamically allocate imx_header in imximage

[Stefano Babic]

Change to dynamically allocate the imx_header to correctly
allocate the IVT, Boot Data and DCD at correct locations
depending on the boot media.

Also check that the Image Vector Table Offset + IVT +
Boot Data + DCD <= Initial Load Region Size.

Previously struct imx_header was always 4096 bytes and was
not dealing correctly with the Image Vector Table Offset.

Now, the memory allocation looks for e.g. SD boot like this

 Storage   u-boot.imx                             RAM
 Device

 00000000                                         177ff000 <--------------
                                                                         |
 00000400  00000000  d1 00 20 40 IVT.header       177ff400 <-------      |
 00000404  00000004  00 00 80 17 IVT.entry        177ff404 -----------   |
 00000408  00000008  00 00 00 00 IVT.reserved1    177ff408        |  |   |
 0000040C  0000000C  2c f4 7f 17 IVT.dcd          177ff40C ------ |  |   |
 00000410  00000010  20 f4 7f 17 IVT.boot         177ff410 ---- | |  |   |
 00000414  00000014  00 f4 7f 17 IVT.self         177ff414 --------  |   |
 00000418  00000018  00 00 00 00 IVT.csf          177ff418    | |    |   |
 0000041C  0000001C  00 00 00 00 IVT.reserved2    177ff41C    | |    |   |
 00000420  00000020  00 f0 7f 17 BootData.start   177ff420 <--- |    | ---
 00000424  00000024  00 60 03 00 BootData.length  177ff424      |    |
 00000428  00000028  00 00 00 00 BootData.plugin  177ff428      |    |
 0000042C  0000002C  d2 03 30 40 DCD.header       177ff42C <-----    |
 ...                                                                 |
 00001000  00000c00  13 00 00 ea U-Boot Start     17800000 <----------

While at it also remove the unused #define HEADER_OFFSET.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 tools/imximage.c |   44 +++++++++++++++++++++++++++++++++++++-------
 tools/imximage.h |   16 +++++++++++++---
 2 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index d87e94d..984cb9b 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -47,7 +47,7 @@ static table_entry_t imximage_cmds[] = {
  * Supported Boot options for configuration file
  * this is needed to set the correct flash offset
  */
-static table_entry_t imximage_bootops[] = {
+static table_entry_t imximage_boot_offset[] = {
 	{FLASH_OFFSET_ONENAND,	"onenand",	"OneNAND Flash",},
 	{FLASH_OFFSET_NAND,	"nand",		"NAND Flash",	},
 	{FLASH_OFFSET_NOR,	"nor",		"NOR Flash",	},
@@ -58,6 +58,20 @@ static table_entry_t imximage_bootops[] = {
 };
 
 /*
+ * Supported Boot options for configuration file
+ * this is needed to determine the initial load size
+ */
+static table_entry_t imximage_boot_loadsize[] = {
+	{FLASH_LOADSIZE_ONENAND,	"onenand",	"OneNAND Flash",},
+	{FLASH_LOADSIZE_NAND,		"nand",		"NAND Flash",	},
+	{FLASH_LOADSIZE_NOR,		"nor",		"NOR Flash",	},
+	{FLASH_LOADSIZE_SATA,		"sata",		"SATA Disk",	},
+	{FLASH_LOADSIZE_SD,		"sd",		"SD Card",	},
+	{FLASH_LOADSIZE_SPI,		"spi",		"SPI Flash",	},
+	{-1,				"",		"Invalid",	},
+};
+
+/*
  * IMXIMAGE version definition for i.MX chips
  */
 static table_entry_t imximage_versions[] = {
@@ -70,6 +84,8 @@ static struct imx_header imximage_header;
 static uint32_t imximage_version;
 /* Image Vector Table Offset */
 static uint32_t imximage_ivt_offset;
+/* Initial Load Region Size */
+static uint32_t imximage_init_loadsize;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -211,7 +227,9 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len,
 	/* Set magic number */
 	fhdr_v1->app_code_barker = APP_CODE_BARKER;
 
-	hdr_base = entry_point - sizeof(struct imx_header);
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	/* hdr_base = entry_point - imximage_init_loadsize + flash_offset; */
+	hdr_base = entry_point - 4096;
 	fhdr_v1->app_dest_ptr = hdr_base - flash_offset;
 	fhdr_v1->app_code_jump_vector = entry_point;
 
@@ -238,12 +256,13 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len,
 
 	fhdr_v2->entry = entry_point;
 	fhdr_v2->reserved1 = fhdr_v2->reserved2 = 0;
-	fhdr_v2->self = hdr_base = entry_point - sizeof(struct imx_header);
-
+	hdr_base = entry_point - imximage_init_loadsize +
+		flash_offset;
+	fhdr_v2->self = hdr_base;
 	fhdr_v2->dcd_ptr = hdr_base + offsetof(imx_header_v2_t, dcd_table);
 	fhdr_v2->boot_data_ptr = hdr_base
 			+ offsetof(imx_header_v2_t, boot_data);
-	hdr_v2->boot_data.start = hdr_base - flash_offset;
+	hdr_v2->boot_data.start = entry_point - imximage_init_loadsize;
 
 	/* Security feature are not supported */
 	fhdr_v2->csf = 0;
@@ -345,13 +364,24 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imximage_ivt_offset = get_table_entry_id(imximage_bootops,
+		imximage_ivt_offset = get_table_entry_id(imximage_boot_offset,
 					"imximage boot option", token);
 		if (imximage_ivt_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
 		}
+
+		imximage_init_loadsize =
+			get_table_entry_id(imximage_boot_loadsize,
+					   "imximage boot option", token);
+
+		if (imximage_init_loadsize == -1) {
+			fprintf(stderr,
+				"Error: %s[%d] -Invalid boot device(%s)\n",
+				name, lineno, token);
+			exit(EXIT_FAILURE);
+		}
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -533,7 +563,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imximage_ivt_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index da1c4ff..b0305bf 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -29,14 +29,14 @@
 #define APP_CODE_BARKER	0xB1
 #define DCD_BARKER	0xB17219E9
 
-#define HEADER_OFFSET	0x400
-
 /*
  * NOTE: This file must be kept in sync with arch/arm/include/asm/\
  *       imx-common/imximage.cfg because tools/imximage.c can not
  *       cross-include headers from arch/arm/ and vice-versa.
  */
 #define CMD_DATA_STR	"DATA"
+
+/* Initial Vector Table Offset */
 #define FLASH_OFFSET_UNDEFINED	0xFFFFFFFF
 #define FLASH_OFFSET_STANDARD	0x400
 #define FLASH_OFFSET_NAND	FLASH_OFFSET_STANDARD
@@ -46,6 +46,16 @@
 #define FLASH_OFFSET_NOR	0x1000
 #define FLASH_OFFSET_SATA	FLASH_OFFSET_STANDARD
 
+/* Initial Load Region Size */
+#define FLASH_LOADSIZE_UNDEFINED	0xFFFFFFFF
+#define FLASH_LOADSIZE_STANDARD		0x1000
+#define FLASH_LOADSIZE_NAND		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_SD		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_SPI		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_ONENAND		0x400
+#define FLASH_LOADSIZE_NOR		0x0 /* entire image */
+#define FLASH_LOADSIZE_SATA		FLASH_LOADSIZE_STANDARD
+
 #define IVT_HEADER_TAG 0xD1
 #define IVT_VERSION 0x40
 #define DCD_HEADER_TAG 0xD2
@@ -163,7 +173,7 @@ struct imx_header {
 		imx_header_v1_t hdr_v1;
 		imx_header_v2_t hdr_v2;
 	} header;
-} __attribute__((aligned(4096)));
+};
 
 typedef void (*set_dcd_val_t)(struct imx_header *imxhdr,
 					char *name, int lineno,
-- 
1.7.9.5

[U-Boot] [PATCH v1 4/7] tools: add variable padding of data image in mkimage

[Stefano Babic]

Use previously unused return value of function vrec_header
to return a padding size to generic mkimage. This padding
size is used in copy_files to pad with zeros after copying
the data image.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 tools/mkimage.c |   24 +++++++++++++++++++++---
 tools/mkimage.h |    5 ++++-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/tools/mkimage.c b/tools/mkimage.c
index d312844..d2f24e4 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -150,6 +150,7 @@ main (int argc, char **argv)
 	char *ptr;
 	int retval = 0;
 	struct image_type_params *tparams = NULL;
+	int pad_len = 0;
 
 	/* Init Freescale PBL Boot image generation/list support */
 	init_pbl_image_type();
@@ -404,7 +405,7 @@ NXTARG:		;
 	 * allocate memory for the header itself.
 	 */
 	if (tparams->vrec_header)
-		tparams->vrec_header(&params, tparams);
+		pad_len = tparams->vrec_header(&params, tparams);
 	else
 		memset(tparams->hdr, 0, tparams->header_size);
 
@@ -476,7 +477,7 @@ NXTARG:		;
 			/* PBL has special Image format, implements its' own */
 			pbl_load_uboot(ifd, &params);
 		} else {
-			copy_file (ifd, params.datafile, 0);
+			copy_file(ifd, params.datafile, pad_len);
 		}
 	}
 
@@ -550,10 +551,19 @@ copy_file (int ifd, const char *datafile, int pad)
 	unsigned char *ptr;
 	int tail;
 	int zero = 0;
+	uint8_t zeros[4096];
 	int offset = 0;
 	int size;
 	struct image_type_params *tparams = mkimage_get_type (params.type);
 
+	if (pad >= sizeof(zeros)) {
+		fprintf(stderr, "%s: Can't pad to %d\n",
+			params.cmdname, pad);
+		exit(EXIT_FAILURE);
+	}
+
+	memset(zeros, 0, sizeof(zeros));
+
 	if (params.vflag) {
 		fprintf (stderr, "Adding Image %s\n", datafile);
 	}
@@ -611,7 +621,8 @@ copy_file (int ifd, const char *datafile, int pad)
 		exit (EXIT_FAILURE);
 	}
 
-	if (pad && ((tail = size % 4) != 0)) {
+	tail = size % 4;
+	if ((pad == 1) && (tail != 0)) {
 
 		if (write(ifd, (char *)&zero, 4-tail) != 4-tail) {
 			fprintf (stderr, "%s: Write error on %s: %s\n",
@@ -619,6 +630,13 @@ copy_file (int ifd, const char *datafile, int pad)
 				strerror(errno));
 			exit (EXIT_FAILURE);
 		}
+	} else if (pad > 1) {
+		if (write(ifd, (char *)&zeros, pad) != pad) {
+			fprintf(stderr, "%s: Write error on %s: %s\n",
+				params.cmdname, params.imagefile,
+				strerror(errno));
+			exit(EXIT_FAILURE);
+		}
 	}
 
 	(void) munmap((void *)ptr, sbuf.st_size);
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 1d9984e..5b63ebf 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -145,7 +145,10 @@ struct image_type_params {
 	/*
 	 * This callback function will be executed for variable size record
 	 * It is expected to build this header in memory and return its length
-	 * and a pointer to it
+	 * and a pointer to it by using image_type_params.header_size and
+	 * image_type_params.hdr. The return value shall indicate if an
+	 * additional padding should be used when copying the data image
+	 * by returning the padding length.
 	 */
 	int (*vrec_header) (struct mkimage_params *,
 		struct image_type_params *);
-- 
1.7.9.5

[U-Boot] [PATCH v1 5/7] tools: add padding of data image file for imximage

[Stefano Babic]

Implement function vrec_header to be able to pad the final
data image file according the what has been calculated for
boot_data.length.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 tools/imximage.c |   82 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 80 insertions(+), 2 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 984cb9b..85cc619 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -588,18 +588,96 @@ int imximage_check_params(struct mkimage_params *params)
 		(params->xflag) || !(strlen(params->imagename));
 }
 
+static int imximage_generate(struct mkimage_params *params,
+	struct image_type_params *tparams)
+{
+	struct imx_header *imxhdr;
+	size_t alloc_len;
+	int dfd;
+	struct stat sbuf;
+	char *datafile = params->datafile;
+	uint32_t pad_len;
+
+	memset(&imximage_header, 0, sizeof(imximage_header));
+
+	/*
+	 * In order to not change the old imx cfg file
+	 * by adding VERSION command into it, here need
+	 * set up function ptr group to V1 by default.
+	 */
+	imximage_version = IMXIMAGE_V1;
+	/* Be able to detect if the cfg file has no BOOT_FROM tag */
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
+	set_hdr_func(imxhdr);
+
+	/* Parse dcd configuration file */
+	parse_cfg_file(&imximage_header, params->imagename);
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		alloc_len = 4096;
+	else
+		alloc_len = imximage_init_loadsize - imximage_ivt_offset;
+
+	if (alloc_len < sizeof(struct imx_header)) {
+		fprintf(stderr, "%s: header error\n",
+			params->cmdname);
+		exit(EXIT_FAILURE);
+	}
+
+	imxhdr = malloc(alloc_len);
+
+	if (!imxhdr) {
+		fprintf(stderr, "%s: malloc return failure: %s\n",
+			params->cmdname, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	memset(imxhdr, 0, alloc_len);
+
+	tparams->header_size = alloc_len;
+	tparams->hdr         = imxhdr;
+
+	/* determine data image file length */
+	dfd = open(datafile, O_RDONLY|O_BINARY);
+	if (dfd < 0) {
+		fprintf(stderr, "%s: Can't open %s: %s\n",
+			params->cmdname, datafile, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	if (fstat(dfd, &sbuf) < 0) {
+		fprintf(stderr, "%s: Can't stat %s: %s\n",
+			params->cmdname, datafile, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	pad_len = ROUND(sbuf.st_size, 4096) - sbuf.st_size;
+
+	close(dfd);
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		return 0;
+	else
+		return pad_len;
+}
+
+
 /*
  * imximage parameters
  */
 static struct image_type_params imximage_params = {
 	.name		= "Freescale i.MX Boot Image support",
-	.header_size	= sizeof(struct imx_header),
-	.hdr		= (void *)&imximage_header,
+	.header_size	= 0,
+	.hdr		= NULL,
 	.check_image_type = imximage_check_image_types,
 	.verify_header	= imximage_verify_header,
 	.print_header	= imximage_print_header,
 	.set_header	= imximage_set_header,
 	.check_params	= imximage_check_params,
+	.vrec_header	= imximage_generate,
 };
 
 void init_imx_image_type(void)
-- 
1.7.9.5

[U-Boot] [PATCH v1 6/7] tools: add support for setting the CSF into imximage

[Stefano Babic]

Add support for setting the CSF (Command Sequence File) pointer
which is used for HAB (High Assurance Boot) in the imximage by
adding e.g.

CSF 0x2000

in the imximage.cfg file.

This will set the CSF pointer accordingly just after the padded
data image area. The boot_data.length is adjusted with the
value from the imximage.cfg config file.

The resulting u-boot.imx can be signed with the FSL HAB tooling.
The generated CSF block needs to be appended to the u-boot.imx.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 doc/README.imximage |   18 +++++++++++++++---
 doc/README.mxc_hab  |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 tools/imximage.c    |   30 +++++++++++++++++++++++++++++-
 tools/imximage.h    |    3 ++-
 4 files changed, 94 insertions(+), 5 deletions(-)
 create mode 100644 doc/README.mxc_hab

diff --git a/doc/README.imximage b/doc/README.imximage
index 802eb90..c10684f 100644
--- a/doc/README.imximage
+++ b/doc/README.imximage
@@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type.
 For more details refer Chapter 2 - System Boot and section 2.14
 (flash header description) of the processor's manual.
 
-This implementation does not use at the moment the secure boot feature
-of the processor. The image is generated disabling all security fields.
-
 Command syntax:
 --------------
 ./tools/mkimage -l <mx u-boot_file>
@@ -86,6 +83,21 @@ Configuration command line syntax:
 				Example:
 				BOOT_FROM spi
 
+	CSF			value
+
+				Total size of CSF (Command Sequence File)
+				used for Secure Boot/ High Assurance Boot
+				(HAB).
+
+				Using this command will populate the IVT
+				(Initial Vector Table) CSF pointer and adjust
+				the length fields only. The CSF itself needs
+				to be generated with Freescale tools and
+				'manually' appended to the u-boot.imx file.
+
+				Example:
+				CSF 0x2000
+
 	DATA			type address value
 
 				type: word=4, halfword=2, byte=1
diff --git a/doc/README.mxc_hab b/doc/README.mxc_hab
new file mode 100644
index 0000000..97f8b7d
--- /dev/null
+++ b/doc/README.mxc_hab
@@ -0,0 +1,48 @@
+High Assurance Boot (HAB) for i.MX6 CPUs
+
+To authenticate U-Boot only by the CPU there is no code required in
+U-Boot itself. However, the U-Boot image to be programmed into the
+boot media needs to be properly constructed, i.e. it must contain a
+proper Command Sequence File (CSF).
+
+The Initial Vector Table contains a pointer to the CSF. Please see
+doc/README.imximage for how to prepare u-boot.imx.
+
+The CSF itself is being generated by Freescale HAB tools.
+
+mkimage will output additional information about "HAB Blocks"
+which can be used in the Freescale tooling to authenticate U-Boot
+(entries in the CSF file).
+
+Image Type:   Freescale IMX Boot Image
+Image Ver:    2 (i.MX53/6 compatible)
+Data Size:    327680 Bytes = 320.00 kB = 0.31 MB
+Load Address: 177ff420
+Entry Point:  17800000
+HAB Blocks:   177ff400 00000000 0004dc00
+              ^^^^^^^^ ^^^^^^^^ ^^^^^^^^
+		|	|	   |
+		|	|	   -------- (1)
+		|	|
+		|	------------------- (2)
+		|
+		--------------------------- (3)
+
+(1)	Size of area in file u-boot.imx to sign
+	This area should include the IVT, the Boot Data the DCD
+	and U-Boot itself.
+(2)	Start of area in u-boot.imx to sign
+(3)	Start of area in RAM to authenticate
+
+CONFIG_SECURE_BOOT currently enables only an additional command
+'hab_status' in U-Boot to retrieve the HAB status and events. This
+can be useful while developing and testing HAB.
+
+Commands to generate a signed U-Boot using Freescale HAB tools:
+cst --o U-Boot_CSF.bin < U-Boot.CSF
+objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0x00 \
+	U-Boot_CSF.bin U-Boot_CSF_pad.bin
+cat u-boot.imx U-Boot_CSF_pad.bin > u-boot-signed.imx
+
+NOTE: U-Boot_CSF.bin needs to be padded to the value specified in
+the imximage.cfg file.
diff --git a/tools/imximage.c b/tools/imximage.c
index 85cc619..3c4d0c1 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -39,6 +39,7 @@ static table_entry_t imximage_cmds[] = {
 	{CMD_BOOT_FROM,         "BOOT_FROM",            "boot command",	  },
 	{CMD_BOOT_OFFSET,       "BOOT_OFFSET",          "Boot offset",	  },
 	{CMD_DATA,              "DATA",                 "Reg Write Data", },
+	{CMD_CSF,               "CSF",           "Command Sequence File", },
 	{CMD_IMAGE_VERSION,     "IMAGE_VERSION",        "image version",  },
 	{-1,                    "",                     "",	          },
 };
@@ -86,12 +87,14 @@ static uint32_t imximage_version;
 static uint32_t imximage_ivt_offset;
 /* Initial Load Region Size */
 static uint32_t imximage_init_loadsize;
+static uint32_t imximage_csf_size;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
 static set_imx_hdr_t set_imx_hdr;
 static uint32_t max_dcd_entries;
 static uint32_t *header_size_ptr;
+static uint32_t *csf_ptr;
 
 static uint32_t get_cfg_value(char *token, char *name,  int linenr)
 {
@@ -264,9 +267,10 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len,
 			+ offsetof(imx_header_v2_t, boot_data);
 	hdr_v2->boot_data.start = entry_point - imximage_init_loadsize;
 
-	/* Security feature are not supported */
 	fhdr_v2->csf = 0;
+
 	header_size_ptr = &hdr_v2->boot_data.size;
+	csf_ptr = &fhdr_v2->csf;
 }
 
 static void set_hdr_func(struct imx_header *imxhdr)
@@ -343,6 +347,12 @@ static void print_hdr_v2(struct imx_header *imx_hdr)
 	genimg_print_size(hdr_v2->boot_data.size);
 	printf("Load Address: %08x\n", (uint32_t)fhdr_v2->boot_data_ptr);
 	printf("Entry Point:  %08x\n", (uint32_t)fhdr_v2->entry);
+	if (fhdr_v2->csf) {
+		printf("HAB Blocks:   %08x %08x %08x\n",
+		       (uint32_t)fhdr_v2->self, 0,
+		       hdr_v2->boot_data.size - imximage_ivt_offset -
+		       imximage_csf_size);
+	}
 }
 
 static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
@@ -396,6 +406,17 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
+	case CMD_CSF:
+		if (imximage_version != 2) {
+			fprintf(stderr, "Error: %s[%d] - "
+				"CSF only supported for IMAGE_VERSION 2(%s)\n",
+				name, lineno, token);
+			exit(EXIT_FAILURE);
+		}
+		imximage_csf_size = get_cfg_value(token, name, lineno);
+		if (unlikely(cmd_ver_first != 1))
+			cmd_ver_first = 0;
+		break;
 	}
 }
 
@@ -546,6 +567,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
 	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
@@ -564,6 +586,12 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
 	*header_size_ptr = ROUND(sbuf->st_size, 4096);
+
+	if (csf_ptr && imximage_csf_size) {
+		*csf_ptr = params->ep - imximage_init_loadsize +
+			*header_size_ptr;
+		*header_size_ptr += imximage_csf_size;
+	}
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index b0305bf..4bba299 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -68,7 +68,8 @@ enum imximage_cmd {
 	CMD_IMAGE_VERSION,
 	CMD_BOOT_FROM,
 	CMD_BOOT_OFFSET,
-	CMD_DATA
+	CMD_DATA,
+	CMD_CSF,
 };
 
 enum imximage_fld_types {
-- 
1.7.9.5

[U-Boot] [PATCH v1 7/7] imx: add status reporting for HAB status

[Stefano Babic]

Add functions to report the HAB (High Assurance Boot) status
of e.g. i.MX6 CPUs.

This is taken from

git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0
cpu/arm_cortexa8/mx6/generic.c
include/asm-arm/arch-mx6/mx6_secure.h

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 arch/arm/cpu/armv7/mx6/Makefile          |    2 +-
 arch/arm/cpu/armv7/mx6/hab.c             |  127 ++++++++++++++++++++++++++++++
 arch/arm/include/asm/arch-mx6/hab.h      |   80 +++++++++++++++++++
 arch/arm/include/asm/arch-mx6/imx-regs.h |    8 +-
 4 files changed, 215 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
 create mode 100644 arch/arm/include/asm/arch-mx6/hab.h

diff --git a/arch/arm/cpu/armv7/mx6/Makefile b/arch/arm/cpu/armv7/mx6/Makefile
index 4f9ca68..7c18f43 100644
--- a/arch/arm/cpu/armv7/mx6/Makefile
+++ b/arch/arm/cpu/armv7/mx6/Makefile
@@ -27,7 +27,7 @@ include $(TOPDIR)/config.mk
 
 LIB	= $(obj)lib$(SOC).o
 
-COBJS	= soc.o clock.o
+COBJS	= soc.o clock.o hab.o
 
 SRCS	:= $(SOBJS:.o=.S) $(COBJS:.o=.c)
 OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS))
diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
new file mode 100644
index 0000000..c3c273f
--- /dev/null
+++ b/arch/arm/cpu/armv7/mx6/hab.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+
+#include <common.h>
+#include <asm/io.h>
+#if defined(CONFIG_SECURE_BOOT)
+#include <asm/arch/hab.h>
+
+#ifdef CONFIG_SECURE_BOOT
+/* -------- start of HAB API updates ------------*/
+#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT)
+#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS)
+#define hab_rvt_authenticate_image \
+	((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
+#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY)
+#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT)
+#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
+
+
+bool is_hab_enabled(void)
+{
+	struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
+	struct fuse_bank *bank = &ocotp->bank[0];
+	struct fuse_bank0_regs *fuse =
+		(struct fuse_bank0_regs *)bank->fuse_regs;
+	uint32_t reg = readl(&fuse->cfg5);
+
+	return (reg & 0x2) == 0x2;
+}
+
+
+void display_event(uint8_t *event_data, size_t bytes)
+{
+	uint32_t i;
+
+	if ((event_data) && (bytes > 0)) {
+		for (i = 0; i < bytes; i++) {
+			if (i == 0)
+				printf("\t0x%02x", event_data[i]);
+			else if ((i % 8) == 0)
+				printf("\n\t0x%02x", event_data[i]);
+			else
+				printf(" 0x%02x", event_data[i]);
+		}
+	}
+}
+
+int get_hab_status(void)
+{
+	uint32_t index = 0; /* Loop index */
+	uint8_t event_data[128]; /* Event data buffer */
+	size_t bytes = sizeof(event_data); /* Event size in bytes */
+	hab_config_t config = 0;
+	hab_state_t state = 0;
+
+	if (is_hab_enabled())
+		printf("\nSecure boot enabled\n");
+	else
+		printf("\nSecure boot disabled\n");
+
+	/* Check HAB status */
+	if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
+		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+		       config, state);
+
+		/* Display HAB Error events */
+		while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
+				&bytes) == HAB_SUCCESS) {
+			printf("\n");
+			printf("--------- HAB Event %d -----------------\n",
+			       index + 1);
+			printf("event data:\n");
+			display_event(event_data, bytes);
+			printf("\n");
+			bytes = sizeof(event_data);
+			index++;
+		}
+	}
+	/* Display message if no HAB events are found */
+	else {
+		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+		       config, state);
+		printf("No HAB Events Found!\n\n");
+	}
+	return 0;
+}
+
+int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	if ((argc != 1)) {
+		cmd_usage(cmdtp);
+		return 1;
+	}
+
+	get_hab_status();
+
+	return 0;
+}
+
+U_BOOT_CMD(
+	hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
+	"display HAB status",
+	""
+);
+
+#endif
+
+#endif
diff --git a/arch/arm/include/asm/arch-mx6/hab.h b/arch/arm/include/asm/arch-mx6/hab.h
new file mode 100644
index 0000000..927c280
--- /dev/null
+++ b/arch/arm/include/asm/arch-mx6/hab.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Auto Generate file, please don't edit it
+ *
+ */
+
+#ifndef __SECURE_MX6Q_H__
+#define __SECURE_MX6Q_H__
+
+#include <linux/types.h>
+
+/* -------- start of HAB API updates ------------*/
+/* The following are taken from HAB4 SIS */
+
+/* Status definitions */
+enum hab_status {
+	HAB_STS_ANY = 0x00,
+	HAB_FAILURE = 0x33,
+	HAB_WARNING = 0x69,
+	HAB_SUCCESS = 0xf0
+} hab_status_t;
+
+/* Security Configuration definitions */
+enum hab_config {
+	HAB_CFG_RETURN = 0x33, /**< Field Return IC */
+	HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */
+	HAB_CFG_CLOSED = 0xcc /**< Secure IC */
+} hab_config_t;
+
+/* State definitions */
+enum hab_state {
+	HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */
+	HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */
+	HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */
+	HAB_STATE_TRUSTED = 0x99, /**< Trusted state */
+	HAB_STATE_SECURE = 0xaa, /**< Secure state */
+	HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */
+	HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */
+	HAB_STATE_NONE = 0xf0, /**< No security state machine */
+	HAB_STATE_MAX
+} hab_state_t;
+
+/*Function prototype description*/
+typedef hab_status_t hab_rvt_report_event_t(hab_status_t, uint32_t,
+		uint8_t* , size_t*);
+typedef hab_status_t hab_rvt_report_status_t(hab_config_t *, hab_state_t *);
+typedef hab_status_t hab_loader_callback_f_t(void**, size_t*, const void*);
+typedef hab_status_t hab_rvt_entry_t(void);
+typedef hab_status_t hab_rvt_exit_t(void);
+typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t,
+		void **, size_t *, hab_loader_callback_f_t);
+typedef void hapi_clock_init_t(void);
+
+#define HAB_RVT_REPORT_EVENT (*(uint32_t *)0x000000B4)
+#define HAB_RVT_REPORT_STATUS (*(uint32_t *)0x000000B8)
+#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)0x000000A4)
+#define HAB_RVT_ENTRY (*(uint32_t *)0x00000098)
+#define HAB_RVT_EXIT (*(uint32_t *)0x0000009C)
+#define HAB_RVT_CLOCK_INIT ((hapi_clock_init_t *)0x0000024D)
+
+#define HAB_CID_ROM 0 /**< ROM Caller ID */
+#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
+/* ----------- end of HAB API updates ------------*/
+
+#endif
diff --git a/arch/arm/include/asm/arch-mx6/imx-regs.h b/arch/arm/include/asm/arch-mx6/imx-regs.h
index 03abb2a..4a2bba9 100644
--- a/arch/arm/include/asm/arch-mx6/imx-regs.h
+++ b/arch/arm/include/asm/arch-mx6/imx-regs.h
@@ -468,7 +468,13 @@ struct fuse_bank0_regs {
 	u32	uid_low;
 	u32	rsvd1[3];
 	u32	uid_high;
-	u32	rsvd2[0x17];
+	u32	rsvd2[3];
+	u32	rsvd3[4];
+	u32	rsvd4[4];
+	u32	rsvd5[4];
+	u32	cfg5;
+	u32	rsvd6[3];
+	u32	rsvd7[4];
 };
 
 struct fuse_bank4_regs {
-- 
1.7.9.5

[U-Boot] [PATCH v1 7/7] imx: add status reporting for HAB status

[Fabio Estevam]

Hi Stefano,

On Thu, Jul 11, 2013 at 10:06 AM, Stefano Babic <sbabic@denx.de> wrote:

> --- a/arch/arm/cpu/armv7/mx6/Makefile
> +++ b/arch/arm/cpu/armv7/mx6/Makefile
> @@ -27,7 +27,7 @@ include $(TOPDIR)/config.mk
>
>  LIB    = $(obj)lib$(SOC).o

Whole series looks good.

Only a minor comment:

> -COBJS  = soc.o clock.o
> +COBJS  = soc.o clock.o hab.o

What about:

COBJS-y  += soc.o clock.o
COBJS-$(CONFIG_SECURE_BOOT)	+= hab.o

>
>  SRCS   := $(SOBJS:.o=.S) $(COBJS:.o=.c)
>  OBJS   := $(addprefix $(obj),$(SOBJS) $(COBJS))
> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
> new file mode 100644
> index 0000000..c3c273f
> --- /dev/null
> +++ b/arch/arm/cpu/armv7/mx6/hab.c
> @@ -0,0 +1,127 @@
> +/*
> + * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
> + *
> + * See file CREDITS for list of people who contributed to this
> + * project.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation; either version 2 of
> + * the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
> + * MA 02111-1307 USA
> + */
> +
> +#include <common.h>
> +#include <asm/io.h>
> +#if defined(CONFIG_SECURE_BOOT)

,and then you remove this 'if defined' ?

[U-Boot] [PATCH v1 0/7] The patchset fixes some issue in the generation of the imx image

[Otavio Salvador]

On Thu, Jul 11, 2013 at 10:06 AM, Stefano Babic <sbabic@denx.de> wrote:
> (header for Freescale's i.MX processors) to allow the usage of
> Freescale's tools to sign the u-boot image and provide a secure boot.
>
> This has nothing to do with the Secure Boot extensions implemented by
> Simon Glass, that can be in any case used to boot later a secure image.
> Freescale's secure boot ensures that a signed bootloader
> is started only if it is verified with a key that is burned into the iMX fuses.
> Documentation about the Freescale's secure process can be read from the
> AN4591, available on the Freescale's Website.
>
> The patchset allows to add to the imx Header the CSF (command Sequence File)
> generated by the tools provided by Freescale. The CSF is then simply concatenated
> to the u-boot image, making a signed bootloader, that the processor can verify
> if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
> start a bootloader that cannot be verified - further infos how to configure
> the SOC to verify the bootloader can be found in the User Manual of the specific
> SOC.
>
> Next step is to verify the kernel, that can be still done using Simon's patches for
> verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).

I didn't yet test or reviewed the patchset (will do) but I must to say
a big Thank you :-) Awesome!

--
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://projetos.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

[U-Boot] [PATCH v1 6/7] tools: add support for setting the CSF into imximage

[Wolfgang Denk]

Dear Stefano Babic,

In message <1373548001-19728-7-git-send-email-sbabic@denx.de> you wrote:
> Add support for setting the CSF (Command Sequence File) pointer
> which is used for HAB (High Assurance Boot) in the imximage by
> adding e.g.

This patch throws a checkpatch error that needs to be fixed:

WARNING: quoted string split across lines
#265: FILE: tools/imximage.c:412:
+                       fprintf(stderr, "Error: %s[%d] - "
+                               "CSF only supported for IMAGE_VERSION 2(%s)\n",


Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
"You're just jealous." "What, of an overgrown puppy  with  a  single-
figure IQ?"                      - Terry Pratchett, _Moving Pictures_

[U-Boot] [PATCH v1 0/7] The patchset fixes some issue in the generation of the imx image

[Eric Nelson]

On 07/11/2013 11:11 AM, Otavio Salvador wrote:
> On Thu, Jul 11, 2013 at 10:06 AM, Stefano Babic <sbabic@denx.de> wrote:
>>
 >> <snip>
 >>
>> Next step is to verify the kernel, that can be still done using Simon's patches for
>> verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).
>
> I didn't yet test or reviewed the patchset (will do) but I must to say
> a big Thank you :-) Awesome!
>

+1

[U-Boot] [PATCH v1 3/7] tools: dynamically allocate imx_header in imximage

[Marek Vasut]

Dear Stefano Babic,

> Change to dynamically allocate the imx_header to correctly
> allocate the IVT, Boot Data and DCD at correct locations
> depending on the boot media.
> 
> Also check that the Image Vector Table Offset + IVT +
> Boot Data + DCD <= Initial Load Region Size.
> 
> Previously struct imx_header was always 4096 bytes and was
> not dealing correctly with the Image Vector Table Offset.
> 
> Now, the memory allocation looks for e.g. SD boot like this
> 
>  Storage   u-boot.imx                             RAM
>  Device
> 
>  00000000                                         177ff000 <--------------
> 
>  00000400  00000000  d1 00 20 40 IVT.header       177ff400 <-------      |
>  00000404  00000004  00 00 80 17 IVT.entry        177ff404 -----------   |
>  00000408  00000008  00 00 00 00 IVT.reserved1    177ff408        |  |   |
>  0000040C  0000000C  2c f4 7f 17 IVT.dcd          177ff40C ------ |  |   |
>  00000410  00000010  20 f4 7f 17 IVT.boot         177ff410 ---- | |  |   |
>  00000414  00000014  00 f4 7f 17 IVT.self         177ff414 --------  |   |
>  00000418  00000018  00 00 00 00 IVT.csf          177ff418    | |    |   |
>  0000041C  0000001C  00 00 00 00 IVT.reserved2    177ff41C    | |    |   |
>  00000420  00000020  00 f0 7f 17 BootData.start   177ff420 <--- |    | ---
>  00000424  00000024  00 60 03 00 BootData.length  177ff424      |    |
>  00000428  00000028  00 00 00 00 BootData.plugin  177ff428      |    |
>  0000042C  0000002C  d2 03 30 40 DCD.header       177ff42C <-----    |
>  ...                                                                 |
>  00001000  00000c00  13 00 00 ea U-Boot Start     17800000 <----------
> 
> While at it also remove the unused #define HEADER_OFFSET.
> 
> Signed-off-by: Stefano Babic <sbabic@denx.de>
> ---
>  tools/imximage.c |   44 +++++++++++++++++++++++++++++++++++++-------
>  tools/imximage.h |   16 +++++++++++++---
>  2 files changed, 50 insertions(+), 10 deletions(-)
> 
> diff --git a/tools/imximage.c b/tools/imximage.c
> index d87e94d..984cb9b 100644
> --- a/tools/imximage.c
> +++ b/tools/imximage.c
> @@ -47,7 +47,7 @@ static table_entry_t imximage_cmds[] = {
>   * Supported Boot options for configuration file
>   * this is needed to set the correct flash offset
>   */
> -static table_entry_t imximage_bootops[] = {
> +static table_entry_t imximage_boot_offset[] = {
>  	{FLASH_OFFSET_ONENAND,	"onenand",	"OneNAND Flash",},
>  	{FLASH_OFFSET_NAND,	"nand",		"NAND Flash",	},
>  	{FLASH_OFFSET_NOR,	"nor",		"NOR Flash",	},
> @@ -58,6 +58,20 @@ static table_entry_t imximage_bootops[] = {
>  };
> 
>  /*
> + * Supported Boot options for configuration file
> + * this is needed to determine the initial load size
> + */
> +static table_entry_t imximage_boot_loadsize[] = {
> +	{FLASH_LOADSIZE_ONENAND,	"onenand",	"OneNAND Flash",},
> +	{FLASH_LOADSIZE_NAND,		"nand",		"NAND Flash",	},
> +	{FLASH_LOADSIZE_NOR,		"nor",		"NOR Flash",	},
> +	{FLASH_LOADSIZE_SATA,		"sata",		"SATA Disk",	},
> +	{FLASH_LOADSIZE_SD,		"sd",		"SD Card",	},
> +	{FLASH_LOADSIZE_SPI,		"spi",		"SPI Flash",	},
> +	{-1,				"",		"Invalid",	},
> +};
> +
> +/*
>   * IMXIMAGE version definition for i.MX chips
>   */
>  static table_entry_t imximage_versions[] = {
> @@ -70,6 +84,8 @@ static struct imx_header imximage_header;
>  static uint32_t imximage_version;
>  /* Image Vector Table Offset */
>  static uint32_t imximage_ivt_offset;
> +/* Initial Load Region Size */
> +static uint32_t imximage_init_loadsize;
> 
>  static set_dcd_val_t set_dcd_val;
>  static set_dcd_rst_t set_dcd_rst;
> @@ -211,7 +227,9 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr,
> uint32_t dcd_len, /* Set magic number */
>  	fhdr_v1->app_code_barker = APP_CODE_BARKER;
> 
> -	hdr_base = entry_point - sizeof(struct imx_header);
> +	/* TODO: check i.MX image V1 handling, for now use 'old' style */
> +	/* hdr_base = entry_point - imximage_init_loadsize + flash_offset; */

The above line should probably be removed.

[...]

> @@ -163,7 +173,7 @@ struct imx_header {
>  		imx_header_v1_t hdr_v1;
>  		imx_header_v2_t hdr_v2;
>  	} header;
> -} __attribute__((aligned(4096)));
> +};

What about the alignment, is it preserved?

Best regards,
Marek Vasut

[U-Boot] [PATCH v1 7/7] imx: add status reporting for HAB status

[Marek Vasut]

Dear Stefano Babic,

> Add functions to report the HAB (High Assurance Boot) status
> of e.g. i.MX6 CPUs.
> 
> This is taken from
> 
> git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0
> cpu/arm_cortexa8/mx6/generic.c
> include/asm-arm/arch-mx6/mx6_secure.h
> 
> Signed-off-by: Stefano Babic <sbabic@denx.de>
> ---
>  arch/arm/cpu/armv7/mx6/Makefile          |    2 +-
>  arch/arm/cpu/armv7/mx6/hab.c             |  127
> ++++++++++++++++++++++++++++++ arch/arm/include/asm/arch-mx6/hab.h      | 
>  80 +++++++++++++++++++ arch/arm/include/asm/arch-mx6/imx-regs.h |    8 +-
>  4 files changed, 215 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
>  create mode 100644 arch/arm/include/asm/arch-mx6/hab.h
> 
> diff --git a/arch/arm/cpu/armv7/mx6/Makefile
> b/arch/arm/cpu/armv7/mx6/Makefile index 4f9ca68..7c18f43 100644
> --- a/arch/arm/cpu/armv7/mx6/Makefile
> +++ b/arch/arm/cpu/armv7/mx6/Makefile
> @@ -27,7 +27,7 @@ include $(TOPDIR)/config.mk
> 
>  LIB	= $(obj)lib$(SOC).o
> 
> -COBJS	= soc.o clock.o
> +COBJS	= soc.o clock.o hab.o
> 
>  SRCS	:= $(SOBJS:.o=.S) $(COBJS:.o=.c)
>  OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS))
> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
> new file mode 100644
> index 0000000..c3c273f
> --- /dev/null
> +++ b/arch/arm/cpu/armv7/mx6/hab.c
> @@ -0,0 +1,127 @@
> +/*
> + * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
> + *
> + * See file CREDITS for list of people who contributed to this
> + * project.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation; either version 2 of
> + * the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
> + * MA 02111-1307 USA
> + */
> +
> +#include <common.h>
> +#include <asm/io.h>
> +#if defined(CONFIG_SECURE_BOOT)
> +#include <asm/arch/hab.h>
> +
> +#ifdef CONFIG_SECURE_BOOT
> +/* -------- start of HAB API updates ------------*/
> +#define hab_rvt_report_event ((hab_rvt_report_event_t
> *)HAB_RVT_REPORT_EVENT) +#define hab_rvt_report_status
> ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) +#define
> hab_rvt_authenticate_image \
> +	((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
> +#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY)
> +#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT)
> +#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
> +
> +
> +bool is_hab_enabled(void)
> +{
> +	struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
> +	struct fuse_bank *bank = &ocotp->bank[0];
> +	struct fuse_bank0_regs *fuse =
> +		(struct fuse_bank0_regs *)bank->fuse_regs;
> +	uint32_t reg = readl(&fuse->cfg5);
> +
> +	return (reg & 0x2) == 0x2;
> +}
> +
> +
> +void display_event(uint8_t *event_data, size_t bytes)
> +{
> +	uint32_t i;
> +
> +	if ((event_data) && (bytes > 0)) {

if (!<cond>)
	return;

<The loop goes here>

> +		for (i = 0; i < bytes; i++) {
> +			if (i == 0)
> +				printf("\t0x%02x", event_data[i]);
> +			else if ((i % 8) == 0)
> +				printf("\n\t0x%02x", event_data[i]);
> +			else
> +				printf(" 0x%02x", event_data[i]);
> +		}
> +	}
> +}
> +
> +int get_hab_status(void)
> +{
> +	uint32_t index = 0; /* Loop index */
> +	uint8_t event_data[128]; /* Event data buffer */
> +	size_t bytes = sizeof(event_data); /* Event size in bytes */
> +	hab_config_t config = 0;
> +	hab_state_t state = 0;
> +
> +	if (is_hab_enabled())
> +		printf("\nSecure boot enabled\n");
> +	else
> +		printf("\nSecure boot disabled\n");

Use puts() instead of printf() with no args.

Otherwise very nice ;-)

Best regards,
Marek Vasut

[U-Boot] [PATCH v1 0/7] The patchset fixes some issue in the generation of the imx image

[Eric Nelson]

Thanks Stefano,

On 07/11/2013 06:06 AM, Stefano Babic wrote:
> (header for Freescale's i.MX processors) to allow the usage of
> Freescale's tools to sign the u-boot image and provide a secure boot.
>
> This has nothing to do with the Secure Boot extensions implemented by
> Simon Glass, that can be in any case used to boot later a secure image.
> Freescale's secure boot ensures that a signed bootloader
> is started only if it is verified with a key that is burned into the iMX fuses.
> Documentation about the Freescale's secure process can be read from the
> AN4591, available on the Freescale's Website.
>
> The patchset allows to add to the imx Header the CSF (command Sequence File)
> generated by the tools provided by Freescale. The CSF is then simply concatenated
> to the u-boot image, making a signed bootloader, that the processor can verify
> if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
> start a bootloader that cannot be verified - further infos how to configure
> the SOC to verify the bootloader can be found in the User Manual of the specific
> SOC.
>
> Next step is to verify the kernel, that can be still done using Simon's patches for
> verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).
>

I compile-tested the series against all of our boards
(boundary/boundary/* and board/freescale/mx6qsabrelite).

Run-time tests (without signing) against nitrogen6s (solo)
and nitrogen6q (quad). Both ran without a hitch.

Now we need to get configured for signing and burn some fuses!

[U-Boot] [PATCH v1 7/7] imx: add status reporting for HAB status

[Stefano Babic]

Hi Fabio,

On 11/07/2013 19:17, Fabio Estevam wrote:
> Hi Stefano,
> 
> On Thu, Jul 11, 2013 at 10:06 AM, Stefano Babic <sbabic@denx.de> wrote:
> 
>> --- a/arch/arm/cpu/armv7/mx6/Makefile
>> +++ b/arch/arm/cpu/armv7/mx6/Makefile
>> @@ -27,7 +27,7 @@ include $(TOPDIR)/config.mk
>>
>>  LIB    = $(obj)lib$(SOC).o
> 
> Whole series looks good.
> 
> Only a minor comment:
> 
>> -COBJS  = soc.o clock.o
>> +COBJS  = soc.o clock.o hab.o
> 
> What about:
> 
> COBJS-y  += soc.o clock.o
> COBJS-$(CONFIG_SECURE_BOOT)	+= hab.o

Correct, fix in V2.


> 
> ,and then you remove this 'if defined' ?
> 

Agree.

Best regards,
Stefano

-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v1 7/7] imx: add status reporting for HAB status

[Stefano Babic]

Hi Marek,

On 11/07/2013 20:31, Marek Vasut wrote:
>> +void display_event(uint8_t *event_data, size_t bytes)
>> +{
>> +	uint32_t i;
>> +
>> +	if ((event_data) && (bytes > 0)) {
> 
> if (!<cond>)
> 	return;
> 
> <The loop goes here>

Fix in V2, thanks.


>> +	if (is_hab_enabled())
>> +		printf("\nSecure boot enabled\n");
>> +	else
>> +		printf("\nSecure boot disabled\n");
> 
> Use puts() instead of printf() with no args.
> 

Right, and I will fix also other similar cases in this file.

Regards,
Stefano

-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v1 6/7] tools: add support for setting the CSF into imximage

[Stefano Babic]

Hi Wolfgang,

On 11/07/2013 20:14, Wolfgang Denk wrote:
> Dear Stefano Babic,
> 
> In message <1373548001-19728-7-git-send-email-sbabic@denx.de> you wrote:
>> Add support for setting the CSF (Command Sequence File) pointer
>> which is used for HAB (High Assurance Boot) in the imximage by
>> adding e.g.
> 
> This patch throws a checkpatch error that needs to be fixed:
> 
> WARNING: quoted string split across lines
> #265: FILE: tools/imximage.c:412:
> +                       fprintf(stderr, "Error: %s[%d] - "
> +                               "CSF only supported for IMAGE_VERSION 2(%s)\n",

Fixed in V2.

Best regards,
Stefano Babic


-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Stefano Babic]

(header for Freescale's i.MX processors) to allow the usage of
Freescale's tools to sign the u-boot image and provide a secure boot.

This has nothing to do with the Secure Boot extensions implemented by
Simon Glass, that can be in any case used to boot later a secure image.
Freescale's secure boot ensures that a signed bootloader
is started only if it is verified with a key that is burned into the iMX fuses.
Documentation about the Freescale's secure process can be read from the
AN4591, available on the Freescale's Website.

The patchset allows to add to the imx Header the CSF (command Sequence File)
generated by the tools provided by Freescale. The CSF is then simply concatenated
to the u-boot image, making a signed bootloader, that the processor can verify
if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
start a bootloader that cannot be verified - further infos how to configure
the SOC to verify the bootloader can be found in the User Manual of the specific
SOC.

Next step is to verify the kernel, that can be still done using Simon's patches for
verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).


Changes in v2:
- drop dead code (Marek Vasut)
- Fix errors when SECURE_BOOT is selected due to enum
- simplify display_event code (Marek Vasut)
- compile hab code only if SECURE_BOOT is set (Fabio Estevam)
- update licence with SPDX line according to new rules.

Stefano Babic (7):
  tools: imx_header should not include flash_offset
  tools: rename mximage_flash_offset to imximage_ivt_offset
  tools: dynamically allocate imx_header in imximage
  tools: add variable padding of data image in mkimage
  tools: add padding of data image file for imximage
  tools: add support for setting the CSF into imximage
  imx: add status reporting for HAB status

 arch/arm/cpu/armv7/mx6/Makefile          |    7 +-
 arch/arm/cpu/armv7/mx6/hab.c             |  104 ++++++++++++++++++
 arch/arm/include/asm/arch-mx6/hab.h      |   67 ++++++++++++
 arch/arm/include/asm/arch-mx6/imx-regs.h |    8 +-
 doc/README.imximage                      |   18 +++-
 doc/README.mxc_hab                       |   48 +++++++++
 tools/imximage.c                         |  174 +++++++++++++++++++++++++++---
 tools/imximage.h                         |   20 +++-
 tools/mkimage.c                          |   24 ++++-
 tools/mkimage.h                          |    5 +-
 10 files changed, 444 insertions(+), 31 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
 create mode 100644 arch/arm/include/asm/arch-mx6/hab.h
 create mode 100644 doc/README.mxc_hab

-- 
1.7.9.5

[U-Boot] [PATCH v2 1/7] tools: imx_header should not include flash_offset

[Stefano Babic]

Doing a  make distclean; make mx6qsabresd_config; make
and      hexdump -C u-boot.imx | less

 ...
 00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 000003f0  00 00 00 00 00 00 00 00  00 00 00 00 00 04 00 00  |................|
                                                ^^^^^^^^^^^
 00000400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...?.?.?.?.?.?.?|
 ...

shows the flash_offset value being written into the final
generated image, wich is not correct.

Instead create flash_offset as static variable such that the
generated image is "clean".

 00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...?.?.?.?.?.?.?|

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v2: None

 tools/imximage.c |   15 ++++++++-------
 tools/imximage.h |    1 -
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index c8a9ad5..a347b9b 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -52,6 +52,7 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
+static uint32_t imximage_flash_offset;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -327,9 +328,9 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imxhdr->flash_offset = get_table_entry_id(imximage_bootops,
+		imximage_flash_offset = get_table_entry_id(imximage_bootops,
 					"imximage boot option", token);
-		if (imxhdr->flash_offset == -1) {
+		if (imximage_flash_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
@@ -338,7 +339,7 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 			cmd_ver_first = 0;
 		break;
 	case CMD_BOOT_OFFSET:
-		imxhdr->flash_offset = get_cfg_value(token, name, lineno);
+		imximage_flash_offset = get_cfg_value(token, name, lineno);
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -439,7 +440,7 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 	fclose(fd);
 
 	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
-	if (imxhdr->flash_offset == FLASH_OFFSET_UNDEFINED) {
+	if (imximage_flash_offset == FLASH_OFFSET_UNDEFINED) {
 		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
 		exit(EXIT_FAILURE);
 	}
@@ -497,14 +498,14 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 */
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
-	imxhdr->flash_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_flash_offset = FLASH_OFFSET_UNDEFINED;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
 	dcd_len = parse_cfg_file(imxhdr, params->imagename);
 
 	/* Set the imx header */
-	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imxhdr->flash_offset);
+	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_flash_offset);
 
 	/*
 	 * ROM bug alert
@@ -515,7 +516,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imxhdr->flash_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size + imximage_flash_offset, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index 214187b..ec629a5 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -147,7 +147,6 @@ struct imx_header {
 		imx_header_v1_t hdr_v1;
 		imx_header_v2_t hdr_v2;
 	} header;
-	uint32_t flash_offset;
 } __attribute__((aligned(4096)));
 
 typedef void (*set_dcd_val_t)(struct imx_header *imxhdr,
-- 
1.7.9.5

[U-Boot] [PATCH v2 2/7] tools: rename mximage_flash_offset to imximage_ivt_offset

[Stefano Babic]

This better reflects the naming from the Reference Manual
as well as fits better since "flash" is not really applicabe
for SATA.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
Changes in v2: None

 tools/imximage.c |   17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index a347b9b..494446e 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -52,7 +52,8 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
-static uint32_t imximage_flash_offset;
+/* Image Vector Table Offset */
+static uint32_t imximage_ivt_offset;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -328,9 +329,9 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imximage_flash_offset = get_table_entry_id(imximage_bootops,
+		imximage_ivt_offset = get_table_entry_id(imximage_bootops,
 					"imximage boot option", token);
-		if (imximage_flash_offset == -1) {
+		if (imximage_ivt_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
@@ -339,7 +340,7 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 			cmd_ver_first = 0;
 		break;
 	case CMD_BOOT_OFFSET:
-		imximage_flash_offset = get_cfg_value(token, name, lineno);
+		imximage_ivt_offset = get_cfg_value(token, name, lineno);
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -440,7 +441,7 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 	fclose(fd);
 
 	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
-	if (imximage_flash_offset == FLASH_OFFSET_UNDEFINED) {
+	if (imximage_ivt_offset == FLASH_OFFSET_UNDEFINED) {
 		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
 		exit(EXIT_FAILURE);
 	}
@@ -498,14 +499,14 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 */
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
-	imximage_flash_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
 	dcd_len = parse_cfg_file(imxhdr, params->imagename);
 
 	/* Set the imx header */
-	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_flash_offset);
+	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_ivt_offset);
 
 	/*
 	 * ROM bug alert
@@ -516,7 +517,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imximage_flash_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size + imximage_ivt_offset, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
-- 
1.7.9.5

[U-Boot] [PATCH v2 3/7] tools: dynamically allocate imx_header in imximage

[Stefano Babic]

Change to dynamically allocate the imx_header to correctly
allocate the IVT, Boot Data and DCD at correct locations
depending on the boot media.

Also check that the Image Vector Table Offset + IVT +
Boot Data + DCD <= Initial Load Region Size.

Previously struct imx_header was always 4096 bytes and was
not dealing correctly with the Image Vector Table Offset.

Now, the memory allocation looks for e.g. SD boot like this

 Storage   u-boot.imx                             RAM
 Device

 00000000                                         177ff000 <--------------
                                                                         |
 00000400  00000000  d1 00 20 40 IVT.header       177ff400 <-------      |
 00000404  00000004  00 00 80 17 IVT.entry        177ff404 -----------   |
 00000408  00000008  00 00 00 00 IVT.reserved1    177ff408        |  |   |
 0000040C  0000000C  2c f4 7f 17 IVT.dcd          177ff40C ------ |  |   |
 00000410  00000010  20 f4 7f 17 IVT.boot         177ff410 ---- | |  |   |
 00000414  00000014  00 f4 7f 17 IVT.self         177ff414 --------  |   |
 00000418  00000018  00 00 00 00 IVT.csf          177ff418    | |    |   |
 0000041C  0000001C  00 00 00 00 IVT.reserved2    177ff41C    | |    |   |
 00000420  00000020  00 f0 7f 17 BootData.start   177ff420 <--- |    | ---
 00000424  00000024  00 60 03 00 BootData.length  177ff424      |    |
 00000428  00000028  00 00 00 00 BootData.plugin  177ff428      |    |
 0000042C  0000002C  d2 03 30 40 DCD.header       177ff42C <-----    |
 ...                                                                 |
 00001000  00000c00  13 00 00 ea U-Boot Start     17800000 <----------

While at it also remove the unused #define HEADER_OFFSET.

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v2:
- drop dead code (Marek Vasut)

 tools/imximage.c |   43 ++++++++++++++++++++++++++++++++++++-------
 tools/imximage.h |   16 +++++++++++++---
 2 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 494446e..2b4909e 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -31,7 +31,7 @@ static table_entry_t imximage_cmds[] = {
  * Supported Boot options for configuration file
  * this is needed to set the correct flash offset
  */
-static table_entry_t imximage_bootops[] = {
+static table_entry_t imximage_boot_offset[] = {
 	{FLASH_OFFSET_ONENAND,	"onenand",	"OneNAND Flash",},
 	{FLASH_OFFSET_NAND,	"nand",		"NAND Flash",	},
 	{FLASH_OFFSET_NOR,	"nor",		"NOR Flash",	},
@@ -42,6 +42,20 @@ static table_entry_t imximage_bootops[] = {
 };
 
 /*
+ * Supported Boot options for configuration file
+ * this is needed to determine the initial load size
+ */
+static table_entry_t imximage_boot_loadsize[] = {
+	{FLASH_LOADSIZE_ONENAND,	"onenand",	"OneNAND Flash",},
+	{FLASH_LOADSIZE_NAND,		"nand",		"NAND Flash",	},
+	{FLASH_LOADSIZE_NOR,		"nor",		"NOR Flash",	},
+	{FLASH_LOADSIZE_SATA,		"sata",		"SATA Disk",	},
+	{FLASH_LOADSIZE_SD,		"sd",		"SD Card",	},
+	{FLASH_LOADSIZE_SPI,		"spi",		"SPI Flash",	},
+	{-1,				"",		"Invalid",	},
+};
+
+/*
  * IMXIMAGE version definition for i.MX chips
  */
 static table_entry_t imximage_versions[] = {
@@ -54,6 +68,8 @@ static struct imx_header imximage_header;
 static uint32_t imximage_version;
 /* Image Vector Table Offset */
 static uint32_t imximage_ivt_offset;
+/* Initial Load Region Size */
+static uint32_t imximage_init_loadsize;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -195,7 +211,8 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len,
 	/* Set magic number */
 	fhdr_v1->app_code_barker = APP_CODE_BARKER;
 
-	hdr_base = entry_point - sizeof(struct imx_header);
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	hdr_base = entry_point - 4096;
 	fhdr_v1->app_dest_ptr = hdr_base - flash_offset;
 	fhdr_v1->app_code_jump_vector = entry_point;
 
@@ -222,12 +239,13 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len,
 
 	fhdr_v2->entry = entry_point;
 	fhdr_v2->reserved1 = fhdr_v2->reserved2 = 0;
-	fhdr_v2->self = hdr_base = entry_point - sizeof(struct imx_header);
-
+	hdr_base = entry_point - imximage_init_loadsize +
+		flash_offset;
+	fhdr_v2->self = hdr_base;
 	fhdr_v2->dcd_ptr = hdr_base + offsetof(imx_header_v2_t, dcd_table);
 	fhdr_v2->boot_data_ptr = hdr_base
 			+ offsetof(imx_header_v2_t, boot_data);
-	hdr_v2->boot_data.start = hdr_base - flash_offset;
+	hdr_v2->boot_data.start = entry_point - imximage_init_loadsize;
 
 	/* Security feature are not supported */
 	fhdr_v2->csf = 0;
@@ -329,13 +347,24 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imximage_ivt_offset = get_table_entry_id(imximage_bootops,
+		imximage_ivt_offset = get_table_entry_id(imximage_boot_offset,
 					"imximage boot option", token);
 		if (imximage_ivt_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
 		}
+
+		imximage_init_loadsize =
+			get_table_entry_id(imximage_boot_loadsize,
+					   "imximage boot option", token);
+
+		if (imximage_init_loadsize == -1) {
+			fprintf(stderr,
+				"Error: %s[%d] -Invalid boot device(%s)\n",
+				name, lineno, token);
+			exit(EXIT_FAILURE);
+		}
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -517,7 +546,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imximage_ivt_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index ec629a5..bb04a43 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -13,14 +13,14 @@
 #define APP_CODE_BARKER	0xB1
 #define DCD_BARKER	0xB17219E9
 
-#define HEADER_OFFSET	0x400
-
 /*
  * NOTE: This file must be kept in sync with arch/arm/include/asm/\
  *       imx-common/imximage.cfg because tools/imximage.c can not
  *       cross-include headers from arch/arm/ and vice-versa.
  */
 #define CMD_DATA_STR	"DATA"
+
+/* Initial Vector Table Offset */
 #define FLASH_OFFSET_UNDEFINED	0xFFFFFFFF
 #define FLASH_OFFSET_STANDARD	0x400
 #define FLASH_OFFSET_NAND	FLASH_OFFSET_STANDARD
@@ -30,6 +30,16 @@
 #define FLASH_OFFSET_NOR	0x1000
 #define FLASH_OFFSET_SATA	FLASH_OFFSET_STANDARD
 
+/* Initial Load Region Size */
+#define FLASH_LOADSIZE_UNDEFINED	0xFFFFFFFF
+#define FLASH_LOADSIZE_STANDARD		0x1000
+#define FLASH_LOADSIZE_NAND		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_SD		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_SPI		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_ONENAND		0x400
+#define FLASH_LOADSIZE_NOR		0x0 /* entire image */
+#define FLASH_LOADSIZE_SATA		FLASH_LOADSIZE_STANDARD
+
 #define IVT_HEADER_TAG 0xD1
 #define IVT_VERSION 0x40
 #define DCD_HEADER_TAG 0xD2
@@ -147,7 +157,7 @@ struct imx_header {
 		imx_header_v1_t hdr_v1;
 		imx_header_v2_t hdr_v2;
 	} header;
-} __attribute__((aligned(4096)));
+};
 
 typedef void (*set_dcd_val_t)(struct imx_header *imxhdr,
 					char *name, int lineno,
-- 
1.7.9.5

[U-Boot] [PATCH v2 4/7] tools: add variable padding of data image in mkimage

[Stefano Babic]

Use previously unused return value of function vrec_header
to return a padding size to generic mkimage. This padding
size is used in copy_files to pad with zeros after copying
the data image.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
Changes in v2: None

 tools/mkimage.c |   24 +++++++++++++++++++++---
 tools/mkimage.h |    5 ++++-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/tools/mkimage.c b/tools/mkimage.c
index b700b9e..58d25fa 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -137,6 +137,7 @@ main (int argc, char **argv)
 	char *ptr;
 	int retval = 0;
 	struct image_type_params *tparams = NULL;
+	int pad_len = 0;
 
 	/* Init Freescale PBL Boot image generation/list support */
 	init_pbl_image_type();
@@ -391,7 +392,7 @@ NXTARG:		;
 	 * allocate memory for the header itself.
 	 */
 	if (tparams->vrec_header)
-		tparams->vrec_header(&params, tparams);
+		pad_len = tparams->vrec_header(&params, tparams);
 	else
 		memset(tparams->hdr, 0, tparams->header_size);
 
@@ -463,7 +464,7 @@ NXTARG:		;
 			/* PBL has special Image format, implements its' own */
 			pbl_load_uboot(ifd, &params);
 		} else {
-			copy_file (ifd, params.datafile, 0);
+			copy_file(ifd, params.datafile, pad_len);
 		}
 	}
 
@@ -537,10 +538,19 @@ copy_file (int ifd, const char *datafile, int pad)
 	unsigned char *ptr;
 	int tail;
 	int zero = 0;
+	uint8_t zeros[4096];
 	int offset = 0;
 	int size;
 	struct image_type_params *tparams = mkimage_get_type (params.type);
 
+	if (pad >= sizeof(zeros)) {
+		fprintf(stderr, "%s: Can't pad to %d\n",
+			params.cmdname, pad);
+		exit(EXIT_FAILURE);
+	}
+
+	memset(zeros, 0, sizeof(zeros));
+
 	if (params.vflag) {
 		fprintf (stderr, "Adding Image %s\n", datafile);
 	}
@@ -598,7 +608,8 @@ copy_file (int ifd, const char *datafile, int pad)
 		exit (EXIT_FAILURE);
 	}
 
-	if (pad && ((tail = size % 4) != 0)) {
+	tail = size % 4;
+	if ((pad == 1) && (tail != 0)) {
 
 		if (write(ifd, (char *)&zero, 4-tail) != 4-tail) {
 			fprintf (stderr, "%s: Write error on %s: %s\n",
@@ -606,6 +617,13 @@ copy_file (int ifd, const char *datafile, int pad)
 				strerror(errno));
 			exit (EXIT_FAILURE);
 		}
+	} else if (pad > 1) {
+		if (write(ifd, (char *)&zeros, pad) != pad) {
+			fprintf(stderr, "%s: Write error on %s: %s\n",
+				params.cmdname, params.imagefile,
+				strerror(errno));
+			exit(EXIT_FAILURE);
+		}
 	}
 
 	(void) munmap((void *)ptr, sbuf.st_size);
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 950e190..ecb3032 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -132,7 +132,10 @@ struct image_type_params {
 	/*
 	 * This callback function will be executed for variable size record
 	 * It is expected to build this header in memory and return its length
-	 * and a pointer to it
+	 * and a pointer to it by using image_type_params.header_size and
+	 * image_type_params.hdr. The return value shall indicate if an
+	 * additional padding should be used when copying the data image
+	 * by returning the padding length.
 	 */
 	int (*vrec_header) (struct mkimage_params *,
 		struct image_type_params *);
-- 
1.7.9.5

[U-Boot] [PATCH v2 5/7] tools: add padding of data image file for imximage

[Stefano Babic]

Implement function vrec_header to be able to pad the final
data image file according the what has been calculated for
boot_data.length.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
Changes in v2: None

 tools/imximage.c |   82 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 80 insertions(+), 2 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 2b4909e..5981625 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -571,18 +571,96 @@ int imximage_check_params(struct mkimage_params *params)
 		(params->xflag) || !(strlen(params->imagename));
 }
 
+static int imximage_generate(struct mkimage_params *params,
+	struct image_type_params *tparams)
+{
+	struct imx_header *imxhdr;
+	size_t alloc_len;
+	int dfd;
+	struct stat sbuf;
+	char *datafile = params->datafile;
+	uint32_t pad_len;
+
+	memset(&imximage_header, 0, sizeof(imximage_header));
+
+	/*
+	 * In order to not change the old imx cfg file
+	 * by adding VERSION command into it, here need
+	 * set up function ptr group to V1 by default.
+	 */
+	imximage_version = IMXIMAGE_V1;
+	/* Be able to detect if the cfg file has no BOOT_FROM tag */
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
+	set_hdr_func(imxhdr);
+
+	/* Parse dcd configuration file */
+	parse_cfg_file(&imximage_header, params->imagename);
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		alloc_len = 4096;
+	else
+		alloc_len = imximage_init_loadsize - imximage_ivt_offset;
+
+	if (alloc_len < sizeof(struct imx_header)) {
+		fprintf(stderr, "%s: header error\n",
+			params->cmdname);
+		exit(EXIT_FAILURE);
+	}
+
+	imxhdr = malloc(alloc_len);
+
+	if (!imxhdr) {
+		fprintf(stderr, "%s: malloc return failure: %s\n",
+			params->cmdname, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	memset(imxhdr, 0, alloc_len);
+
+	tparams->header_size = alloc_len;
+	tparams->hdr         = imxhdr;
+
+	/* determine data image file length */
+	dfd = open(datafile, O_RDONLY|O_BINARY);
+	if (dfd < 0) {
+		fprintf(stderr, "%s: Can't open %s: %s\n",
+			params->cmdname, datafile, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	if (fstat(dfd, &sbuf) < 0) {
+		fprintf(stderr, "%s: Can't stat %s: %s\n",
+			params->cmdname, datafile, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	pad_len = ROUND(sbuf.st_size, 4096) - sbuf.st_size;
+
+	close(dfd);
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		return 0;
+	else
+		return pad_len;
+}
+
+
 /*
  * imximage parameters
  */
 static struct image_type_params imximage_params = {
 	.name		= "Freescale i.MX Boot Image support",
-	.header_size	= sizeof(struct imx_header),
-	.hdr		= (void *)&imximage_header,
+	.header_size	= 0,
+	.hdr		= NULL,
 	.check_image_type = imximage_check_image_types,
 	.verify_header	= imximage_verify_header,
 	.print_header	= imximage_print_header,
 	.set_header	= imximage_set_header,
 	.check_params	= imximage_check_params,
+	.vrec_header	= imximage_generate,
 };
 
 void init_imx_image_type(void)
-- 
1.7.9.5

[U-Boot] [PATCH v2 6/7] tools: add support for setting the CSF into imximage

[Stefano Babic]

Add support for setting the CSF (Command Sequence File) pointer
which is used for HAB (High Assurance Boot) in the imximage by
adding e.g.

CSF 0x2000

in the imximage.cfg file.

This will set the CSF pointer accordingly just after the padded
data image area. The boot_data.length is adjusted with the
value from the imximage.cfg config file.

The resulting u-boot.imx can be signed with the FSL HAB tooling.
The generated CSF block needs to be appended to the u-boot.imx.

Signed-off-by: Stefano Babic <sbabic@denx.de>

Series-changes : 2
- checkpatch warning
- do not output HAB values when csf values are not defined by cfg
---
Changes in v2: None

 doc/README.imximage |   18 +++++++++++++++---
 doc/README.mxc_hab  |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 tools/imximage.c    |   41 ++++++++++++++++++++++++++++++++++++++---
 tools/imximage.h    |    3 ++-
 4 files changed, 103 insertions(+), 7 deletions(-)
 create mode 100644 doc/README.mxc_hab

diff --git a/doc/README.imximage b/doc/README.imximage
index 802eb90..c10684f 100644
--- a/doc/README.imximage
+++ b/doc/README.imximage
@@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type.
 For more details refer Chapter 2 - System Boot and section 2.14
 (flash header description) of the processor's manual.
 
-This implementation does not use at the moment the secure boot feature
-of the processor. The image is generated disabling all security fields.
-
 Command syntax:
 --------------
 ./tools/mkimage -l <mx u-boot_file>
@@ -86,6 +83,21 @@ Configuration command line syntax:
 				Example:
 				BOOT_FROM spi
 
+	CSF			value
+
+				Total size of CSF (Command Sequence File)
+				used for Secure Boot/ High Assurance Boot
+				(HAB).
+
+				Using this command will populate the IVT
+				(Initial Vector Table) CSF pointer and adjust
+				the length fields only. The CSF itself needs
+				to be generated with Freescale tools and
+				'manually' appended to the u-boot.imx file.
+
+				Example:
+				CSF 0x2000
+
 	DATA			type address value
 
 				type: word=4, halfword=2, byte=1
diff --git a/doc/README.mxc_hab b/doc/README.mxc_hab
new file mode 100644
index 0000000..97f8b7d
--- /dev/null
+++ b/doc/README.mxc_hab
@@ -0,0 +1,48 @@
+High Assurance Boot (HAB) for i.MX6 CPUs
+
+To authenticate U-Boot only by the CPU there is no code required in
+U-Boot itself. However, the U-Boot image to be programmed into the
+boot media needs to be properly constructed, i.e. it must contain a
+proper Command Sequence File (CSF).
+
+The Initial Vector Table contains a pointer to the CSF. Please see
+doc/README.imximage for how to prepare u-boot.imx.
+
+The CSF itself is being generated by Freescale HAB tools.
+
+mkimage will output additional information about "HAB Blocks"
+which can be used in the Freescale tooling to authenticate U-Boot
+(entries in the CSF file).
+
+Image Type:   Freescale IMX Boot Image
+Image Ver:    2 (i.MX53/6 compatible)
+Data Size:    327680 Bytes = 320.00 kB = 0.31 MB
+Load Address: 177ff420
+Entry Point:  17800000
+HAB Blocks:   177ff400 00000000 0004dc00
+              ^^^^^^^^ ^^^^^^^^ ^^^^^^^^
+		|	|	   |
+		|	|	   -------- (1)
+		|	|
+		|	------------------- (2)
+		|
+		--------------------------- (3)
+
+(1)	Size of area in file u-boot.imx to sign
+	This area should include the IVT, the Boot Data the DCD
+	and U-Boot itself.
+(2)	Start of area in u-boot.imx to sign
+(3)	Start of area in RAM to authenticate
+
+CONFIG_SECURE_BOOT currently enables only an additional command
+'hab_status' in U-Boot to retrieve the HAB status and events. This
+can be useful while developing and testing HAB.
+
+Commands to generate a signed U-Boot using Freescale HAB tools:
+cst --o U-Boot_CSF.bin < U-Boot.CSF
+objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0x00 \
+	U-Boot_CSF.bin U-Boot_CSF_pad.bin
+cat u-boot.imx U-Boot_CSF_pad.bin > u-boot-signed.imx
+
+NOTE: U-Boot_CSF.bin needs to be padded to the value specified in
+the imximage.cfg file.
diff --git a/tools/imximage.c b/tools/imximage.c
index 5981625..50fe22c 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -16,6 +16,8 @@
 #include <image.h>
 #include "imximage.h"
 
+#define UNDEFINED 0xFFFFFFFF
+
 /*
  * Supported commands for configuration file
  */
@@ -23,6 +25,7 @@ static table_entry_t imximage_cmds[] = {
 	{CMD_BOOT_FROM,         "BOOT_FROM",            "boot command",	  },
 	{CMD_BOOT_OFFSET,       "BOOT_OFFSET",          "Boot offset",	  },
 	{CMD_DATA,              "DATA",                 "Reg Write Data", },
+	{CMD_CSF,               "CSF",           "Command Sequence File", },
 	{CMD_IMAGE_VERSION,     "IMAGE_VERSION",        "image version",  },
 	{-1,                    "",                     "",	          },
 };
@@ -66,8 +69,13 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
-/* Image Vector Table Offset */
-static uint32_t imximage_ivt_offset;
+/*
+ * Image Vector Table Offset
+ * Initialized to a wrong not 4-bytes aligned address to
+ * check if it is was set by the cfg file.
+ */
+static uint32_t imximage_ivt_offset = UNDEFINED;
+static uint32_t imximage_csf_size = UNDEFINED;
 /* Initial Load Region Size */
 static uint32_t imximage_init_loadsize;
 
@@ -76,6 +84,7 @@ static set_dcd_rst_t set_dcd_rst;
 static set_imx_hdr_t set_imx_hdr;
 static uint32_t max_dcd_entries;
 static uint32_t *header_size_ptr;
+static uint32_t *csf_ptr;
 
 static uint32_t get_cfg_value(char *token, char *name,  int linenr)
 {
@@ -247,9 +256,10 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len,
 			+ offsetof(imx_header_v2_t, boot_data);
 	hdr_v2->boot_data.start = entry_point - imximage_init_loadsize;
 
-	/* Security feature are not supported */
 	fhdr_v2->csf = 0;
+
 	header_size_ptr = &hdr_v2->boot_data.size;
+	csf_ptr = &fhdr_v2->csf;
 }
 
 static void set_hdr_func(struct imx_header *imxhdr)
@@ -326,6 +336,13 @@ static void print_hdr_v2(struct imx_header *imx_hdr)
 	genimg_print_size(hdr_v2->boot_data.size);
 	printf("Load Address: %08x\n", (uint32_t)fhdr_v2->boot_data_ptr);
 	printf("Entry Point:  %08x\n", (uint32_t)fhdr_v2->entry);
+	if (fhdr_v2->csf && (imximage_ivt_offset != UNDEFINED) &&
+	    (imximage_csf_size != UNDEFINED)) {
+		printf("HAB Blocks:   %08x %08x %08x\n",
+		       (uint32_t)fhdr_v2->self, 0,
+		       hdr_v2->boot_data.size - imximage_ivt_offset -
+		       imximage_csf_size);
+	}
 }
 
 static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
@@ -379,6 +396,17 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
+	case CMD_CSF:
+		if (imximage_version != 2) {
+			fprintf(stderr,
+				"Error: %s[%d] - CSF only supported for VERSION 2(%s)\n",
+				name, lineno, token);
+			exit(EXIT_FAILURE);
+		}
+		imximage_csf_size = get_cfg_value(token, name, lineno);
+		if (unlikely(cmd_ver_first != 1))
+			cmd_ver_first = 0;
+		break;
 	}
 }
 
@@ -529,6 +557,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
 	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
@@ -547,6 +576,12 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
 	*header_size_ptr = ROUND(sbuf->st_size, 4096);
+
+	if (csf_ptr && imximage_csf_size) {
+		*csf_ptr = params->ep - imximage_init_loadsize +
+			*header_size_ptr;
+		*header_size_ptr += imximage_csf_size;
+	}
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index bb04a43..efe6a88 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -52,7 +52,8 @@ enum imximage_cmd {
 	CMD_IMAGE_VERSION,
 	CMD_BOOT_FROM,
 	CMD_BOOT_OFFSET,
-	CMD_DATA
+	CMD_DATA,
+	CMD_CSF,
 };
 
 enum imximage_fld_types {
-- 
1.7.9.5

[U-Boot] [PATCH v2 7/7] imx: add status reporting for HAB status

[Stefano Babic]

Add functions to report the HAB (High Assurance Boot) status
of e.g. i.MX6 CPUs.

This is taken from

git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0
cpu/arm_cortexa8/mx6/generic.c
include/asm-arm/arch-mx6/mx6_secure.h

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v2:
- Fix errors when SECURE_BOOT is selected due to enum
- simplify display_event code (Marek Vasut)
- compile hab code only if SECURE_BOOT is set (Fabio Estevam)
- update licence with SPDX line according to new rules.

 arch/arm/cpu/armv7/mx6/Makefile          |    7 +-
 arch/arm/cpu/armv7/mx6/hab.c             |  104 ++++++++++++++++++++++++++++++
 arch/arm/include/asm/arch-mx6/hab.h      |   67 +++++++++++++++++++
 arch/arm/include/asm/arch-mx6/imx-regs.h |    8 ++-
 4 files changed, 182 insertions(+), 4 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
 create mode 100644 arch/arm/include/asm/arch-mx6/hab.h

diff --git a/arch/arm/cpu/armv7/mx6/Makefile b/arch/arm/cpu/armv7/mx6/Makefile
index c5e9858..6d73617 100644
--- a/arch/arm/cpu/armv7/mx6/Makefile
+++ b/arch/arm/cpu/armv7/mx6/Makefile
@@ -11,10 +11,11 @@ include $(TOPDIR)/config.mk
 
 LIB	= $(obj)lib$(SOC).o
 
-COBJS	= soc.o clock.o
+COBJS-y	= soc.o clock.o
+COBJS-$(CONFIG_SECURE_BOOT)	+= hab.o
 
-SRCS	:= $(SOBJS:.o=.S) $(COBJS:.o=.c)
-OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS))
+SRCS	:= $(SOBJS:.o=.S) $(COBJS-y:.o=.c)
+OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS-y))
 
 all:	$(obj).depend $(LIB)
 
diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
new file mode 100644
index 0000000..5187775
--- /dev/null
+++ b/arch/arm/cpu/armv7/mx6/hab.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:    GPL-2.0+
+ */
+
+#include <common.h>
+#include <asm/io.h>
+#include <asm/arch/hab.h>
+
+/* -------- start of HAB API updates ------------*/
+#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT)
+#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS)
+#define hab_rvt_authenticate_image \
+	((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
+#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY)
+#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT)
+#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
+
+bool is_hab_enabled(void)
+{
+	struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
+	struct fuse_bank *bank = &ocotp->bank[0];
+	struct fuse_bank0_regs *fuse =
+		(struct fuse_bank0_regs *)bank->fuse_regs;
+	uint32_t reg = readl(&fuse->cfg5);
+
+	return (reg & 0x2) == 0x2;
+}
+
+void display_event(uint8_t *event_data, size_t bytes)
+{
+	uint32_t i;
+
+	if (!(event_data && bytes > 0))
+		return;
+
+	for (i = 0; i < bytes; i++) {
+		if (i == 0)
+			printf("\t0x%02x", event_data[i]);
+		else if ((i % 8) == 0)
+			printf("\n\t0x%02x", event_data[i]);
+		else
+			printf(" 0x%02x", event_data[i]);
+	}
+}
+
+int get_hab_status(void)
+{
+	uint32_t index = 0; /* Loop index */
+	uint8_t event_data[128]; /* Event data buffer */
+	size_t bytes = sizeof(event_data); /* Event size in bytes */
+	enum hab_config config = 0;
+	enum hab_state state = 0;
+
+	if (is_hab_enabled())
+		puts("\nSecure boot enabled\n");
+	else
+		puts("\nSecure boot disabled\n");
+
+	/* Check HAB status */
+	if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
+		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+		       config, state);
+
+		/* Display HAB Error events */
+		while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
+					&bytes) == HAB_SUCCESS) {
+			puts("\n");
+			printf("--------- HAB Event %d -----------------\n",
+			       index + 1);
+			puts("event data:\n");
+			display_event(event_data, bytes);
+			puts("\n");
+			bytes = sizeof(event_data);
+			index++;
+		}
+	}
+	/* Display message if no HAB events are found */
+	else {
+		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+		       config, state);
+		puts("No HAB Events Found!\n\n");
+	}
+	return 0;
+}
+
+int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	if ((argc != 1)) {
+		cmd_usage(cmdtp);
+		return 1;
+	}
+
+	get_hab_status();
+
+	return 0;
+}
+
+U_BOOT_CMD(
+		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
+		"display HAB status",
+		""
+	  );
diff --git a/arch/arm/include/asm/arch-mx6/hab.h b/arch/arm/include/asm/arch-mx6/hab.h
new file mode 100644
index 0000000..d724f20
--- /dev/null
+++ b/arch/arm/include/asm/arch-mx6/hab.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved.
+ *
+ * SPDX-License-Identifier:    GPL-2.0+
+ *
+*/
+
+#ifndef __SECURE_MX6Q_H__
+#define __SECURE_MX6Q_H__
+
+#include <linux/types.h>
+
+/* -------- start of HAB API updates ------------*/
+/* The following are taken from HAB4 SIS */
+
+/* Status definitions */
+enum hab_status {
+	HAB_STS_ANY = 0x00,
+	HAB_FAILURE = 0x33,
+	HAB_WARNING = 0x69,
+	HAB_SUCCESS = 0xf0
+};
+
+/* Security Configuration definitions */
+enum hab_config {
+	HAB_CFG_RETURN = 0x33, /**< Field Return IC */
+	HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */
+	HAB_CFG_CLOSED = 0xcc /**< Secure IC */
+};
+
+/* State definitions */
+enum hab_state {
+	HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */
+	HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */
+	HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */
+	HAB_STATE_TRUSTED = 0x99, /**< Trusted state */
+	HAB_STATE_SECURE = 0xaa, /**< Secure state */
+	HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */
+	HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */
+	HAB_STATE_NONE = 0xf0, /**< No security state machine */
+	HAB_STATE_MAX
+};
+
+/*Function prototype description*/
+typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
+		uint8_t* , size_t*);
+typedef enum hab_status hab_rvt_report_status_t(enum hab_config *,
+		enum hab_state *);
+typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*);
+typedef enum hab_status hab_rvt_entry_t(void);
+typedef enum hab_status hab_rvt_exit_t(void);
+typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t,
+		void **, size_t *, hab_loader_callback_f_t);
+typedef void hapi_clock_init_t(void);
+
+#define HAB_RVT_REPORT_EVENT (*(uint32_t *)0x000000B4)
+#define HAB_RVT_REPORT_STATUS (*(uint32_t *)0x000000B8)
+#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)0x000000A4)
+#define HAB_RVT_ENTRY (*(uint32_t *)0x00000098)
+#define HAB_RVT_EXIT (*(uint32_t *)0x0000009C)
+#define HAB_RVT_CLOCK_INIT ((hapi_clock_init_t *)0x0000024D)
+
+#define HAB_CID_ROM 0 /**< ROM Caller ID */
+#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
+/* ----------- end of HAB API updates ------------*/
+
+#endif
diff --git a/arch/arm/include/asm/arch-mx6/imx-regs.h b/arch/arm/include/asm/arch-mx6/imx-regs.h
index 5d6bccb..621919f 100644
--- a/arch/arm/include/asm/arch-mx6/imx-regs.h
+++ b/arch/arm/include/asm/arch-mx6/imx-regs.h
@@ -456,7 +456,13 @@ struct fuse_bank0_regs {
 	u32	uid_low;
 	u32	rsvd1[3];
 	u32	uid_high;
-	u32	rsvd2[0x17];
+	u32	rsvd2[3];
+	u32	rsvd3[4];
+	u32	rsvd4[4];
+	u32	rsvd5[4];
+	u32	cfg5;
+	u32	rsvd6[3];
+	u32	rsvd7[4];
 };
 
 struct fuse_bank4_regs {
-- 
1.7.9.5

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Otavio Salvador]

On Mon, Aug 12, 2013 at 11:39 AM, Stefano Babic <sbabic@denx.de> wrote:
...
> The patchset allows to add to the imx Header the CSF (command Sequence File)
> generated by the tools provided by Freescale. The CSF is then simply concatenated
> to the u-boot image, making a signed bootloader, that the processor can verify
> if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
> start a bootloader that cannot be verified - further infos how to configure
> the SOC to verify the bootloader can be found in the User Manual of the specific
> SOC.
...

Couldn't a brief 'how-to' to be added to the README and also the
pointers to the documents where this is documented?

-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://projetos.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

[U-Boot] [PATCH v2 5/7] tools: add padding of data image file for imximage

[Marek Vasut]

Dear Stefano Babic,

> Implement function vrec_header to be able to pad the final
> data image file according the what has been calculated for
> boot_data.length.
> 
> Signed-off-by: Stefano Babic <sbabic@denx.de>
> ---

[...]

> +	if (!imxhdr) {
> +		fprintf(stderr, "%s: malloc return failure: %s\n",
> +			params->cmdname, strerror(errno));
> +		exit(EXIT_FAILURE);
> +	}
> +
> +	memset(imxhdr, 0, alloc_len);
> +
> +	tparams->header_size = alloc_len;
> +	tparams->hdr         = imxhdr;
> +
> +	/* determine data image file length */

Why dont you just call stat(2) here instead of the open+fstat+close combo?

> +	dfd = open(datafile, O_RDONLY|O_BINARY);
> +	if (dfd < 0) {
> +		fprintf(stderr, "%s: Can't open %s: %s\n",
> +			params->cmdname, datafile, strerror(errno));
> +		exit(EXIT_FAILURE);
> +	}
> +
> +	if (fstat(dfd, &sbuf) < 0) {
> +		fprintf(stderr, "%s: Can't stat %s: %s\n",
> +			params->cmdname, datafile, strerror(errno));
> +		exit(EXIT_FAILURE);
> +	}
> +
> +	pad_len = ROUND(sbuf.st_size, 4096) - sbuf.st_size;
> +
> +	close(dfd);
> +
> +	/* TODO: check i.MX image V1 handling, for now use 'old' style */

[...]

Best regards,
Marek Vasut

[U-Boot] [PATCH v2 6/7] tools: add support for setting the CSF into imximage

[Bernhard Walle]

Am 12.08.13 16:39, schrieb Stefano Babic:
>  				BOOT_FROM spi
>  
> +	CSF			value
> +
> +				Total size of CSF (Command Sequence File)
> +				used for Secure Boot/ High Assurance Boot
> +				(HAB).
> +
> +				Using this command will populate the IVT
> +				(Initial Vector Table) CSF pointer and adjust
                                 ^^^^^^^^^^^^^^^^^^^^

Isn't that "Image Vector Table"?


Regards,
Bernhard

[U-Boot] [PATCH v2 5/7] tools: add padding of data image file for imximage

[Stefano Babic]

Hi Marek,

On 13/08/2013 07:10, Marek Vasut wrote:
> Dear Stefano Babic,
> 
>> Implement function vrec_header to be able to pad the final
>> data image file according the what has been calculated for
>> boot_data.length.
>>
>> Signed-off-by: Stefano Babic <sbabic@denx.de>
>> ---
> 
> [...]
> 
>> +	if (!imxhdr) {
>> +		fprintf(stderr, "%s: malloc return failure: %s\n",
>> +			params->cmdname, strerror(errno));
>> +		exit(EXIT_FAILURE);
>> +	}
>> +
>> +	memset(imxhdr, 0, alloc_len);
>> +
>> +	tparams->header_size = alloc_len;
>> +	tparams->hdr         = imxhdr;
>> +
>> +	/* determine data image file length */
> 
> Why dont you just call stat(2) here instead of the open+fstat+close combo?

Thanks, replaced in V3.

Best regards,
Stefano Babic


-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Stefano Babic]

Hio Otavio,

On 12/08/2013 17:23, Otavio Salvador wrote:
> On Mon, Aug 12, 2013 at 11:39 AM, Stefano Babic <sbabic@denx.de> wrote:
> ...
>> The patchset allows to add to the imx Header the CSF (command Sequence File)
>> generated by the tools provided by Freescale. The CSF is then simply concatenated
>> to the u-boot image, making a signed bootloader, that the processor can verify
>> if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
>> start a bootloader that cannot be verified - further infos how to configure
>> the SOC to verify the bootloader can be found in the User Manual of the specific
>> SOC.
> ...
> 
> Couldn't a brief 'how-to' to be added to the README

I do not thnk so, because it will be a duplication of documentation
already provided by the manufacturer.

> and also the
> pointers to the documents where this is documented?

Maybe I should point out in which document this stuff is covered.
Freescale can move the link (I find a link for each processor on the
Freescale's website). Something like "can be found in the "High
Assurance Boot Version Application Priogramming Interface Reference
Manual" as part of the Freescale Code Signing Tool, available on the
manufacturer's website ?"

Best regards,
Stefano Babic

-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Otavio Salvador]

On Mon, Aug 19, 2013 at 8:30 AM, Stefano Babic <sbabic@denx.de> wrote:
> Hio Otavio,
>
> On 12/08/2013 17:23, Otavio Salvador wrote:
>> On Mon, Aug 12, 2013 at 11:39 AM, Stefano Babic <sbabic@denx.de> wrote:
>> ...
>>> The patchset allows to add to the imx Header the CSF (command Sequence File)
>>> generated by the tools provided by Freescale. The CSF is then simply concatenated
>>> to the u-boot image, making a signed bootloader, that the processor can verify
>>> if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
>>> start a bootloader that cannot be verified - further infos how to configure
>>> the SOC to verify the bootloader can be found in the User Manual of the specific
>>> SOC.
>> ...
>>
>> Couldn't a brief 'how-to' to be added to the README
>
> I do not thnk so, because it will be a duplication of documentation
> already provided by the manufacturer.

Yes; ok.

>> and also the
>> pointers to the documents where this is documented?
>
> Maybe I should point out in which document this stuff is covered.
> Freescale can move the link (I find a link for each processor on the
> Freescale's website). Something like "can be found in the "High
> Assurance Boot Version Application Priogramming Interface Reference
> Manual" as part of the Freescale Code Signing Tool, available on the
> manufacturer's website ?"

Yes; this would help people to find it.

-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Tom Rini]

On Mon, Aug 12, 2013 at 04:39:27PM +0200, Stefano Babic wrote:

> (header for Freescale's i.MX processors) to allow the usage of
> Freescale's tools to sign the u-boot image and provide a secure boot.
> 
> This has nothing to do with the Secure Boot extensions implemented by
> Simon Glass, that can be in any case used to boot later a secure image.
> Freescale's secure boot ensures that a signed bootloader
> is started only if it is verified with a key that is burned into the iMX fuses.
> Documentation about the Freescale's secure process can be read from the
> AN4591, available on the Freescale's Website.

Where does Marek's patch fall in here exactly?  Should he be based on
top of yours, yours on his?  It should all go via u-boot-imx, so you'll
have to do the merging anyhow :)  And on that note, things seem as sane
as they're likley going to be, with the caveat of what you've already
said you'll v3.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20130819/7e3e599b/attachment.pgp>

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Stefano Babic]

Hi Tom,

On 19/08/2013 18:19, Tom Rini wrote:
> On Mon, Aug 12, 2013 at 04:39:27PM +0200, Stefano Babic wrote:
> 
>> (header for Freescale's i.MX processors) to allow the usage of 
>> Freescale's tools to sign the u-boot image and provide a secure
>> boot.
>> 
>> This has nothing to do with the Secure Boot extensions
>> implemented by Simon Glass, that can be in any case used to boot
>> later a secure image. Freescale's secure boot ensures that a
>> signed bootloader is started only if it is verified with a key
>> that is burned into the iMX fuses. Documentation about the
>> Freescale's secure process can be read from the AN4591, available
>> on the Freescale's Website.
> 
> Where does Marek's patch fall in here exactly?

Marek's patch is intended to add support for mxs based processor (mx23
/ mx28) and it is quite parallel to mine and I think Marek will
replace Freescale's own tool elftosb.

> Should he be based on top of yours, yours on his?  It should all go
> via u-boot-imx, so you'll have to do the merging anyhow :)

I agree - I will do the merge with Marek's patch ;-).
If there are some conflicts (I have not yet tried), I will solve them
directly with Marek.

Best regards,
Stefano

-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v3 0/7] The patchset fixes some issue in the generation of the imx image

[Stefano Babic]

(header for Freescale's i.MX processors) to allow the usage of
Freescale's tools to sign the u-boot image and provide a secure boot.

This has nothing to do with the Secure Boot extensions implemented by
Simon Glass, that can be in any case used to boot later a secure image.
Freescale's secure boot ensures that a signed bootloader
is started only if it is verified with a key that is burned into the iMX fuses.
Documentation about the Freescale's secure process can be read from the
AN4591, available on the Freescale's Website.

The patchset allows to add to the imx Header the CSF (command Sequence File)
generated by the tools provided by Freescale. The CSF is then simply concatenated
to the u-boot image, making a signed bootloader, that the processor can verify
if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not
start a bootloader that cannot be verified - further infos how to configure
the SOC to verify the bootloader can be found in the User Manual of the specific
SOC.

Next step is to verify the kernel, that can be still done using Simon's patches for
verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).


Changes in v3:
- uses stat instead of open / fstat / close (Marek Vasut)
- add info in the README where to find description
of signing process in the Freescale Website (Otavio Salvador)

Changes in v2:
- drop dead code (Marek Vasut)
- checkpatch warning
- do not output HAB values when csf values are not defined by cfg
- Fix errors when SECURE_BOOT is selected due to enum
- simplify display_event code (Marek Vasut)
- compile hab code only if SECURE_BOOT is set (Fabio Estevam)
- update licence with SPDX line according to new rules.

Stefano Babic (7):
  tools: imx_header should not include flash_offset
  tools: rename mximage_flash_offset to imximage_ivt_offset
  tools: dynamically allocate imx_header in imximage
  tools: add variable padding of data image in mkimage
  tools: add padding of data image file for imximage
  tools: add support for setting the CSF into imximage
  imx: add status reporting for HAB status

 arch/arm/cpu/armv7/mx6/Makefile          |    7 +-
 arch/arm/cpu/armv7/mx6/hab.c             |  104 +++++++++++++++++++
 arch/arm/include/asm/arch-mx6/hab.h      |   67 ++++++++++++
 arch/arm/include/asm/arch-mx6/imx-regs.h |    8 +-
 doc/README.imximage                      |   30 +++++-
 doc/README.mxc_hab                       |   48 +++++++++
 tools/imximage.c                         |  166 +++++++++++++++++++++++++++---
 tools/imximage.h                         |   20 +++-
 tools/mkimage.c                          |   24 ++++-
 tools/mkimage.h                          |    5 +-
 10 files changed, 448 insertions(+), 31 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
 create mode 100644 arch/arm/include/asm/arch-mx6/hab.h
 create mode 100644 doc/README.mxc_hab

-- 
1.7.9.5

[U-Boot] [PATCH v3 1/7] tools: imx_header should not include flash_offset

[Stefano Babic]

Doing a  make distclean; make mx6qsabresd_config; make
and      hexdump -C u-boot.imx | less

 ...
 00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 000003f0  00 00 00 00 00 00 00 00  00 00 00 00 00 04 00 00  |................|
                                                ^^^^^^^^^^^
 00000400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...?.?.?.?.?.?.?|
 ...

shows the flash_offset value being written into the final
generated image, wich is not correct.

Instead create flash_offset as static variable such that the
generated image is "clean".

 00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...?.?.?.?.?.?.?|

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v3: None
Changes in v2: None

 tools/imximage.c |   15 ++++++++-------
 tools/imximage.h |    1 -
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index c8a9ad5..a347b9b 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -52,6 +52,7 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
+static uint32_t imximage_flash_offset;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -327,9 +328,9 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imxhdr->flash_offset = get_table_entry_id(imximage_bootops,
+		imximage_flash_offset = get_table_entry_id(imximage_bootops,
 					"imximage boot option", token);
-		if (imxhdr->flash_offset == -1) {
+		if (imximage_flash_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
@@ -338,7 +339,7 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 			cmd_ver_first = 0;
 		break;
 	case CMD_BOOT_OFFSET:
-		imxhdr->flash_offset = get_cfg_value(token, name, lineno);
+		imximage_flash_offset = get_cfg_value(token, name, lineno);
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -439,7 +440,7 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 	fclose(fd);
 
 	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
-	if (imxhdr->flash_offset == FLASH_OFFSET_UNDEFINED) {
+	if (imximage_flash_offset == FLASH_OFFSET_UNDEFINED) {
 		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
 		exit(EXIT_FAILURE);
 	}
@@ -497,14 +498,14 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 */
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
-	imxhdr->flash_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_flash_offset = FLASH_OFFSET_UNDEFINED;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
 	dcd_len = parse_cfg_file(imxhdr, params->imagename);
 
 	/* Set the imx header */
-	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imxhdr->flash_offset);
+	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_flash_offset);
 
 	/*
 	 * ROM bug alert
@@ -515,7 +516,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imxhdr->flash_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size + imximage_flash_offset, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index 214187b..ec629a5 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -147,7 +147,6 @@ struct imx_header {
 		imx_header_v1_t hdr_v1;
 		imx_header_v2_t hdr_v2;
 	} header;
-	uint32_t flash_offset;
 } __attribute__((aligned(4096)));
 
 typedef void (*set_dcd_val_t)(struct imx_header *imxhdr,
-- 
1.7.9.5

[U-Boot] [PATCH v3 2/7] tools: rename mximage_flash_offset to imximage_ivt_offset

[Stefano Babic]

This better reflects the naming from the Reference Manual
as well as fits better since "flash" is not really applicabe
for SATA.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
Changes in v3: None
Changes in v2: None

 tools/imximage.c |   17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index a347b9b..494446e 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -52,7 +52,8 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
-static uint32_t imximage_flash_offset;
+/* Image Vector Table Offset */
+static uint32_t imximage_ivt_offset;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -328,9 +329,9 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imximage_flash_offset = get_table_entry_id(imximage_bootops,
+		imximage_ivt_offset = get_table_entry_id(imximage_bootops,
 					"imximage boot option", token);
-		if (imximage_flash_offset == -1) {
+		if (imximage_ivt_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
@@ -339,7 +340,7 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 			cmd_ver_first = 0;
 		break;
 	case CMD_BOOT_OFFSET:
-		imximage_flash_offset = get_cfg_value(token, name, lineno);
+		imximage_ivt_offset = get_cfg_value(token, name, lineno);
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -440,7 +441,7 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 	fclose(fd);
 
 	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
-	if (imximage_flash_offset == FLASH_OFFSET_UNDEFINED) {
+	if (imximage_ivt_offset == FLASH_OFFSET_UNDEFINED) {
 		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
 		exit(EXIT_FAILURE);
 	}
@@ -498,14 +499,14 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 */
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
-	imximage_flash_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
 	dcd_len = parse_cfg_file(imxhdr, params->imagename);
 
 	/* Set the imx header */
-	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_flash_offset);
+	(*set_imx_hdr)(imxhdr, dcd_len, params->ep, imximage_ivt_offset);
 
 	/*
 	 * ROM bug alert
@@ -516,7 +517,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imximage_flash_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size + imximage_ivt_offset, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
-- 
1.7.9.5

[U-Boot] [PATCH v3 3/7] tools: dynamically allocate imx_header in imximage

[Stefano Babic]

Change to dynamically allocate the imx_header to correctly
allocate the IVT, Boot Data and DCD at correct locations
depending on the boot media.

Also check that the Image Vector Table Offset + IVT +
Boot Data + DCD <= Initial Load Region Size.

Previously struct imx_header was always 4096 bytes and was
not dealing correctly with the Image Vector Table Offset.

Now, the memory allocation looks for e.g. SD boot like this

 Storage   u-boot.imx                             RAM
 Device

 00000000                                         177ff000 <--------------
                                                                         |
 00000400  00000000  d1 00 20 40 IVT.header       177ff400 <-------      |
 00000404  00000004  00 00 80 17 IVT.entry        177ff404 -----------   |
 00000408  00000008  00 00 00 00 IVT.reserved1    177ff408        |  |   |
 0000040C  0000000C  2c f4 7f 17 IVT.dcd          177ff40C ------ |  |   |
 00000410  00000010  20 f4 7f 17 IVT.boot         177ff410 ---- | |  |   |
 00000414  00000014  00 f4 7f 17 IVT.self         177ff414 --------  |   |
 00000418  00000018  00 00 00 00 IVT.csf          177ff418    | |    |   |
 0000041C  0000001C  00 00 00 00 IVT.reserved2    177ff41C    | |    |   |
 00000420  00000020  00 f0 7f 17 BootData.start   177ff420 <--- |    | ---
 00000424  00000024  00 60 03 00 BootData.length  177ff424      |    |
 00000428  00000028  00 00 00 00 BootData.plugin  177ff428      |    |
 0000042C  0000002C  d2 03 30 40 DCD.header       177ff42C <-----    |
 ...                                                                 |
 00001000  00000c00  13 00 00 ea U-Boot Start     17800000 <----------

While at it also remove the unused #define HEADER_OFFSET.

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v3: None
Changes in v2:
- drop dead code (Marek Vasut)

 tools/imximage.c |   43 ++++++++++++++++++++++++++++++++++++-------
 tools/imximage.h |   16 +++++++++++++---
 2 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 494446e..2b4909e 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -31,7 +31,7 @@ static table_entry_t imximage_cmds[] = {
  * Supported Boot options for configuration file
  * this is needed to set the correct flash offset
  */
-static table_entry_t imximage_bootops[] = {
+static table_entry_t imximage_boot_offset[] = {
 	{FLASH_OFFSET_ONENAND,	"onenand",	"OneNAND Flash",},
 	{FLASH_OFFSET_NAND,	"nand",		"NAND Flash",	},
 	{FLASH_OFFSET_NOR,	"nor",		"NOR Flash",	},
@@ -42,6 +42,20 @@ static table_entry_t imximage_bootops[] = {
 };
 
 /*
+ * Supported Boot options for configuration file
+ * this is needed to determine the initial load size
+ */
+static table_entry_t imximage_boot_loadsize[] = {
+	{FLASH_LOADSIZE_ONENAND,	"onenand",	"OneNAND Flash",},
+	{FLASH_LOADSIZE_NAND,		"nand",		"NAND Flash",	},
+	{FLASH_LOADSIZE_NOR,		"nor",		"NOR Flash",	},
+	{FLASH_LOADSIZE_SATA,		"sata",		"SATA Disk",	},
+	{FLASH_LOADSIZE_SD,		"sd",		"SD Card",	},
+	{FLASH_LOADSIZE_SPI,		"spi",		"SPI Flash",	},
+	{-1,				"",		"Invalid",	},
+};
+
+/*
  * IMXIMAGE version definition for i.MX chips
  */
 static table_entry_t imximage_versions[] = {
@@ -54,6 +68,8 @@ static struct imx_header imximage_header;
 static uint32_t imximage_version;
 /* Image Vector Table Offset */
 static uint32_t imximage_ivt_offset;
+/* Initial Load Region Size */
+static uint32_t imximage_init_loadsize;
 
 static set_dcd_val_t set_dcd_val;
 static set_dcd_rst_t set_dcd_rst;
@@ -195,7 +211,8 @@ static void set_imx_hdr_v1(struct imx_header *imxhdr, uint32_t dcd_len,
 	/* Set magic number */
 	fhdr_v1->app_code_barker = APP_CODE_BARKER;
 
-	hdr_base = entry_point - sizeof(struct imx_header);
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	hdr_base = entry_point - 4096;
 	fhdr_v1->app_dest_ptr = hdr_base - flash_offset;
 	fhdr_v1->app_code_jump_vector = entry_point;
 
@@ -222,12 +239,13 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len,
 
 	fhdr_v2->entry = entry_point;
 	fhdr_v2->reserved1 = fhdr_v2->reserved2 = 0;
-	fhdr_v2->self = hdr_base = entry_point - sizeof(struct imx_header);
-
+	hdr_base = entry_point - imximage_init_loadsize +
+		flash_offset;
+	fhdr_v2->self = hdr_base;
 	fhdr_v2->dcd_ptr = hdr_base + offsetof(imx_header_v2_t, dcd_table);
 	fhdr_v2->boot_data_ptr = hdr_base
 			+ offsetof(imx_header_v2_t, boot_data);
-	hdr_v2->boot_data.start = hdr_base - flash_offset;
+	hdr_v2->boot_data.start = entry_point - imximage_init_loadsize;
 
 	/* Security feature are not supported */
 	fhdr_v2->csf = 0;
@@ -329,13 +347,24 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		set_hdr_func(imxhdr);
 		break;
 	case CMD_BOOT_FROM:
-		imximage_ivt_offset = get_table_entry_id(imximage_bootops,
+		imximage_ivt_offset = get_table_entry_id(imximage_boot_offset,
 					"imximage boot option", token);
 		if (imximage_ivt_offset == -1) {
 			fprintf(stderr, "Error: %s[%d] -Invalid boot device"
 				"(%s)\n", name, lineno, token);
 			exit(EXIT_FAILURE);
 		}
+
+		imximage_init_loadsize =
+			get_table_entry_id(imximage_boot_loadsize,
+					   "imximage boot option", token);
+
+		if (imximage_init_loadsize == -1) {
+			fprintf(stderr,
+				"Error: %s[%d] -Invalid boot device(%s)\n",
+				name, lineno, token);
+			exit(EXIT_FAILURE);
+		}
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -517,7 +546,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 *
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
-	*header_size_ptr = ROUND(sbuf->st_size + imximage_ivt_offset, 4096);
+	*header_size_ptr = ROUND(sbuf->st_size, 4096);
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index ec629a5..bb04a43 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -13,14 +13,14 @@
 #define APP_CODE_BARKER	0xB1
 #define DCD_BARKER	0xB17219E9
 
-#define HEADER_OFFSET	0x400
-
 /*
  * NOTE: This file must be kept in sync with arch/arm/include/asm/\
  *       imx-common/imximage.cfg because tools/imximage.c can not
  *       cross-include headers from arch/arm/ and vice-versa.
  */
 #define CMD_DATA_STR	"DATA"
+
+/* Initial Vector Table Offset */
 #define FLASH_OFFSET_UNDEFINED	0xFFFFFFFF
 #define FLASH_OFFSET_STANDARD	0x400
 #define FLASH_OFFSET_NAND	FLASH_OFFSET_STANDARD
@@ -30,6 +30,16 @@
 #define FLASH_OFFSET_NOR	0x1000
 #define FLASH_OFFSET_SATA	FLASH_OFFSET_STANDARD
 
+/* Initial Load Region Size */
+#define FLASH_LOADSIZE_UNDEFINED	0xFFFFFFFF
+#define FLASH_LOADSIZE_STANDARD		0x1000
+#define FLASH_LOADSIZE_NAND		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_SD		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_SPI		FLASH_LOADSIZE_STANDARD
+#define FLASH_LOADSIZE_ONENAND		0x400
+#define FLASH_LOADSIZE_NOR		0x0 /* entire image */
+#define FLASH_LOADSIZE_SATA		FLASH_LOADSIZE_STANDARD
+
 #define IVT_HEADER_TAG 0xD1
 #define IVT_VERSION 0x40
 #define DCD_HEADER_TAG 0xD2
@@ -147,7 +157,7 @@ struct imx_header {
 		imx_header_v1_t hdr_v1;
 		imx_header_v2_t hdr_v2;
 	} header;
-} __attribute__((aligned(4096)));
+};
 
 typedef void (*set_dcd_val_t)(struct imx_header *imxhdr,
 					char *name, int lineno,
-- 
1.7.9.5

[U-Boot] [PATCH v3 4/7] tools: add variable padding of data image in mkimage

[Stefano Babic]

Use previously unused return value of function vrec_header
to return a padding size to generic mkimage. This padding
size is used in copy_files to pad with zeros after copying
the data image.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
Changes in v3: None
Changes in v2: None

 tools/mkimage.c |   24 +++++++++++++++++++++---
 tools/mkimage.h |    5 ++++-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/tools/mkimage.c b/tools/mkimage.c
index b700b9e..58d25fa 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -137,6 +137,7 @@ main (int argc, char **argv)
 	char *ptr;
 	int retval = 0;
 	struct image_type_params *tparams = NULL;
+	int pad_len = 0;
 
 	/* Init Freescale PBL Boot image generation/list support */
 	init_pbl_image_type();
@@ -391,7 +392,7 @@ NXTARG:		;
 	 * allocate memory for the header itself.
 	 */
 	if (tparams->vrec_header)
-		tparams->vrec_header(&params, tparams);
+		pad_len = tparams->vrec_header(&params, tparams);
 	else
 		memset(tparams->hdr, 0, tparams->header_size);
 
@@ -463,7 +464,7 @@ NXTARG:		;
 			/* PBL has special Image format, implements its' own */
 			pbl_load_uboot(ifd, &params);
 		} else {
-			copy_file (ifd, params.datafile, 0);
+			copy_file(ifd, params.datafile, pad_len);
 		}
 	}
 
@@ -537,10 +538,19 @@ copy_file (int ifd, const char *datafile, int pad)
 	unsigned char *ptr;
 	int tail;
 	int zero = 0;
+	uint8_t zeros[4096];
 	int offset = 0;
 	int size;
 	struct image_type_params *tparams = mkimage_get_type (params.type);
 
+	if (pad >= sizeof(zeros)) {
+		fprintf(stderr, "%s: Can't pad to %d\n",
+			params.cmdname, pad);
+		exit(EXIT_FAILURE);
+	}
+
+	memset(zeros, 0, sizeof(zeros));
+
 	if (params.vflag) {
 		fprintf (stderr, "Adding Image %s\n", datafile);
 	}
@@ -598,7 +608,8 @@ copy_file (int ifd, const char *datafile, int pad)
 		exit (EXIT_FAILURE);
 	}
 
-	if (pad && ((tail = size % 4) != 0)) {
+	tail = size % 4;
+	if ((pad == 1) && (tail != 0)) {
 
 		if (write(ifd, (char *)&zero, 4-tail) != 4-tail) {
 			fprintf (stderr, "%s: Write error on %s: %s\n",
@@ -606,6 +617,13 @@ copy_file (int ifd, const char *datafile, int pad)
 				strerror(errno));
 			exit (EXIT_FAILURE);
 		}
+	} else if (pad > 1) {
+		if (write(ifd, (char *)&zeros, pad) != pad) {
+			fprintf(stderr, "%s: Write error on %s: %s\n",
+				params.cmdname, params.imagefile,
+				strerror(errno));
+			exit(EXIT_FAILURE);
+		}
 	}
 
 	(void) munmap((void *)ptr, sbuf.st_size);
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 950e190..ecb3032 100644
--- a/tools/mkimage.h
+++ b/tools/mkimage.h
@@ -132,7 +132,10 @@ struct image_type_params {
 	/*
 	 * This callback function will be executed for variable size record
 	 * It is expected to build this header in memory and return its length
-	 * and a pointer to it
+	 * and a pointer to it by using image_type_params.header_size and
+	 * image_type_params.hdr. The return value shall indicate if an
+	 * additional padding should be used when copying the data image
+	 * by returning the padding length.
 	 */
 	int (*vrec_header) (struct mkimage_params *,
 		struct image_type_params *);
-- 
1.7.9.5

[U-Boot] [PATCH v3 5/7] tools: add padding of data image file for imximage

[Stefano Babic]

Implement function vrec_header to be able to pad the final
data image file according the what has been calculated for
boot_data.length.

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v3:
- uses stat instead of open / fstat / close (Marek Vasut)

Changes in v2: None

 tools/imximage.c |   74 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 72 insertions(+), 2 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 2b4909e..7281292 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -571,18 +571,88 @@ int imximage_check_params(struct mkimage_params *params)
 		(params->xflag) || !(strlen(params->imagename));
 }
 
+static int imximage_generate(struct mkimage_params *params,
+	struct image_type_params *tparams)
+{
+	struct imx_header *imxhdr;
+	size_t alloc_len;
+	int dfd;
+	struct stat sbuf;
+	char *datafile = params->datafile;
+	uint32_t pad_len;
+
+	memset(&imximage_header, 0, sizeof(imximage_header));
+
+	/*
+	 * In order to not change the old imx cfg file
+	 * by adding VERSION command into it, here need
+	 * set up function ptr group to V1 by default.
+	 */
+	imximage_version = IMXIMAGE_V1;
+	/* Be able to detect if the cfg file has no BOOT_FROM tag */
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
+	set_hdr_func(imxhdr);
+
+	/* Parse dcd configuration file */
+	parse_cfg_file(&imximage_header, params->imagename);
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		alloc_len = 4096;
+	else
+		alloc_len = imximage_init_loadsize - imximage_ivt_offset;
+
+	if (alloc_len < sizeof(struct imx_header)) {
+		fprintf(stderr, "%s: header error\n",
+			params->cmdname);
+		exit(EXIT_FAILURE);
+	}
+
+	imxhdr = malloc(alloc_len);
+
+	if (!imxhdr) {
+		fprintf(stderr, "%s: malloc return failure: %s\n",
+			params->cmdname, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	memset(imxhdr, 0, alloc_len);
+
+	tparams->header_size = alloc_len;
+	tparams->hdr         = imxhdr;
+
+	/* determine data image file length */
+
+	if (stat(datafile, &sbuf) < 0) {
+		fprintf(stderr, "%s: Can't stat %s: %s\n",
+			params->cmdname, datafile, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	pad_len = ROUND(sbuf.st_size, 4096) - sbuf.st_size;
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		return 0;
+	else
+		return pad_len;
+}
+
+
 /*
  * imximage parameters
  */
 static struct image_type_params imximage_params = {
 	.name		= "Freescale i.MX Boot Image support",
-	.header_size	= sizeof(struct imx_header),
-	.hdr		= (void *)&imximage_header,
+	.header_size	= 0,
+	.hdr		= NULL,
 	.check_image_type = imximage_check_image_types,
 	.verify_header	= imximage_verify_header,
 	.print_header	= imximage_print_header,
 	.set_header	= imximage_set_header,
 	.check_params	= imximage_check_params,
+	.vrec_header	= imximage_generate,
 };
 
 void init_imx_image_type(void)
-- 
1.7.9.5

[U-Boot] [PATCH v3 6/7] tools: add support for setting the CSF into imximage

[Stefano Babic]

Add support for setting the CSF (Command Sequence File) pointer
which is used for HAB (High Assurance Boot) in the imximage by
adding e.g.

CSF 0x2000

in the imximage.cfg file.

This will set the CSF pointer accordingly just after the padded
data image area. The boot_data.length is adjusted with the
value from the imximage.cfg config file.

The resulting u-boot.imx can be signed with the FSL HAB tooling.
The generated CSF block needs to be appended to the u-boot.imx.

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v3:
- add info in the README where to find description
of signing process in the Freescale Website (Otavio Salvador)

Changes in v2:
- checkpatch warning
- do not output HAB values when csf values are not defined by cfg

 doc/README.imximage |   30 +++++++++++++++++++++++++++---
 doc/README.mxc_hab  |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 tools/imximage.c    |   41 ++++++++++++++++++++++++++++++++++++++---
 tools/imximage.h    |    3 ++-
 4 files changed, 115 insertions(+), 7 deletions(-)
 create mode 100644 doc/README.mxc_hab

diff --git a/doc/README.imximage b/doc/README.imximage
index 802eb90..dcda200 100644
--- a/doc/README.imximage
+++ b/doc/README.imximage
@@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type.
 For more details refer Chapter 2 - System Boot and section 2.14
 (flash header description) of the processor's manual.
 
-This implementation does not use at the moment the secure boot feature
-of the processor. The image is generated disabling all security fields.
-
 Command syntax:
 --------------
 ./tools/mkimage -l <mx u-boot_file>
@@ -86,6 +83,33 @@ Configuration command line syntax:
 				Example:
 				BOOT_FROM spi
 
+	CSF			value
+
+				Total size of CSF (Command Sequence File)
+				used for Secure Boot/ High Assurance Boot
+				(HAB).
+
+				Using this command will populate the IVT
+				(Initial Vector Table) CSF pointer and adjust
+				the length fields only. The CSF itself needs
+				to be generated with Freescale tools and
+				'manually' appended to the u-boot.imx file.
+
+				The CSF is then simply concatenated
+				to the u-boot image, making a signed bootloader,
+				that the processor can verify
+				if the fuses for the keys are burned.
+
+				Further infos how to configure the SOC to verify
+				the bootloader can be found in the "High
+				Assurance Boot Version Application Programming
+				Interface Reference Manual" as part of the
+				Freescale Code Signing Tool, available on the
+				manufacturer's website.
+
+				Example:
+				CSF 0x2000
+
 	DATA			type address value
 
 				type: word=4, halfword=2, byte=1
diff --git a/doc/README.mxc_hab b/doc/README.mxc_hab
new file mode 100644
index 0000000..97f8b7d
--- /dev/null
+++ b/doc/README.mxc_hab
@@ -0,0 +1,48 @@
+High Assurance Boot (HAB) for i.MX6 CPUs
+
+To authenticate U-Boot only by the CPU there is no code required in
+U-Boot itself. However, the U-Boot image to be programmed into the
+boot media needs to be properly constructed, i.e. it must contain a
+proper Command Sequence File (CSF).
+
+The Initial Vector Table contains a pointer to the CSF. Please see
+doc/README.imximage for how to prepare u-boot.imx.
+
+The CSF itself is being generated by Freescale HAB tools.
+
+mkimage will output additional information about "HAB Blocks"
+which can be used in the Freescale tooling to authenticate U-Boot
+(entries in the CSF file).
+
+Image Type:   Freescale IMX Boot Image
+Image Ver:    2 (i.MX53/6 compatible)
+Data Size:    327680 Bytes = 320.00 kB = 0.31 MB
+Load Address: 177ff420
+Entry Point:  17800000
+HAB Blocks:   177ff400 00000000 0004dc00
+              ^^^^^^^^ ^^^^^^^^ ^^^^^^^^
+		|	|	   |
+		|	|	   -------- (1)
+		|	|
+		|	------------------- (2)
+		|
+		--------------------------- (3)
+
+(1)	Size of area in file u-boot.imx to sign
+	This area should include the IVT, the Boot Data the DCD
+	and U-Boot itself.
+(2)	Start of area in u-boot.imx to sign
+(3)	Start of area in RAM to authenticate
+
+CONFIG_SECURE_BOOT currently enables only an additional command
+'hab_status' in U-Boot to retrieve the HAB status and events. This
+can be useful while developing and testing HAB.
+
+Commands to generate a signed U-Boot using Freescale HAB tools:
+cst --o U-Boot_CSF.bin < U-Boot.CSF
+objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0x00 \
+	U-Boot_CSF.bin U-Boot_CSF_pad.bin
+cat u-boot.imx U-Boot_CSF_pad.bin > u-boot-signed.imx
+
+NOTE: U-Boot_CSF.bin needs to be padded to the value specified in
+the imximage.cfg file.
diff --git a/tools/imximage.c b/tools/imximage.c
index 7281292..2c4c84e 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -16,6 +16,8 @@
 #include <image.h>
 #include "imximage.h"
 
+#define UNDEFINED 0xFFFFFFFF
+
 /*
  * Supported commands for configuration file
  */
@@ -23,6 +25,7 @@ static table_entry_t imximage_cmds[] = {
 	{CMD_BOOT_FROM,         "BOOT_FROM",            "boot command",	  },
 	{CMD_BOOT_OFFSET,       "BOOT_OFFSET",          "Boot offset",	  },
 	{CMD_DATA,              "DATA",                 "Reg Write Data", },
+	{CMD_CSF,               "CSF",           "Command Sequence File", },
 	{CMD_IMAGE_VERSION,     "IMAGE_VERSION",        "image version",  },
 	{-1,                    "",                     "",	          },
 };
@@ -66,8 +69,13 @@ static table_entry_t imximage_versions[] = {
 
 static struct imx_header imximage_header;
 static uint32_t imximage_version;
-/* Image Vector Table Offset */
-static uint32_t imximage_ivt_offset;
+/*
+ * Image Vector Table Offset
+ * Initialized to a wrong not 4-bytes aligned address to
+ * check if it is was set by the cfg file.
+ */
+static uint32_t imximage_ivt_offset = UNDEFINED;
+static uint32_t imximage_csf_size = UNDEFINED;
 /* Initial Load Region Size */
 static uint32_t imximage_init_loadsize;
 
@@ -76,6 +84,7 @@ static set_dcd_rst_t set_dcd_rst;
 static set_imx_hdr_t set_imx_hdr;
 static uint32_t max_dcd_entries;
 static uint32_t *header_size_ptr;
+static uint32_t *csf_ptr;
 
 static uint32_t get_cfg_value(char *token, char *name,  int linenr)
 {
@@ -247,9 +256,10 @@ static void set_imx_hdr_v2(struct imx_header *imxhdr, uint32_t dcd_len,
 			+ offsetof(imx_header_v2_t, boot_data);
 	hdr_v2->boot_data.start = entry_point - imximage_init_loadsize;
 
-	/* Security feature are not supported */
 	fhdr_v2->csf = 0;
+
 	header_size_ptr = &hdr_v2->boot_data.size;
+	csf_ptr = &fhdr_v2->csf;
 }
 
 static void set_hdr_func(struct imx_header *imxhdr)
@@ -326,6 +336,13 @@ static void print_hdr_v2(struct imx_header *imx_hdr)
 	genimg_print_size(hdr_v2->boot_data.size);
 	printf("Load Address: %08x\n", (uint32_t)fhdr_v2->boot_data_ptr);
 	printf("Entry Point:  %08x\n", (uint32_t)fhdr_v2->entry);
+	if (fhdr_v2->csf && (imximage_ivt_offset != UNDEFINED) &&
+	    (imximage_csf_size != UNDEFINED)) {
+		printf("HAB Blocks:   %08x %08x %08x\n",
+		       (uint32_t)fhdr_v2->self, 0,
+		       hdr_v2->boot_data.size - imximage_ivt_offset -
+		       imximage_csf_size);
+	}
 }
 
 static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
@@ -379,6 +396,17 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
+	case CMD_CSF:
+		if (imximage_version != 2) {
+			fprintf(stderr,
+				"Error: %s[%d] - CSF only supported for VERSION 2(%s)\n",
+				name, lineno, token);
+			exit(EXIT_FAILURE);
+		}
+		imximage_csf_size = get_cfg_value(token, name, lineno);
+		if (unlikely(cmd_ver_first != 1))
+			cmd_ver_first = 0;
+		break;
 	}
 }
 
@@ -529,6 +557,7 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	imximage_version = IMXIMAGE_V1;
 	/* Be able to detect if the cfg file has no BOOT_FROM tag */
 	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
 	set_hdr_func(imxhdr);
 
 	/* Parse dcd configuration file */
@@ -547,6 +576,12 @@ static void imximage_set_header(void *ptr, struct stat *sbuf, int ifd,
 	 * The remaining fraction of a block bytes would not be loaded!
 	 */
 	*header_size_ptr = ROUND(sbuf->st_size, 4096);
+
+	if (csf_ptr && imximage_csf_size) {
+		*csf_ptr = params->ep - imximage_init_loadsize +
+			*header_size_ptr;
+		*header_size_ptr += imximage_csf_size;
+	}
 }
 
 int imximage_check_params(struct mkimage_params *params)
diff --git a/tools/imximage.h b/tools/imximage.h
index bb04a43..efe6a88 100644
--- a/tools/imximage.h
+++ b/tools/imximage.h
@@ -52,7 +52,8 @@ enum imximage_cmd {
 	CMD_IMAGE_VERSION,
 	CMD_BOOT_FROM,
 	CMD_BOOT_OFFSET,
-	CMD_DATA
+	CMD_DATA,
+	CMD_CSF,
 };
 
 enum imximage_fld_types {
-- 
1.7.9.5

[U-Boot] [PATCH v3 7/7] imx: add status reporting for HAB status

[Stefano Babic]

Add functions to report the HAB (High Assurance Boot) status
of e.g. i.MX6 CPUs.

This is taken from

git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0
cpu/arm_cortexa8/mx6/generic.c
include/asm-arm/arch-mx6/mx6_secure.h

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v3: None
Changes in v2:
- Fix errors when SECURE_BOOT is selected due to enum
- simplify display_event code (Marek Vasut)
- compile hab code only if SECURE_BOOT is set (Fabio Estevam)
- update licence with SPDX line according to new rules.

 arch/arm/cpu/armv7/mx6/Makefile          |    7 +-
 arch/arm/cpu/armv7/mx6/hab.c             |  104 ++++++++++++++++++++++++++++++
 arch/arm/include/asm/arch-mx6/hab.h      |   67 +++++++++++++++++++
 arch/arm/include/asm/arch-mx6/imx-regs.h |    8 ++-
 4 files changed, 182 insertions(+), 4 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
 create mode 100644 arch/arm/include/asm/arch-mx6/hab.h

diff --git a/arch/arm/cpu/armv7/mx6/Makefile b/arch/arm/cpu/armv7/mx6/Makefile
index c5e9858..6d73617 100644
--- a/arch/arm/cpu/armv7/mx6/Makefile
+++ b/arch/arm/cpu/armv7/mx6/Makefile
@@ -11,10 +11,11 @@ include $(TOPDIR)/config.mk
 
 LIB	= $(obj)lib$(SOC).o
 
-COBJS	= soc.o clock.o
+COBJS-y	= soc.o clock.o
+COBJS-$(CONFIG_SECURE_BOOT)	+= hab.o
 
-SRCS	:= $(SOBJS:.o=.S) $(COBJS:.o=.c)
-OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS))
+SRCS	:= $(SOBJS:.o=.S) $(COBJS-y:.o=.c)
+OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS-y))
 
 all:	$(obj).depend $(LIB)
 
diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
new file mode 100644
index 0000000..5187775
--- /dev/null
+++ b/arch/arm/cpu/armv7/mx6/hab.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:    GPL-2.0+
+ */
+
+#include <common.h>
+#include <asm/io.h>
+#include <asm/arch/hab.h>
+
+/* -------- start of HAB API updates ------------*/
+#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT)
+#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS)
+#define hab_rvt_authenticate_image \
+	((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
+#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY)
+#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT)
+#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
+
+bool is_hab_enabled(void)
+{
+	struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
+	struct fuse_bank *bank = &ocotp->bank[0];
+	struct fuse_bank0_regs *fuse =
+		(struct fuse_bank0_regs *)bank->fuse_regs;
+	uint32_t reg = readl(&fuse->cfg5);
+
+	return (reg & 0x2) == 0x2;
+}
+
+void display_event(uint8_t *event_data, size_t bytes)
+{
+	uint32_t i;
+
+	if (!(event_data && bytes > 0))
+		return;
+
+	for (i = 0; i < bytes; i++) {
+		if (i == 0)
+			printf("\t0x%02x", event_data[i]);
+		else if ((i % 8) == 0)
+			printf("\n\t0x%02x", event_data[i]);
+		else
+			printf(" 0x%02x", event_data[i]);
+	}
+}
+
+int get_hab_status(void)
+{
+	uint32_t index = 0; /* Loop index */
+	uint8_t event_data[128]; /* Event data buffer */
+	size_t bytes = sizeof(event_data); /* Event size in bytes */
+	enum hab_config config = 0;
+	enum hab_state state = 0;
+
+	if (is_hab_enabled())
+		puts("\nSecure boot enabled\n");
+	else
+		puts("\nSecure boot disabled\n");
+
+	/* Check HAB status */
+	if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
+		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+		       config, state);
+
+		/* Display HAB Error events */
+		while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
+					&bytes) == HAB_SUCCESS) {
+			puts("\n");
+			printf("--------- HAB Event %d -----------------\n",
+			       index + 1);
+			puts("event data:\n");
+			display_event(event_data, bytes);
+			puts("\n");
+			bytes = sizeof(event_data);
+			index++;
+		}
+	}
+	/* Display message if no HAB events are found */
+	else {
+		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+		       config, state);
+		puts("No HAB Events Found!\n\n");
+	}
+	return 0;
+}
+
+int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	if ((argc != 1)) {
+		cmd_usage(cmdtp);
+		return 1;
+	}
+
+	get_hab_status();
+
+	return 0;
+}
+
+U_BOOT_CMD(
+		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
+		"display HAB status",
+		""
+	  );
diff --git a/arch/arm/include/asm/arch-mx6/hab.h b/arch/arm/include/asm/arch-mx6/hab.h
new file mode 100644
index 0000000..d724f20
--- /dev/null
+++ b/arch/arm/include/asm/arch-mx6/hab.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved.
+ *
+ * SPDX-License-Identifier:    GPL-2.0+
+ *
+*/
+
+#ifndef __SECURE_MX6Q_H__
+#define __SECURE_MX6Q_H__
+
+#include <linux/types.h>
+
+/* -------- start of HAB API updates ------------*/
+/* The following are taken from HAB4 SIS */
+
+/* Status definitions */
+enum hab_status {
+	HAB_STS_ANY = 0x00,
+	HAB_FAILURE = 0x33,
+	HAB_WARNING = 0x69,
+	HAB_SUCCESS = 0xf0
+};
+
+/* Security Configuration definitions */
+enum hab_config {
+	HAB_CFG_RETURN = 0x33, /**< Field Return IC */
+	HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */
+	HAB_CFG_CLOSED = 0xcc /**< Secure IC */
+};
+
+/* State definitions */
+enum hab_state {
+	HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */
+	HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */
+	HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */
+	HAB_STATE_TRUSTED = 0x99, /**< Trusted state */
+	HAB_STATE_SECURE = 0xaa, /**< Secure state */
+	HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */
+	HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */
+	HAB_STATE_NONE = 0xf0, /**< No security state machine */
+	HAB_STATE_MAX
+};
+
+/*Function prototype description*/
+typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
+		uint8_t* , size_t*);
+typedef enum hab_status hab_rvt_report_status_t(enum hab_config *,
+		enum hab_state *);
+typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*);
+typedef enum hab_status hab_rvt_entry_t(void);
+typedef enum hab_status hab_rvt_exit_t(void);
+typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t,
+		void **, size_t *, hab_loader_callback_f_t);
+typedef void hapi_clock_init_t(void);
+
+#define HAB_RVT_REPORT_EVENT (*(uint32_t *)0x000000B4)
+#define HAB_RVT_REPORT_STATUS (*(uint32_t *)0x000000B8)
+#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)0x000000A4)
+#define HAB_RVT_ENTRY (*(uint32_t *)0x00000098)
+#define HAB_RVT_EXIT (*(uint32_t *)0x0000009C)
+#define HAB_RVT_CLOCK_INIT ((hapi_clock_init_t *)0x0000024D)
+
+#define HAB_CID_ROM 0 /**< ROM Caller ID */
+#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
+/* ----------- end of HAB API updates ------------*/
+
+#endif
diff --git a/arch/arm/include/asm/arch-mx6/imx-regs.h b/arch/arm/include/asm/arch-mx6/imx-regs.h
index 5d6bccb..621919f 100644
--- a/arch/arm/include/asm/arch-mx6/imx-regs.h
+++ b/arch/arm/include/asm/arch-mx6/imx-regs.h
@@ -456,7 +456,13 @@ struct fuse_bank0_regs {
 	u32	uid_low;
 	u32	rsvd1[3];
 	u32	uid_high;
-	u32	rsvd2[0x17];
+	u32	rsvd2[3];
+	u32	rsvd3[4];
+	u32	rsvd4[4];
+	u32	rsvd5[4];
+	u32	cfg5;
+	u32	rsvd6[3];
+	u32	rsvd7[4];
 };
 
 struct fuse_bank4_regs {
-- 
1.7.9.5

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Tom Rini]

On Mon, Aug 19, 2013 at 06:44:03PM +0200, Stefano Babic wrote:
> Hi Tom,
> 
> On 19/08/2013 18:19, Tom Rini wrote:
> > On Mon, Aug 12, 2013 at 04:39:27PM +0200, Stefano Babic wrote:
> > 
> >> (header for Freescale's i.MX processors) to allow the usage of 
> >> Freescale's tools to sign the u-boot image and provide a secure
> >> boot.
> >> 
> >> This has nothing to do with the Secure Boot extensions
> >> implemented by Simon Glass, that can be in any case used to boot
> >> later a secure image. Freescale's secure boot ensures that a
> >> signed bootloader is started only if it is verified with a key
> >> that is burned into the iMX fuses. Documentation about the
> >> Freescale's secure process can be read from the AN4591, available
> >> on the Freescale's Website.
> > 
> > Where does Marek's patch fall in here exactly?
> 
> Marek's patch is intended to add support for mxs based processor (mx23
> / mx28) and it is quite parallel to mine and I think Marek will
> replace Freescale's own tool elftosb.

But, for clarity, there's not a whole bunch of common code that could be
used here, and these i.MXes are different from those i.MXes?

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20130819/bcb7b305/attachment.pgp>

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Marek Vasut]

Dear Tom Rini,

> On Mon, Aug 19, 2013 at 06:44:03PM +0200, Stefano Babic wrote:
> > Hi Tom,
> > 
> > On 19/08/2013 18:19, Tom Rini wrote:
> > > On Mon, Aug 12, 2013 at 04:39:27PM +0200, Stefano Babic wrote:
> > >> (header for Freescale's i.MX processors) to allow the usage of
> > >> Freescale's tools to sign the u-boot image and provide a secure
> > >> boot.
> > >> 
> > >> This has nothing to do with the Secure Boot extensions
> > >> implemented by Simon Glass, that can be in any case used to boot
> > >> later a secure image. Freescale's secure boot ensures that a
> > >> signed bootloader is started only if it is verified with a key
> > >> that is burned into the iMX fuses. Documentation about the
> > >> Freescale's secure process can be read from the AN4591, available
> > >> on the Freescale's Website.
> > > 
> > > Where does Marek's patch fall in here exactly?
> > 
> > Marek's patch is intended to add support for mxs based processor (mx23
> > / mx28) and it is quite parallel to mine and I think Marek will
> > replace Freescale's own tool elftosb.
> 
> But, for clarity, there's not a whole bunch of common code that could be
> used here, and these i.MXes are different from those i.MXes?

MX23/28 and the rest of IMX use the same "HAB" thing, but due to differences in 
their bootrom (MXS is sigmatel design, IMX is freescale), it's done differently 
on both MXS and IMX. Thus we need two implementations :-( IIRC there is HABv3 on 
IMX and HABv4 on MXS, no ?

Best regards,
Marek Vasut

[U-Boot] [PATCH v2 0/7] The patchset fixes some issue in the generation of the imx image

[Tom Rini]

On Mon, Aug 19, 2013 at 09:45:55PM +0200, Marek Vasut wrote:
> Dear Tom Rini,
> 
> > On Mon, Aug 19, 2013 at 06:44:03PM +0200, Stefano Babic wrote:
> > > Hi Tom,
> > > 
> > > On 19/08/2013 18:19, Tom Rini wrote:
> > > > On Mon, Aug 12, 2013 at 04:39:27PM +0200, Stefano Babic wrote:
> > > >> (header for Freescale's i.MX processors) to allow the usage of
> > > >> Freescale's tools to sign the u-boot image and provide a secure
> > > >> boot.
> > > >> 
> > > >> This has nothing to do with the Secure Boot extensions
> > > >> implemented by Simon Glass, that can be in any case used to boot
> > > >> later a secure image. Freescale's secure boot ensures that a
> > > >> signed bootloader is started only if it is verified with a key
> > > >> that is burned into the iMX fuses. Documentation about the
> > > >> Freescale's secure process can be read from the AN4591, available
> > > >> on the Freescale's Website.
> > > > 
> > > > Where does Marek's patch fall in here exactly?
> > > 
> > > Marek's patch is intended to add support for mxs based processor (mx23
> > > / mx28) and it is quite parallel to mine and I think Marek will
> > > replace Freescale's own tool elftosb.
> > 
> > But, for clarity, there's not a whole bunch of common code that could be
> > used here, and these i.MXes are different from those i.MXes?
> 
> MX23/28 and the rest of IMX use the same "HAB" thing, but due to
> differences in their bootrom (MXS is sigmatel design, IMX is
> freescale), it's done differently on both MXS and IMX. Thus we need
> two implementations :-( IIRC there is HABv3 on IMX and HABv4 on MXS,
> no ?

OK, thanks.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20130819/dc3cb69c/attachment.pgp>

[U-Boot] [PATCH v2 7/7] imx: add status reporting for HAB status

[Bernhard Walle]

Hi,

Am 12.08.13 16:39, schrieb Stefano Babic:
> +
> +bool is_hab_enabled(void)
> +{
> +	struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
> +	struct fuse_bank *bank = &ocotp->bank[0];
> +	struct fuse_bank0_regs *fuse =
> +		(struct fuse_bank0_regs *)bank->fuse_regs;
> +	uint32_t reg = readl(&fuse->cfg5);
> +
> +	return (reg & 0x2) == 0x2;
> +}

With the exception of that function and the required structure
definitions, the whole code also works with i.MX53 (tested with LOCO
board), too. Also AN4581 [1] that describes HAB doesn't differentiate
between i.MX53 and i.MX6 in that case as they both use HAB v4.

I think you have more experience how to organize the code (I added a few
symlinks and modified only the Makefile, but I guess that symlink are
not the best solution).


Regards,
Bernhard

[1] http://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf

[U-Boot] [PATCH v4 5/7] tools: add padding of data image file for imximage

[Stefano Babic]

Implement function vrec_header to be able to pad the final
data image file according the what has been calculated for
boot_data.length.

Signed-off-by: Stefano Babic <sbabic@denx.de>

---
Changes in v4:
- fix crash when imximage_init_loadsize is not set
Found during regression tests with boards ima3-mx53 and m53evk (Stefano Babic)

Changes in v3:
- uses stat instead of open / fstat / close (Marek Vasut)

Changes in v2: None

 tools/imximage.c |   88 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 85 insertions(+), 3 deletions(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index 2b4909e..26460bf 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -365,6 +365,13 @@ static void parse_cfg_cmd(struct imx_header *imxhdr, int32_t cmd, char *token,
 				name, lineno, token);
 			exit(EXIT_FAILURE);
 		}
+
+		/*
+		 * The SOC loads from the storage starting at address 0
+		 * then ensures that the load size contains the offset
+		 */
+		if (imximage_init_loadsize < imximage_ivt_offset)
+			imximage_init_loadsize = imximage_ivt_offset;
 		if (unlikely(cmd_ver_first != 1))
 			cmd_ver_first = 0;
 		break;
@@ -439,7 +446,8 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
 		exit(EXIT_FAILURE);
 	}
 
-	/* Very simple parsing, line starting with # are comments
+	/*
+	 * Very simple parsing, line starting with # are comments
 	 * and are dropped
 	 */
 	while ((getline(&line, &len, fd)) > 0) {
@@ -571,18 +579,92 @@ int imximage_check_params(struct mkimage_params *params)
 		(params->xflag) || !(strlen(params->imagename));
 }
 
+static int imximage_generate(struct mkimage_params *params,
+	struct image_type_params *tparams)
+{
+	struct imx_header *imxhdr;
+	size_t alloc_len;
+	struct stat sbuf;
+	char *datafile = params->datafile;
+	uint32_t pad_len;
+
+	memset(&imximage_header, 0, sizeof(imximage_header));
+
+	/*
+	 * In order to not change the old imx cfg file
+	 * by adding VERSION command into it, here need
+	 * set up function ptr group to V1 by default.
+	 */
+	imximage_version = IMXIMAGE_V1;
+	/* Be able to detect if the cfg file has no BOOT_FROM tag */
+	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
+	imximage_csf_size = 0;
+	set_hdr_func(imxhdr);
+
+	/* Parse dcd configuration file */
+	parse_cfg_file(&imximage_header, params->imagename);
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1) {
+		alloc_len = 4096;
+	} else {
+		if (imximage_init_loadsize < imximage_ivt_offset +
+			sizeof(imx_header_v2_t))
+				imximage_init_loadsize = imximage_ivt_offset +
+					sizeof(imx_header_v2_t);
+		alloc_len = imximage_init_loadsize - imximage_ivt_offset;
+	}
+
+	if (alloc_len < sizeof(struct imx_header)) {
+		fprintf(stderr, "%s: header error\n",
+			params->cmdname);
+		exit(EXIT_FAILURE);
+	}
+
+	imxhdr = malloc(alloc_len);
+
+	if (!imxhdr) {
+		fprintf(stderr, "%s: malloc return failure: %s\n",
+			params->cmdname, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	memset(imxhdr, 0, alloc_len);
+
+	tparams->header_size = alloc_len;
+	tparams->hdr         = imxhdr;
+
+	/* determine data image file length */
+
+	if (stat(datafile, &sbuf) < 0) {
+		fprintf(stderr, "%s: Can't stat %s: %s\n",
+			params->cmdname, datafile, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	pad_len = ROUND(sbuf.st_size, 4096) - sbuf.st_size;
+
+	/* TODO: check i.MX image V1 handling, for now use 'old' style */
+	if (imximage_version == IMXIMAGE_V1)
+		return 0;
+	else
+		return pad_len;
+}
+
+
 /*
  * imximage parameters
  */
 static struct image_type_params imximage_params = {
 	.name		= "Freescale i.MX Boot Image support",
-	.header_size	= sizeof(struct imx_header),
-	.hdr		= (void *)&imximage_header,
+	.header_size	= 0,
+	.hdr		= NULL,
 	.check_image_type = imximage_check_image_types,
 	.verify_header	= imximage_verify_header,
 	.print_header	= imximage_print_header,
 	.set_header	= imximage_set_header,
 	.check_params	= imximage_check_params,
+	.vrec_header	= imximage_generate,
 };
 
 void init_imx_image_type(void)
-- 
1.7.9.5

[U-Boot] [PATCH v4 5/7] tools: add padding of data image file for imximage

[York Sun]

On 08/27/2013 08:17 AM, Stefano Babic wrote:
> Implement function vrec_header to be able to pad the final
> data image file according the what has been calculated for
> boot_data.length.
> 
> Signed-off-by: Stefano Babic <sbabic@denx.de>
> 
> ---
> Changes in v4:
> - fix crash when imximage_init_loadsize is not set
> Found during regression tests with boards ima3-mx53 and m53evk (Stefano Babic)
> 
> Changes in v3:
> - uses stat instead of open / fstat / close (Marek Vasut)
> 
> Changes in v2: None
> 
>  tools/imximage.c |   88 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 85 insertions(+), 3 deletions(-)
> 

<snip>

> +static int imximage_generate(struct mkimage_params *params,
> +	struct image_type_params *tparams)
> +{
> +	struct imx_header *imxhdr;
> +	size_t alloc_len;
> +	struct stat sbuf;
> +	char *datafile = params->datafile;
> +	uint32_t pad_len;
> +
> +	memset(&imximage_header, 0, sizeof(imximage_header));
> +
> +	/*
> +	 * In order to not change the old imx cfg file
> +	 * by adding VERSION command into it, here need
> +	 * set up function ptr group to V1 by default.
> +	 */
> +	imximage_version = IMXIMAGE_V1;
> +	/* Be able to detect if the cfg file has no BOOT_FROM tag */
> +	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
> +	imximage_csf_size = 0;
> +	set_hdr_func(imxhdr);

Doesn't this line has compiling warning for you?

imximage.c: In function ?imximage_generate?:
imximage.c:634: warning: ?imxhdr? is used uninitialized in this function

York

[U-Boot] [PATCH v4 5/7] tools: add padding of data image file for imximage

[Stefano Babic]

Hi York,

On 11/09/2013 00:14, York Sun wrote:

>> +static int imximage_generate(struct mkimage_params *params,
>> +	struct image_type_params *tparams)
>> +{
>> +	struct imx_header *imxhdr;
>> +	size_t alloc_len;
>> +	struct stat sbuf;
>> +	char *datafile = params->datafile;
>> +	uint32_t pad_len;
>> +
>> +	memset(&imximage_header, 0, sizeof(imximage_header));
>> +
>> +	/*
>> +	 * In order to not change the old imx cfg file
>> +	 * by adding VERSION command into it, here need
>> +	 * set up function ptr group to V1 by default.
>> +	 */
>> +	imximage_version = IMXIMAGE_V1;
>> +	/* Be able to detect if the cfg file has no BOOT_FROM tag */
>> +	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
>> +	imximage_csf_size = 0;
>> +	set_hdr_func(imxhdr);
> 
> Doesn't this line has compiling warning for you?
> 
> imximage.c: In function ?imximage_generate?:
> imximage.c:634: warning: ?imxhdr? is used uninitialized in this function

I see the issue, but I hadn't warnings, gcc version 4.6.3 (Ubuntu/Linaro
4.6.3-1ubuntu5). Which gcc version do you have ?

Anyway, set_hdr_func() does not use parameters anymore. It can be
converted to set_hdr_func(void) and we get rid of warnings.

Stefano

-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

[U-Boot] [PATCH v4 5/7] tools: add padding of data image file for imximage

[York Sun]

On 09/11/2013 12:13 AM, Stefano Babic wrote:
> Hi York,
> 
> On 11/09/2013 00:14, York Sun wrote:
> 
>>> +static int imximage_generate(struct mkimage_params *params,
>>> +	struct image_type_params *tparams)
>>> +{
>>> +	struct imx_header *imxhdr;
>>> +	size_t alloc_len;
>>> +	struct stat sbuf;
>>> +	char *datafile = params->datafile;
>>> +	uint32_t pad_len;
>>> +
>>> +	memset(&imximage_header, 0, sizeof(imximage_header));
>>> +
>>> +	/*
>>> +	 * In order to not change the old imx cfg file
>>> +	 * by adding VERSION command into it, here need
>>> +	 * set up function ptr group to V1 by default.
>>> +	 */
>>> +	imximage_version = IMXIMAGE_V1;
>>> +	/* Be able to detect if the cfg file has no BOOT_FROM tag */
>>> +	imximage_ivt_offset = FLASH_OFFSET_UNDEFINED;
>>> +	imximage_csf_size = 0;
>>> +	set_hdr_func(imxhdr);
>>
>> Doesn't this line has compiling warning for you?
>>
>> imximage.c: In function ?imximage_generate?:
>> imximage.c:634: warning: ?imxhdr? is used uninitialized in this function
> 
> I see the issue, but I hadn't warnings, gcc version 4.6.3 (Ubuntu/Linaro
> 4.6.3-1ubuntu5). Which gcc version do you have ?
> 
> Anyway, set_hdr_func() does not use parameters anymore. It can be
> converted to set_hdr_func(void) and we get rid of warnings.
> 

I have gcc version 4.6.2 and 4.7.2.

York