* [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB
@ 2014-03-05 19:01 Marek Vasut
2014-03-05 19:01 ` [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream Marek Vasut
2014-04-01 8:15 ` [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB Stefano Babic
0 siblings, 2 replies; 7+ messages in thread
From: Marek Vasut @ 2014-03-05 19:01 UTC (permalink / raw)
To: u-boot
When using HAB, there are additional special requirements on the placement of
U-Boot and the U-Boot SPL in memory. To fullfill these, this patch moves the
U-Boot binary a little further from the begining of the DRAM, so the HAB CST
and IVT can be placed in front of the U-Boot binary. This is necessary, since
both the U-Boot and the IVT must be contained in single CST signature. To
make things worse, the IVT must be concatenated with one more entry at it's
end, that is the length of the entire CST signature, IVT and U-Boot binary
in memory. By placing the blocks in this order -- CST, IVT, U-Boot, we can
easily align them all and then produce the length field as needed.
As for the SPL, on i.MX23/i.MX28, the SPL size is limited to 32 KiB, thus
we place the IVT at 0x8000 offset, CST right past IVT and claim the size
is correct. The HAB library accepts this setup.
Finally, to make sure the vectoring in SPL still works even after moving
the SPL from 0x0 to 0x1000, we add a small function which copies the
vectoring code and tables to 0x0. This is fine, since the vectoring code
is position independent.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
---
arch/arm/cpu/arm926ejs/mxs/mxsimage.mx23.cfg | 8 ++++----
arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg | 8 ++++----
arch/arm/cpu/arm926ejs/mxs/spl_boot.c | 15 +++++++++++++++
arch/arm/cpu/arm926ejs/mxs/u-boot-spl.lds | 2 +-
include/configs/mxs.h | 10 +++++++++-
5 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx23.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx23.cfg
index c9cf4b3..70abfbc 100644
--- a/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx23.cfg
+++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx23.cfg
@@ -1,6 +1,6 @@
SECTION 0x0 BOOTABLE
TAG LAST
- LOAD 0x0 OBJTREE/spl/u-boot-spl.bin
- CALL 0x14 0x0
- LOAD 0x40000100 OBJTREE/u-boot.bin
- CALL 0x40000100 0x0
+ LOAD 0x1000 OBJTREE/spl/u-boot-spl.bin
+ CALL 0x1000 0x0
+ LOAD 0x40002000 OBJTREE/u-boot.bin
+ CALL 0x40002000 0x0
diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg
index 676f5c8..e98c97b 100644
--- a/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg
+++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage.mx28.cfg
@@ -1,8 +1,8 @@
SECTION 0x0 BOOTABLE
TAG LAST
- LOAD 0x0 OBJTREE/spl/u-boot-spl.bin
- LOAD IVT 0x8000 0x14
+ LOAD 0x1000 OBJTREE/spl/u-boot-spl.bin
+ LOAD IVT 0x8000 0x1000
CALL HAB 0x8000 0x0
- LOAD 0x40000100 OBJTREE/u-boot.bin
- LOAD IVT 0x8000 0x40000100
+ LOAD 0x40002000 OBJTREE/u-boot.bin
+ LOAD IVT 0x8000 0x40002000
CALL HAB 0x8000 0x0
diff --git a/arch/arm/cpu/arm926ejs/mxs/spl_boot.c b/arch/arm/cpu/arm926ejs/mxs/spl_boot.c
index 68c30af..38109c5 100644
--- a/arch/arm/cpu/arm926ejs/mxs/spl_boot.c
+++ b/arch/arm/cpu/arm926ejs/mxs/spl_boot.c
@@ -102,6 +102,18 @@ static uint8_t mxs_get_bootmode_index(void)
return i;
}
+static void mxs_spl_fixup_vectors(void)
+{
+ /*
+ * Copy our vector table to 0x0, since due to HAB, we cannot
+ * be loaded to 0x0. We want to have working vectoring though,
+ * thus this fixup. Our vectoring table is PIC, so copying is
+ * fine.
+ */
+ extern uint32_t _start;
+ memcpy(0x0, &_start, 0x60);
+}
+
void mxs_common_spl_init(const uint32_t arg, const uint32_t *resptr,
const iomux_cfg_t *iomux_setup,
const unsigned int iomux_size)
@@ -110,7 +122,10 @@ void mxs_common_spl_init(const uint32_t arg, const uint32_t *resptr,
((CONFIG_SYS_TEXT_BASE - sizeof(struct mxs_spl_data)) & ~0xf);
uint8_t bootmode = mxs_get_bootmode_index();
+ mxs_spl_fixup_vectors();
+
mxs_iomux_setup_multiple_pads(iomux_setup, iomux_size);
+
mxs_power_init();
mxs_mem_init();
diff --git a/arch/arm/cpu/arm926ejs/mxs/u-boot-spl.lds b/arch/arm/cpu/arm926ejs/mxs/u-boot-spl.lds
index d0b482d..f4bf8ac 100644
--- a/arch/arm/cpu/arm926ejs/mxs/u-boot-spl.lds
+++ b/arch/arm/cpu/arm926ejs/mxs/u-boot-spl.lds
@@ -16,7 +16,7 @@ OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
- . = 0x00000000;
+ . = CONFIG_SPL_TEXT_BASE;
. = ALIGN(4);
.text :
diff --git a/include/configs/mxs.h b/include/configs/mxs.h
index 55ecef9..a9f4d89 100644
--- a/include/configs/mxs.h
+++ b/include/configs/mxs.h
@@ -80,8 +80,16 @@
* We need to sacrifice first 4 bytes of RAM here to avoid triggering some
* strange BUG in ROM corrupting first 4 bytes of RAM when loading U-Boot
* binary. In case there was more of this mess, 0x100 bytes are skipped.
+ *
+ * In case of a HAB boot, we cannot for some weird reason use the first 4KiB
+ * of DRAM when loading. Moreover, we use the first 4 KiB for IVT and CST
+ * blocks, thus U-Boot starts at offset +8 KiB of DRAM start.
+ *
+ * As for the SPL, we must avoid the first 4 KiB as well, but we load the
+ * IVT and CST to 0x8000, so we don't need to waste the subsequent 4 KiB.
*/
-#define CONFIG_SYS_TEXT_BASE 0x40000100
+#define CONFIG_SYS_TEXT_BASE 0x40002000
+#define CONFIG_SPL_TEXT_BASE 0x00001000
/* U-Boot general configuration */
#define CONFIG_SYS_LONGHELP
--
1.8.5.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream
2014-03-05 19:01 [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB Marek Vasut
@ 2014-03-05 19:01 ` Marek Vasut
2014-04-01 8:16 ` Stefano Babic
2014-04-01 8:15 ` [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB Stefano Babic
1 sibling, 1 reply; 7+ messages in thread
From: Marek Vasut @ 2014-03-05 19:01 UTC (permalink / raw)
To: u-boot
This patch adds the groundwork for generating signed BootStream, which
can be used by the HAB library in i.MX28. We are adding a new target,
u-boot-signed.sb , since the process for generating regular non-signed
BootStream is much easier. Moreover, the signed bootstream depends on
external _proprietary_ _binary-only_ tool from Freescale called 'cst',
which is available only under NDA.
To make things even uglier, the CST or HAB mandates a kind-of circular
dependency. The problem is, unlike the regular IVT, which is generated
by mxsimage, the IVT for signed boot must be generated by hand here due
to special demands of the CST. The U-Boot binary (or SPL binary) and IVT
are then signed by the CST as a one block. But here is the problem. The
size of the entire image (U-Boot, IVT, CST blocks) must be appended at
the end of IVT. But the size of the entire image is not known until the
CST has finished signing the U-Boot and IVT. We solve this by expecting
the CST block to be always 3904B (which it is in case two files, U-Boot
and the hand-made IVT, are signed in the CST block).
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
---
Makefile | 2 +
arch/arm/cpu/arm926ejs/mxs/Makefile | 77 ++++++++++++++++++++++++++
arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg | 10 ++++
3 files changed, 89 insertions(+)
create mode 100644 arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
diff --git a/Makefile b/Makefile
index ecac292..01d4011 100644
--- a/Makefile
+++ b/Makefile
@@ -856,6 +856,8 @@ OBJCOPYFLAGS_u-boot.ais = -I binary -O binary --pad-to=$(CONFIG_SPL_MAX_SIZE)
u-boot.ais: spl/u-boot-spl.ais u-boot.img FORCE
$(call if_changed,pad_cat)
+u-boot-signed.sb: u-boot.bin spl/u-boot-spl.bin
+ $(Q)$(MAKE) $(build)=arch/arm/cpu/arm926ejs/mxs $(objtree)/u-boot-signed.sb
u-boot.sb: u-boot.bin spl/u-boot-spl.bin
$(Q)$(MAKE) $(build)=arch/arm/cpu/arm926ejs/mxs $(objtree)/u-boot.sb
diff --git a/arch/arm/cpu/arm926ejs/mxs/Makefile b/arch/arm/cpu/arm926ejs/mxs/Makefile
index 152546e..540e589 100644
--- a/arch/arm/cpu/arm926ejs/mxs/Makefile
+++ b/arch/arm/cpu/arm926ejs/mxs/Makefile
@@ -17,8 +17,85 @@ endif
MKIMAGE_TARGET-$(CONFIG_MX23) = mx23
MKIMAGE_TARGET-$(CONFIG_MX28) = mx28
+# Convert hexadecimal value to bytes
+define hex2bin
+$(shell echo -n "$1" | sed 's/0x//;s/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/;s/../\\\\x&/g')
+endef
+
+# Compute the post-IVT size field value for the U-Boot binary.
+# The value is the result of adding the following:
+# -> The size of U-Boot binary aligned to 64B (u-boot.bin)
+# -> The size of IVT block aligned to 64B (u-boot.ivt)
+# -> The size of U-Boot signature (u-boot.sig), 3904 B
+# -> The 64B hole in front of U-Boot binary for 'struct mxs_spl_data' passing
+define uboot_ivt_size
+$(shell expr `stat -c "%s" $1` + 64 + 3904 + 128 | xargs printf 0x%08x)
+endef
+
$(OBJTREE)/mxsimage.cfg: $(SRCTREE)/$(CPUDIR)/$(SOC)/mxsimage.$(MKIMAGE_TARGET-y).cfg
sed "s at OBJTREE@$(OBJTREE)@g" $^ > $@
+# HAB signature is i.MX28 only
+$(OBJTREE)/mxsimage-signed.cfg: $(SRCTREE)/$(CPUDIR)/$(SOC)/mxsimage-signed.cfg
+ sed "s at OBJTREE@$(OBJTREE)@g" $^ > $@
+
+$(OBJTREE)/spl/u-boot-spl.ivt: $(OBJTREE)/spl/u-boot-spl.bin
+ # Align U-Boot SPL binary to 64B
+ dd if=$^ of=$@ ibs=64 conv=sync 2>/dev/null
+ mv $@ $^
+ # Assemble IVT, append size field and align it to 64B.
+ (echo -ne "$(call hex2bin,0x402000d1)" ; \
+ echo -ne "$(call hex2bin,$(CONFIG_SPL_TEXT_BASE))" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,0x00008000)" ; \
+ echo -ne "$(call hex2bin,0x00008040)" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,$(call uboot_ivt_size,$^))" \
+ ) | dd of=$@ ibs=64 count=1 conv=sync 2>/dev/null
+
+$(OBJTREE)/u-boot.ivt: $(OBJTREE)/u-boot.bin
+ # Align U-Boot binary to 64B
+ dd if=$^ of=$@ ibs=64 conv=sync 2>/dev/null
+ mv $@ $^
+ # Assemble IVT, append size field and align it to 64B.
+ (echo -ne "$(call hex2bin,0x402000d1)" ; \
+ echo -ne "$(call hex2bin,$(CONFIG_SYS_TEXT_BASE))" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,0x40001000)" ; \
+ echo -ne "$(call hex2bin,0x40001040)" ; \
+ echo -ne "$(call hex2bin,0x00000000)" ; \
+ echo -ne "$(call hex2bin,$(call uboot_ivt_size,$^))" \
+ ) | dd of=$@ ibs=64 count=1 conv=sync 2>/dev/null
+
+$(OBJTREE)/spl/u-boot-spl.csf: $(OBJTREE)/spl/u-boot-spl.ivt $(OBJTREE)/spl/u-boot-spl.bin $(TOPDIR)/board/$(VENDOR)/$(BOARD)/sign/u-boot-spl.csf
+ # Assemble the CSF file
+ sed "s at TOPDIR@$(TOPDIR)@g;s at VENDOR@$(VENDOR)@g;s at BOARD@$(BOARD)@g" \
+ $(word 3,$^) > $@
+ sed -i "/^##Blocks.*/ d" $@
+ echo " Blocks = $(CONFIG_SPL_TEXT_BASE) 0x0 " \
+ "`stat -c '%s' $(word 2,$^)` \"$(word 2,$^)\" , \\" \
+ >> $@
+ echo " 0x8000 0x0 0x40 \"$(word 1,$^)\"" >> $@
+
+$(OBJTREE)/u-boot.csf: $(OBJTREE)/u-boot.ivt $(OBJTREE)/u-boot.bin $(TOPDIR)/board/$(VENDOR)/$(BOARD)/sign/u-boot.csf
+ # Assemble the CSF file
+ sed "s at TOPDIR@$(TOPDIR)@g;s at VENDOR@$(VENDOR)@g;s at BOARD@$(BOARD)@g" \
+ $(word 3,$^) > $@
+ sed -i "/^##Blocks.*/ d" $@
+ echo " Blocks = $(CONFIG_SYS_TEXT_BASE) 0x0 " \
+ "`stat -c '%s' $(word 2,$^)` \"$(word 2,$^)\" , \\" \
+ >> $@
+ echo " 0x40001000 0x0 0x40 \"$(word 1,$^)\"" >> $@
+
+%.sig: %.csf
+ cst -o $@ < $^
+
+$(OBJTREE)/u-boot-signed.sb: $(OBJTREE)/u-boot.ivt $(OBJTREE)/u-boot.sig $(OBJTREE)/spl/u-boot-spl.ivt $(OBJTREE)/spl/u-boot-spl.sig $(OBJTREE)/mxsimage-signed.cfg
+ $(OBJTREE)/tools/mkimage -n $(OBJTREE)/mxsimage-signed.cfg -T mxsimage $@
+
$(OBJTREE)/u-boot.sb: $(OBJTREE)/u-boot.bin $(OBJTREE)/spl/u-boot-spl.bin $(OBJTREE)/mxsimage.cfg
$(OBJTREE)/tools/mkimage -n $(OBJTREE)/mxsimage.cfg -T mxsimage $@
diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
new file mode 100644
index 0000000..903b6b2
--- /dev/null
+++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
@@ -0,0 +1,10 @@
+SECTION 0x0 BOOTABLE
+ TAG LAST
+ LOAD 0x1000 OBJTREE/spl/u-boot-spl.bin
+ LOAD 0x8000 OBJTREE/spl/u-boot-spl.ivt
+ LOAD 0x8040 OBJTREE/spl/u-boot-spl.sig
+ CALL HAB 0x8000 0x0
+ LOAD 0x40002000 OBJTREE/u-boot.bin
+ LOAD 0x40001000 OBJTREE/u-boot.ivt
+ LOAD 0x40001040 OBJTREE/u-boot.sig
+ CALL HAB 0x40001000 0x0
--
1.8.5.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB
2014-03-05 19:01 [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB Marek Vasut
2014-03-05 19:01 ` [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream Marek Vasut
@ 2014-04-01 8:15 ` Stefano Babic
1 sibling, 0 replies; 7+ messages in thread
From: Stefano Babic @ 2014-04-01 8:15 UTC (permalink / raw)
To: u-boot
On 05/03/2014 20:01, Marek Vasut wrote:
> When using HAB, there are additional special requirements on the placement of
> U-Boot and the U-Boot SPL in memory. To fullfill these, this patch moves the
> U-Boot binary a little further from the begining of the DRAM, so the HAB CST
> and IVT can be placed in front of the U-Boot binary. This is necessary, since
> both the U-Boot and the IVT must be contained in single CST signature. To
> make things worse, the IVT must be concatenated with one more entry at it's
> end, that is the length of the entire CST signature, IVT and U-Boot binary
> in memory. By placing the blocks in this order -- CST, IVT, U-Boot, we can
> easily align them all and then produce the length field as needed.
>
> As for the SPL, on i.MX23/i.MX28, the SPL size is limited to 32 KiB, thus
> we place the IVT at 0x8000 offset, CST right past IVT and claim the size
> is correct. The HAB library accepts this setup.
>
> Finally, to make sure the vectoring in SPL still works even after moving
> the SPL from 0x0 to 0x1000, we add a small function which copies the
> vectoring code and tables to 0x0. This is fine, since the vectoring code
> is position independent.
>
> Signed-off-by: Marek Vasut <marex@denx.de>
> Cc: Stefano Babic <sbabic@denx.de>
> ---
Applied to u-boot-imx, thanks !
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream
2014-03-05 19:01 ` [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream Marek Vasut
@ 2014-04-01 8:16 ` Stefano Babic
0 siblings, 0 replies; 7+ messages in thread
From: Stefano Babic @ 2014-04-01 8:16 UTC (permalink / raw)
To: u-boot
On 05/03/2014 20:01, Marek Vasut wrote:
> This patch adds the groundwork for generating signed BootStream, which
> can be used by the HAB library in i.MX28. We are adding a new target,
> u-boot-signed.sb , since the process for generating regular non-signed
> BootStream is much easier. Moreover, the signed bootstream depends on
> external _proprietary_ _binary-only_ tool from Freescale called 'cst',
> which is available only under NDA.
>
> To make things even uglier, the CST or HAB mandates a kind-of circular
> dependency. The problem is, unlike the regular IVT, which is generated
> by mxsimage, the IVT for signed boot must be generated by hand here due
> to special demands of the CST. The U-Boot binary (or SPL binary) and IVT
> are then signed by the CST as a one block. But here is the problem. The
> size of the entire image (U-Boot, IVT, CST blocks) must be appended at
> the end of IVT. But the size of the entire image is not known until the
> CST has finished signing the U-Boot and IVT. We solve this by expecting
> the CST block to be always 3904B (which it is in case two files, U-Boot
> and the hand-made IVT, are signed in the CST block).
>
> Signed-off-by: Marek Vasut <marex@denx.de>
> Cc: Stefano Babic <sbabic@denx.de>
> ---
Applied to u-boot-imx, thanks !
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream
2014-04-04 9:52 ` Stefano Babic
@ 2014-04-04 11:54 ` Marek Vasut
0 siblings, 0 replies; 7+ messages in thread
From: Marek Vasut @ 2014-04-04 11:54 UTC (permalink / raw)
To: u-boot
On Friday, April 04, 2014 at 11:52:09 AM, Stefano Babic wrote:
> Hi Marek,
>
> On 03/04/2014 19:12, Marek Vasut wrote:
> > This patch adds the groundwork for generating signed BootStream, which
> > can be used by the HAB library in i.MX28. We are adding a new target,
> > u-boot-signed.sb , since the process for generating regular non-signed
> > BootStream is much easier. Moreover, the signed bootstream depends on
> > external _proprietary_ _binary-only_ tool from Freescale called 'cst',
> > which is available only under NDA.
> >
> > To make things even uglier, the CST or HAB mandates a kind-of circular
> > dependency. The problem is, unlike the regular IVT, which is generated
> > by mxsimage, the IVT for signed boot must be generated by hand here due
> > to special demands of the CST. The U-Boot binary (or SPL binary) and IVT
> > are then signed by the CST as a one block. But here is the problem. The
> > size of the entire image (U-Boot, IVT, CST blocks) must be appended at
> > the end of IVT. But the size of the entire image is not known until the
> > CST has finished signing the U-Boot and IVT. We solve this by expecting
> > the CST block to be always 3904B (which it is in case two files, U-Boot
> > and the hand-made IVT, are signed in the CST block).
> >
> > Signed-off-by: Marek Vasut <marex@denx.de>
> > Cc: Stefano Babic <sbabic@denx.de>
> > ---
> >
> > Makefile | 2 +
> > arch/arm/cpu/arm926ejs/mxs/Makefile | 60
> > ++++++++++++++++++++++++++
> > arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg | 10 +++++
> > 3 files changed, 72 insertions(+)
> > create mode 100644 arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
> >
> > NOTE: Stefano, I had to tweak this to play well with kbuild.
>
> ok - only to track what we have already discussed via IIRC.
>
> The patch was already accepted, but it conflicts with current
> u-boot-arm. I revert it on u-boot-imx, and Marek rebased it.
>
> Marek, I could not apply it directly after merging u-boot-arm - maybe
> because we set on different commit id. Never mind, I merge it again and
> it looks ok.
>
> I have pushed a -test branch on u-boot-imx after merging u-boot-arm and
> your patches. It looks ok, and if you do not complain, I will send it to
> Albert for inclusion in u-boot-arm.
All good, thank you !
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream
2014-04-03 17:12 ` [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream Marek Vasut
@ 2014-04-04 9:52 ` Stefano Babic
2014-04-04 11:54 ` Marek Vasut
0 siblings, 1 reply; 7+ messages in thread
From: Stefano Babic @ 2014-04-04 9:52 UTC (permalink / raw)
To: u-boot
Hi Marek,
On 03/04/2014 19:12, Marek Vasut wrote:
> This patch adds the groundwork for generating signed BootStream, which
> can be used by the HAB library in i.MX28. We are adding a new target,
> u-boot-signed.sb , since the process for generating regular non-signed
> BootStream is much easier. Moreover, the signed bootstream depends on
> external _proprietary_ _binary-only_ tool from Freescale called 'cst',
> which is available only under NDA.
>
> To make things even uglier, the CST or HAB mandates a kind-of circular
> dependency. The problem is, unlike the regular IVT, which is generated
> by mxsimage, the IVT for signed boot must be generated by hand here due
> to special demands of the CST. The U-Boot binary (or SPL binary) and IVT
> are then signed by the CST as a one block. But here is the problem. The
> size of the entire image (U-Boot, IVT, CST blocks) must be appended at
> the end of IVT. But the size of the entire image is not known until the
> CST has finished signing the U-Boot and IVT. We solve this by expecting
> the CST block to be always 3904B (which it is in case two files, U-Boot
> and the hand-made IVT, are signed in the CST block).
>
> Signed-off-by: Marek Vasut <marex@denx.de>
> Cc: Stefano Babic <sbabic@denx.de>
> ---
> Makefile | 2 +
> arch/arm/cpu/arm926ejs/mxs/Makefile | 60 ++++++++++++++++++++++++++
> arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg | 10 +++++
> 3 files changed, 72 insertions(+)
> create mode 100644 arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
>
> NOTE: Stefano, I had to tweak this to play well with kbuild.
>
ok - only to track what we have already discussed via IIRC.
The patch was already accepted, but it conflicts with current
u-boot-arm. I revert it on u-boot-imx, and Marek rebased it.
Marek, I could not apply it directly after merging u-boot-arm - maybe
because we set on different commit id. Never mind, I merge it again and
it looks ok.
I have pushed a -test branch on u-boot-imx after merging u-boot-arm and
your patches. It looks ok, and if you do not complain, I will send it to
Albert for inclusion in u-boot-arm.
Thanks,
Stefano
--
=====================================================================
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream
2014-04-03 17:12 Marek Vasut
@ 2014-04-03 17:12 ` Marek Vasut
2014-04-04 9:52 ` Stefano Babic
0 siblings, 1 reply; 7+ messages in thread
From: Marek Vasut @ 2014-04-03 17:12 UTC (permalink / raw)
To: u-boot
This patch adds the groundwork for generating signed BootStream, which
can be used by the HAB library in i.MX28. We are adding a new target,
u-boot-signed.sb , since the process for generating regular non-signed
BootStream is much easier. Moreover, the signed bootstream depends on
external _proprietary_ _binary-only_ tool from Freescale called 'cst',
which is available only under NDA.
To make things even uglier, the CST or HAB mandates a kind-of circular
dependency. The problem is, unlike the regular IVT, which is generated
by mxsimage, the IVT for signed boot must be generated by hand here due
to special demands of the CST. The U-Boot binary (or SPL binary) and IVT
are then signed by the CST as a one block. But here is the problem. The
size of the entire image (U-Boot, IVT, CST blocks) must be appended at
the end of IVT. But the size of the entire image is not known until the
CST has finished signing the U-Boot and IVT. We solve this by expecting
the CST block to be always 3904B (which it is in case two files, U-Boot
and the hand-made IVT, are signed in the CST block).
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
---
Makefile | 2 +
arch/arm/cpu/arm926ejs/mxs/Makefile | 60 ++++++++++++++++++++++++++
arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg | 10 +++++
3 files changed, 72 insertions(+)
create mode 100644 arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
NOTE: Stefano, I had to tweak this to play well with kbuild.
diff --git a/Makefile b/Makefile
index 25cbc95..2e58a70 100644
--- a/Makefile
+++ b/Makefile
@@ -849,6 +849,8 @@ OBJCOPYFLAGS_u-boot.ais = -I binary -O binary --pad-to=$(CONFIG_SPL_MAX_SIZE)
u-boot.ais: spl/u-boot-spl.ais u-boot.img FORCE
$(call if_changed,pad_cat)
+u-boot-signed.sb: u-boot.bin spl/u-boot-spl.bin
+ $(Q)$(MAKE) $(build)=arch/arm/cpu/arm926ejs/mxs u-boot-signed.sb
u-boot.sb: u-boot.bin spl/u-boot-spl.bin
$(Q)$(MAKE) $(build)=arch/arm/cpu/arm926ejs/mxs u-boot.sb
diff --git a/arch/arm/cpu/arm926ejs/mxs/Makefile b/arch/arm/cpu/arm926ejs/mxs/Makefile
index 209c73c..6c59494 100644
--- a/arch/arm/cpu/arm926ejs/mxs/Makefile
+++ b/arch/arm/cpu/arm926ejs/mxs/Makefile
@@ -17,9 +17,69 @@ endif
MKIMAGE_TARGET-$(CONFIG_MX23) = mxsimage.mx23.cfg
MKIMAGE_TARGET-$(CONFIG_MX28) = mxsimage.mx28.cfg
+# Generate HAB-capable IVT
+#
+# Note on computing the post-IVT size field value for the U-Boot binary.
+# The value is the result of adding the following:
+# -> The size of U-Boot binary aligned to 64B (u-boot.bin)
+# -> The size of IVT block aligned to 64B (u-boot.ivt)
+# -> The size of U-Boot signature (u-boot.sig), 3904 B
+# -> The 64B hole in front of U-Boot binary for 'struct mxs_spl_data' passing
+#
+quiet_cmd_mkivt_mxs = MXSIVT $@
+cmd_mkivt_mxs = \
+ sz=`expr \`stat -c "%s" $^\` + 64 + 3904 + 128` ; \
+ echo -n "0x402000d1 $2 0 0 0 $3 $4 0 $$sz 0 0 0 0 0 0 0" | \
+ tr -s " " | xargs -d " " -i printf "%08x\n" "{}" | rev | \
+ sed "s/\(.\)\(.\)/\\\\\\\\x\2\1\n/g" | xargs -i printf "{}" >$@
+
+# Align binary to 64B
+quiet_cmd_mkalign_mxs = MXSALGN $@
+cmd_mkalign_mxs = \
+ dd if=$^ of=$@ ibs=64 conv=sync 2>/dev/null && \
+ mv $@ $^
+
+# Assemble the CSF file
+quiet_cmd_mkcsfreq_mxs = MXSCSFR $@
+cmd_mkcsfreq_mxs = \
+ ivt=$(word 1,$^) ; \
+ bin=$(word 2,$^) ; \
+ csf=$(word 3,$^) ; \
+ sed "s at VENDOR@$(VENDOR)@g;s at BOARD@$(BOARD)@g" "$$csf" | \
+ sed '/^\#\#Blocks/ d' > $@ ; \
+ echo " Blocks = $2 0x0 `stat -c '%s' $$bin` \"$$bin\" , \\" >> $@ ; \
+ echo " $3 0x0 0x40 \"$$ivt\"" >> $@
+
+# Sign files
+quiet_cmd_mkcst_mxs = MXSCST $@
+cmd_mkcst_mxs = cst -o $@ < $^ \
+ $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+
+spl/u-boot-spl.ivt: spl/u-boot-spl.bin
+ $(call if_changed,mkalign_mxs)
+ $(call if_changed,mkivt_mxs,$(CONFIG_SPL_TEXT_BASE),\
+ 0x00008000,0x00008040)
+
+u-boot.ivt: u-boot.bin
+ $(call if_changed,mkalign_mxs)
+ $(call if_changed,mkivt_mxs,$(CONFIG_SYS_TEXT_BASE),\
+ 0x40001000,0x40001040)
+
+spl/u-boot-spl.csf: spl/u-boot-spl.ivt spl/u-boot-spl.bin board/$(VENDOR)/$(BOARD)/sign/u-boot-spl.csf
+ $(call if_changed,mkcsfreq_mxs,$(CONFIG_SPL_TEXT_BASE),0x8000)
+
+u-boot.csf: u-boot.ivt u-boot.bin board/$(VENDOR)/$(BOARD)/sign/u-boot.csf
+ $(call if_changed,mkcsfreq_mxs,$(CONFIG_SYS_TEXT_BASE),0x40001000)
+
+%.sig: %.csf
+ $(call if_changed,mkcst_mxs)
+
quiet_cmd_mkimage_mxs = MKIMAGE $@
cmd_mkimage_mxs = $(objtree)/tools/mkimage -n $< -T mxsimage $@ \
$(if $(KBUILD_VERBOSE:1=), >/dev/null)
u-boot.sb: $(src)/$(MKIMAGE_TARGET-y) u-boot.bin spl/u-boot-spl.bin FORCE
$(call if_changed,mkimage_mxs)
+
+u-boot-signed.sb: $(src)/mxsimage-signed.cfg u-boot.ivt u-boot.sig spl/u-boot-spl.ivt spl/u-boot-spl.sig FORCE
+ $(call if_changed,mkimage_mxs)
diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
new file mode 100644
index 0000000..03b15d7
--- /dev/null
+++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
@@ -0,0 +1,10 @@
+SECTION 0x0 BOOTABLE
+ TAG LAST
+ LOAD 0x1000 spl/u-boot-spl.bin
+ LOAD 0x8000 spl/u-boot-spl.ivt
+ LOAD 0x8040 spl/u-boot-spl.sig
+ CALL HAB 0x8000 0x0
+ LOAD 0x40002000 u-boot.bin
+ LOAD 0x40001000 u-boot.ivt
+ LOAD 0x40001040 u-boot.sig
+ CALL HAB 0x40001000 0x0
--
1.9.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-04-04 11:54 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-05 19:01 [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB Marek Vasut
2014-03-05 19:01 ` [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream Marek Vasut
2014-04-01 8:16 ` Stefano Babic
2014-04-01 8:15 ` [U-Boot] [PATCH 1/2] arm: mxs: Adjust the load address of U-Boot and SPL for HAB Stefano Babic
2014-04-03 17:12 Marek Vasut
2014-04-03 17:12 ` [U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream Marek Vasut
2014-04-04 9:52 ` Stefano Babic
2014-04-04 11:54 ` Marek Vasut
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.