[v1 0/5] Add Vendor Authorized Boot (VAB) support

[v1 0/5] Add Vendor Authorized Boot (VAB) support

[Siew Chin Lim]

This patchset add Vendor Authorized Boot (VAB) support for
Intel Agilex and Diamond Mesa SoC devices.

Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.


These patchsets have dependency on:
--------
Enable ARM Trusted Firmware for U-Boot
https://patchwork.ozlabs.org/project/uboot/cover/20201015122955.10259-1-elly.siew.chin.lim at intel.com/

Add Intel Diamond Mesa SoC support
https://patchwork.ozlabs.org/project/uboot/cover/20201110064439.9683-1-elly.siew.chin.lim at intel.com/


Siew Chin Lim (5):
  arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
  arm: socfpga: cmd: Support 'vab' command
  arm: socfpga: dts: soc64: Update filename in binman node of FIT image
    with VAB support
  configs: socfpga: soc64: Remove 'run linux_qspi_enable' from
    bootcommand
  configs: socfpga: Add defconfig for Agilex and Diamond Mesa with VAB
    support

 arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi         |  22 +++
 arch/arm/mach-socfpga/Kconfig                      |  15 ++
 arch/arm/mach-socfpga/Makefile                     |   4 +
 arch/arm/mach-socfpga/include/mach/mailbox_s10.h   |   1 +
 arch/arm/mach-socfpga/include/mach/secure_vab.h    |  63 +++++++
 arch/arm/mach-socfpga/secure_vab.c                 | 188 +++++++++++++++++++++
 arch/arm/mach-socfpga/vab.c                        |  37 ++++
 common/Kconfig.boot                                |   2 +-
 ..._atf_defconfig => socfpga_agilex_vab_defconfig} |   3 +-
 ...a_dm_atf_defconfig => socfpga_dm_vab_defconfig} |   3 +-
 include/configs/socfpga_soc64_common.h             |   3 +-
 11 files changed, 336 insertions(+), 5 deletions(-)
 create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h
 create mode 100644 arch/arm/mach-socfpga/secure_vab.c
 create mode 100644 arch/arm/mach-socfpga/vab.c
 copy configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} (96%)
 copy configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig} (96%)

-- 
2.13.0

[v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)

[Siew Chin Lim]

Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
---
 arch/arm/mach-socfpga/Kconfig                    |  15 ++
 arch/arm/mach-socfpga/Makefile                   |   2 +
 arch/arm/mach-socfpga/include/mach/mailbox_s10.h |   1 +
 arch/arm/mach-socfpga/include/mach/secure_vab.h  |  63 ++++++++
 arch/arm/mach-socfpga/secure_vab.c               | 188 +++++++++++++++++++++++
 common/Kconfig.boot                              |   2 +-
 6 files changed, 270 insertions(+), 1 deletion(-)
 create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h
 create mode 100644 arch/arm/mach-socfpga/secure_vab.c

diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-socfpga/Kconfig
index 5dee193b31..1dfe08ec86 100644
--- a/arch/arm/mach-socfpga/Kconfig
+++ b/arch/arm/mach-socfpga/Kconfig
@@ -6,6 +6,21 @@ config ERR_PTR_OFFSET
 config NR_DRAM_BANKS
 	default 1
 
+config SECURE_VAB_AUTH
+	bool "Enable boot image authentication with Secure Device Manager"
+	depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_DM
+	select FIT_IMAGE_POST_PROCESS
+	select SHA512_ALGO
+	select SHA384
+	select SPL_FIT_IMAGE_POST_PROCESS
+	help
+	 All images loaded from FIT will be authenticated by Secure Device
+	 Manager.
+
+config SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
+	bool "Allow non-FIT VAB signed images"
+	depends on SECURE_VAB_AUTH
+
 config SPL_SIZE_LIMIT
 	default 0x10000 if TARGET_SOCFPGA_GEN5
 
diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-socfpga/Makefile
index b88bb515d0..6ec4fcff73 100644
--- a/arch/arm/mach-socfpga/Makefile
+++ b/arch/arm/mach-socfpga/Makefile
@@ -48,6 +48,7 @@ obj-y	+= mailbox_s10.o
 obj-y	+= misc_s10.o
 obj-y	+= mmu-arm64_s10.o
 obj-y	+= reset_manager_s10.o
+obj-$(CONFIG_SECURE_VAB_AUTH)	+= secure_vab.o
 obj-y	+= system_manager_soc64.o
 obj-y	+= timer_s10.o
 obj-y	+= wrap_handoff_soc64.o
@@ -61,6 +62,7 @@ obj-y	+= mailbox_s10.o
 obj-y	+= misc_s10.o
 obj-y	+= mmu-arm64_s10.o
 obj-y	+= reset_manager_s10.o
+obj-$(CONFIG_SECURE_VAB_AUTH)	+= secure_vab.o
 obj-y	+= system_manager_soc64.o
 obj-y	+= timer_s10.o
 obj-y	+= wrap_handoff_soc64.o
diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
index 4d783119ea..fbaf11597e 100644
--- a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
+++ b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
@@ -118,6 +118,7 @@ enum ALT_SDM_MBOX_RESP_CODE {
 #define MBOX_RECONFIG_MSEL	7
 #define MBOX_RECONFIG_DATA	8
 #define MBOX_RECONFIG_STATUS	9
+#define MBOX_VAB_SRC_CERT		11
 #define MBOX_QSPI_OPEN		50
 #define MBOX_QSPI_CLOSE		51
 #define MBOX_QSPI_DIRECT	59
diff --git a/arch/arm/mach-socfpga/include/mach/secure_vab.h b/arch/arm/mach-socfpga/include/mach/secure_vab.h
new file mode 100644
index 0000000000..42588588e8
--- /dev/null
+++ b/arch/arm/mach-socfpga/include/mach/secure_vab.h
@@ -0,0 +1,63 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2020 Intel Corporation <www.intel.com>
+ *
+ */
+
+#ifndef	_SECURE_VAB_H_
+#define	_SECURE_VAB_H_
+
+#include <linux/sizes.h>
+#include <linux/stddef.h>
+#include <u-boot/sha512.h>
+
+#define VAB_DATA_SZ			64
+
+#define SDM_CERT_MAGIC_NUM		0x25D04E7F
+#define FCS_HPS_VAB_MAGIC_NUM		0xD0564142
+
+#define MAX_CERT_SIZE			(SZ_4K)
+
+/*
+ * struct fcs_hps_vab_certificate_data
+ * @vab_cert_magic_num: VAB Certificate Magic Word (0xD0564142)
+ * @flags: TBD
+ * @fcs_data: Data words being certificate signed.
+ * @cert_sign_keychain: Certificate Signing Keychain
+ */
+struct fcs_hps_vab_certificate_data {
+	u32 vab_cert_magic_num;		/* offset 0x10 */
+	u32 flags;
+	u8 rsvd0_1[8];
+	u8 fcs_sha384[SHA384_SUM_LEN];	/* offset 0x20 */
+};
+
+/*
+ * struct fcs_hps_vab_certificate_header
+ * @cert_magic_num: Certificate Magic Word (0x25D04E7F)
+ * @cert_data_sz: size of this certificate header (0x80)
+ *	Includes magic number all the way to the certificate
+ *      signing keychain (excludes cert. signing keychain)
+ * @cert_ver: Certificate Version
+ * @cert_type: Certificate Type
+ * @data: VAB HPS Image Certificate data
+ */
+struct fcs_hps_vab_certificate_header {
+	u32 cert_magic_num;		/* offset 0 */
+	u32 cert_data_sz;
+	u32 cert_ver;
+	u32 cert_type;
+	struct fcs_hps_vab_certificate_data d;	/* offset 0x10 */
+	/* keychain starts at offset 0x50 */
+};
+
+#define VAB_CERT_HEADER_SIZE	sizeof(struct fcs_hps_vab_certificate_header)
+#define VAB_CERT_MAGIC_OFFSET	offsetof \
+				(struct fcs_hps_vab_certificate_header, d)
+#define VAB_CERT_FIT_SHA384_OFFSET	offsetof \
+					(struct fcs_hps_vab_certificate_data, \
+					 fcs_sha384[0])
+
+int socfpga_vendor_authentication(void **p_image, size_t *p_size);
+
+#endif /* _SECURE_VAB_H_ */
diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach-socfpga/secure_vab.c
new file mode 100644
index 0000000000..3dd4de127b
--- /dev/null
+++ b/arch/arm/mach-socfpga/secure_vab.c
@@ -0,0 +1,188 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020 Intel Corporation <www.intel.com>
+ *
+ */
+
+#include <common.h>
+#include <hang.h>
+#include <asm/arch/mailbox_s10.h>
+#include <asm/arch/secure_vab.h>
+#include <asm/arch/smc_api.h>
+#include <asm/unaligned.h>
+#include <exports.h>
+#include <image.h>
+#include <linux/errno.h>
+#include <linux/intel-smc.h>
+#include <log.h>
+
+#define CHUNKSZ_PER_WD_RESET		(256 * 1024)
+
+/*
+ * Read the length of the VAB certificate from the end of image
+ * and calculate the actual image size (excluding the VAB certificate).
+ */
+static size_t get_img_size(u8 *img_buf, size_t img_buf_sz)
+{
+	u8 *img_buf_end = img_buf + img_buf_sz;
+	u32 cert_sz = get_unaligned_le32(img_buf_end - sizeof(u32));
+	u8 *p = img_buf_end - cert_sz - sizeof(u32);
+
+	/* Ensure p is pointing within the img_buf */
+	if (p < img_buf || p > (img_buf_end - VAB_CERT_HEADER_SIZE))
+		return 0;
+
+	if (get_unaligned_le32(p) == SDM_CERT_MAGIC_NUM)
+		return (size_t)(p - img_buf);
+
+	return 0;
+}
+
+int socfpga_vendor_authentication(void **p_image, size_t *p_size)
+{
+	int retry_count = 20;
+	u8 hash384[SHA384_SUM_LEN];
+	u64 img_addr, mbox_data_addr;
+	size_t img_sz, mbox_data_sz;
+	u8 *cert_hash_ptr;
+	u32 backup_word;
+	u32 resp = 0, resp_len = 1;
+	int ret;
+
+	img_addr = (uintptr_t)*p_image;
+
+	debug("Authenticating image at address 0x%016llx (%ld bytes)\n",
+	      img_addr, *p_size);
+
+	img_sz = get_img_size((u8 *)img_addr, *p_size);
+	debug("img_sz = %ld\n", img_sz);
+
+	if (!img_sz) {
+		puts("VAB certificate not found in image!\n");
+		return -ENOKEY;
+	}
+
+	if (!IS_ALIGNED(img_sz, sizeof(u32))) {
+		printf("Image size (%ld bytes) not aliged to 4 bytes!\n",
+		       img_sz);
+		return -EBFONT;
+	}
+
+	/* Generate HASH384 from the image */
+	sha384_csum_wd((u8 *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
+
+	cert_hash_ptr = (u8 *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET +
+			       VAB_CERT_FIT_SHA384_OFFSET);
+
+	/*
+	 * Compare the SHA384 found in certificate against the SHA384
+	 * calculated from image
+	 */
+	if (memcmp(hash384, cert_hash_ptr, SHA384_SUM_LEN)) {
+		puts("SHA384 not match!\n");
+		return -EKEYREJECTED;
+	}
+
+	mbox_data_addr = img_addr + img_sz - sizeof(u32);
+	/* Size in word (32bits) */
+	mbox_data_sz = (ALIGN(*p_size - img_sz, 4)) >> 2;
+
+	debug("mbox_data_addr = 0x%016llx\n", mbox_data_addr);
+	debug("mbox_data_sz = %ld\n", mbox_data_sz);
+
+	/* We need to use the 4 bytes before the certificate for T */
+	backup_word = *(u32 *)mbox_data_addr;
+	/* T = 0 */
+	*(u32 *)mbox_data_addr = 0;
+
+	do {
+#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF)
+		/* Invoke SMC call to ATF to send the VAB certificate to SDM */
+		ret  = smc_send_mailbox(MBOX_VAB_SRC_CERT, mbox_data_sz,
+					(u32 *)mbox_data_addr, 0, &resp_len,
+					&resp);
+#else
+		/* Send the VAB certficate to SDM for authentication */
+		ret = mbox_send_cmd(MBOX_ID_UBOOT, MBOX_VAB_SRC_CERT,
+				    MBOX_CMD_DIRECT, mbox_data_sz,
+				    (u32 *)mbox_data_addr, 0, &resp_len,
+				    &resp);
+#endif
+		/* If SDM is not available, just delay 50ms and retry again */
+		if (ret == MBOX_RESP_DEVICE_BUSY)
+			mdelay(50);
+		else
+			break;
+	} while (--retry_count);
+
+	/* Restore the original 4 bytes */
+	*(u32 *)mbox_data_addr = backup_word;
+
+	/* Exclude the size of the VAB certificate from image size */
+	*p_size = img_sz;
+
+	debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp,
+	      resp_len);
+
+	if (ret) {
+		/*
+		 * Unsupported mailbox command or device not in the
+		 * owned/secure state
+		 */
+		if (ret == MBOX_RESP_UNKNOWN ||
+		    ret == MBOX_RESP_NOT_ALLOWED_UNDER_SECURITY_SETTINGS) {
+			/* SDM bypass authentication */
+			printf("%s 0x%016llx (%ld bytes)\n",
+			       "Image Authentication bypassed at address",
+			       img_addr, img_sz);
+			return 0;
+		}
+		puts("VAB certificate authentication failed in SDM");
+		if (ret == MBOX_RESP_DEVICE_BUSY) {
+			puts("(SDM busy timeout)\n");
+			return -ETIMEDOUT;
+		}
+		puts("\n");
+		return -EKEYREJECTED;
+	} else {
+		/* If Certificate Process Status has error */
+		if (resp) {
+			puts("VAB certificate process failed\n");
+			return -ENOEXEC;
+		}
+	}
+
+	debug("Image Authentication passed\n");
+
+	return 0;
+}
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+	if (socfpga_vendor_authentication(p_image, p_size))
+		hang();
+}
+
+#ifndef CONFIG_SPL_BUILD
+void board_prep_linux(bootm_headers_t *images)
+{
+#ifndef CONFIG_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
+	/*
+	 * Ensure the OS is always booted from FIT and with
+	 * VAB signed certificate
+	 */
+	if (!images->fit_uname_cfg) {
+		printf("Please use FIT with VAB signed images!\n");
+		hang();
+	}
+
+	env_set_hex("fdt_addr", (ulong)images->ft_addr);
+	debug("images->ft_addr = 0x%08lx\n", (ulong)images->ft_addr);
+#endif
+
+#ifdef CONFIG_CADENCE_QSPI
+	if (run_command(env_get("linux_qspi_enable"), 0))
+		printf("Warning: Failed to set Linux DTB QSPI frequency!\n");
+#endif
+}
+#endif
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1a25..09aab763e6 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -128,7 +128,7 @@ config FIT_BEST_MATCH
 
 config FIT_IMAGE_POST_PROCESS
 	bool "Enable post-processing of FIT artifacts after loading by U-Boot"
-	depends on TI_SECURE_DEVICE
+	depends on TI_SECURE_DEVICE || SECURE_VAB_AUTH
 	help
 	  Allows doing any sort of manipulation to blobs after they got extracted
 	  from FIT images like stripping off headers or modifying the size of the
-- 
2.13.0

[v1 2/5] arm: socfpga: cmd: Support 'vab' command

[Siew Chin Lim]

Support 'vab' command to perform vendor authentication.

Command format: vab addr len
Authorize 'len' bytes starting at 'addr' via vendor public key

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
---
 arch/arm/mach-socfpga/Makefile |  2 ++
 arch/arm/mach-socfpga/vab.c    | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 arch/arm/mach-socfpga/vab.c

diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-socfpga/Makefile
index 6ec4fcff73..697367bfdc 100644
--- a/arch/arm/mach-socfpga/Makefile
+++ b/arch/arm/mach-socfpga/Makefile
@@ -51,6 +51,7 @@ obj-y	+= reset_manager_s10.o
 obj-$(CONFIG_SECURE_VAB_AUTH)	+= secure_vab.o
 obj-y	+= system_manager_soc64.o
 obj-y	+= timer_s10.o
+obj-$(CONFIG_SECURE_VAB_AUTH)	+= vab.o
 obj-y	+= wrap_handoff_soc64.o
 obj-y	+= wrap_pll_config_soc64.o
 endif
@@ -65,6 +66,7 @@ obj-y	+= reset_manager_s10.o
 obj-$(CONFIG_SECURE_VAB_AUTH)	+= secure_vab.o
 obj-y	+= system_manager_soc64.o
 obj-y	+= timer_s10.o
+obj-$(CONFIG_SECURE_VAB_AUTH)	+= vab.o
 obj-y	+= wrap_handoff_soc64.o
 obj-y	+= wrap_pll_config_soc64.o
 endif
diff --git a/arch/arm/mach-socfpga/vab.c b/arch/arm/mach-socfpga/vab.c
new file mode 100644
index 0000000000..4c592a87cf
--- /dev/null
+++ b/arch/arm/mach-socfpga/vab.c
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020 Intel Corporation <www.intel.com>
+ *
+ */
+
+#include <asm/arch/secure_vab.h>
+#include <command.h>
+#include <common.h>
+#include <linux/ctype.h>
+
+static int do_vab(struct cmd_tbl *cmdtp, int flag, int argc,
+		  char *const argv[])
+{
+	unsigned long addr, len;
+
+	if (argc < 3)
+		return CMD_RET_USAGE;
+
+	addr = simple_strtoul(argv[1], NULL, 16);
+	len = simple_strtoul(argv[2], NULL, 16);
+
+	if (socfpga_vendor_authentication((void *)&addr, (size_t *)&len) == 0)
+		printf("%s 0x%016lx (%ld bytes)\n",
+		       "Image Authentication passed@address", addr, len);
+	else
+		return CMD_RET_FAILURE;
+
+	return 0;
+}
+
+U_BOOT_CMD(
+	vab,	3,	2,	do_vab,
+	"perform vendor authorization",
+	"addr len   - authorize 'len' bytes starting at\n"
+	"                 'addr' via vendor public key"
+);
-- 
2.13.0

[v1 3/5] arm: socfpga: dts: soc64: Update filename in binman node of FIT image with VAB support

[Siew Chin Lim]

FIT image of Vendor Authentication Coot (VAB) contains signed images.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
---
 arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
index 2d4d56a6df..a23b45575a 100644
--- a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
+++ b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
@@ -117,4 +117,26 @@
 	};
 };
 
+#if defined(CONFIG_SECURE_VAB_AUTH)
+&uboot_blob {
+	filename = "signed-u-boot-nodtb.bin";
+};
+
+&atf_blob {
+	filename = "signed-bl31.bin";
+};
+
+&uboot_fdt_blob {
+	filename = "signed-u-boot.dtb";
+};
+
+&kernel_blob {
+	filename = "signed-Image";
+};
+
+&kernel_fdt_blob {
+	filename = "signed-linux.dtb";
+};
+#endif
+
 #endif
-- 
2.13.0

[v1 4/5] configs: socfpga: soc64: Remove 'run linux_qspi_enable' from bootcommand

[Siew Chin Lim]

Remove 'run linux_qspi_enable' from bootcommand. When using FIT for
OS boot, 'run linux_qspi_enable' will be called 'board_prep_linux'
function.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
---
 include/configs/socfpga_soc64_common.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/configs/socfpga_soc64_common.h b/include/configs/socfpga_soc64_common.h
index 194df5940d..911c3a91fd 100644
--- a/include/configs/socfpga_soc64_common.h
+++ b/include/configs/socfpga_soc64_common.h
@@ -86,8 +86,7 @@ unsigned int cm_get_qspi_controller_clk_hz(void);
 
 #ifdef CONFIG_FIT
 #define CONFIG_BOOTFILE "kernel.itb"
-#define CONFIG_BOOTCOMMAND "run fatscript; run mmcfitload;run linux_qspi_enable;" \
-			   "run mmcfitboot"
+#define CONFIG_BOOTCOMMAND "run fatscript; run mmcfitload; run mmcfitboot"
 #else
 #define CONFIG_BOOTFILE "Image"
 #define CONFIG_BOOTCOMMAND "run fatscript; run mmcload;run linux_qspi_enable;" \
-- 
2.13.0

[v1 5/5] configs: socfpga: Add defconfig for Agilex and Diamond Mesa with VAB support

[Siew Chin Lim]

Booting Agilex and Diamond Mesa with Vendor Authorized Boot.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
---
 configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} | 3 ++-
 configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig}         | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)
 copy configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} (96%)
 copy configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig} (96%)

diff --git a/configs/socfpga_agilex_atf_defconfig b/configs/socfpga_agilex_vab_defconfig
similarity index 96%
copy from configs/socfpga_agilex_atf_defconfig
copy to configs/socfpga_agilex_vab_defconfig
index ad87a8098f..d437f49ce0 100644
--- a/configs/socfpga_agilex_atf_defconfig
+++ b/configs/socfpga_agilex_vab_defconfig
@@ -1,5 +1,4 @@
 CONFIG_ARM=y
-CONFIG_ARM_SMCCC=y
 CONFIG_SPL_LDSCRIPT="arch/arm/mach-socfpga/u-boot-spl-soc64.lds"
 CONFIG_ARCH_SOCFPGA=y
 CONFIG_SYS_TEXT_BASE=0x200000
@@ -8,6 +7,7 @@ CONFIG_ENV_SIZE=0x1000
 CONFIG_ENV_OFFSET=0x200
 CONFIG_DM_GPIO=y
 CONFIG_NR_DRAM_BANKS=2
+CONFIG_SECURE_VAB_AUTH=y
 CONFIG_TARGET_SOCFPGA_AGILEX_SOCDK=y
 CONFIG_IDENT_STRING="socfpga_agilex"
 CONFIG_SPL_FS_FAT=y
@@ -15,6 +15,7 @@ CONFIG_SPL_TEXT_BASE=0xFFE00000
 CONFIG_FIT=y
 CONFIG_SPL_LOAD_FIT=y
 CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
+# CONFIG_LEGACY_IMAGE_FORMAT is not set
 # CONFIG_USE_SPL_FIT_GENERATOR is not set
 CONFIG_BOOTDELAY=5
 CONFIG_USE_BOOTARGS=y
diff --git a/configs/socfpga_dm_atf_defconfig b/configs/socfpga_dm_vab_defconfig
similarity index 96%
copy from configs/socfpga_dm_atf_defconfig
copy to configs/socfpga_dm_vab_defconfig
index 975f20c752..97dc269057 100644
--- a/configs/socfpga_dm_atf_defconfig
+++ b/configs/socfpga_dm_vab_defconfig
@@ -1,5 +1,4 @@
 CONFIG_ARM=y
-CONFIG_ARM_SMCCC=y
 CONFIG_SPL_LDSCRIPT="arch/arm/mach-socfpga/u-boot-spl-soc64.lds"
 CONFIG_ARCH_SOCFPGA=y
 CONFIG_SYS_TEXT_BASE=0x200000
@@ -8,6 +7,7 @@ CONFIG_ENV_SIZE=0x1000
 CONFIG_ENV_OFFSET=0x200
 CONFIG_DM_GPIO=y
 CONFIG_NR_DRAM_BANKS=2
+CONFIG_SECURE_VAB_AUTH=y
 CONFIG_TARGET_SOCFPGA_DM_SOCDK=y
 CONFIG_IDENT_STRING="socfpga_dm"
 CONFIG_SPL_FS_FAT=y
@@ -15,6 +15,7 @@ CONFIG_SPL_TEXT_BASE=0xFFE00000
 CONFIG_FIT=y
 CONFIG_SPL_LOAD_FIT=y
 CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
+# CONFIG_LEGACY_IMAGE_FORMAT is not set
 # CONFIG_USE_SPL_FIT_GENERATOR is not set
 CONFIG_BOOTDELAY=5
 CONFIG_USE_BOOTARGS=y
-- 
2.13.0

[v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)

[Tan, Ley Foon]

> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim@intel.com>
> Sent: Tuesday, November 10, 2020 3:05 PM
> To: u-boot at lists.denx.de
> Cc: Marek Vasut <marex@denx.de>; Tan, Ley Foon
> <ley.foon.tan@intel.com>; See, Chin Liang <chin.liang.see@intel.com>;
> Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>; Chee, Tien Fong
> <tien.fong.chee@intel.com>; Westergreen, Dalon
> <dalon.westergreen@intel.com>; Simon Glass <sjg@chromium.org>; Gan,
> Yau Wai <yau.wai.gan@intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin.lim@intel.com>
> Subject: [v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
> 
> Vendor Authorized Boot is a security feature for authenticating the images
> such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and
> etc loaded from FIT. After those images are loaded from FIT, the VAB
> certificate and signature block appended at the end of each image are sent
> to Secure Device Manager (SDM) for authentication. U-Boot will validate the
> SHA384 of the image against the SHA384 hash stored in the VAB certificate
> before sending the image to SDM for authentication.
> 
> Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
> ---
>  arch/arm/mach-socfpga/Kconfig                    |  15 ++
>  arch/arm/mach-socfpga/Makefile                   |   2 +
>  arch/arm/mach-socfpga/include/mach/mailbox_s10.h |   1 +
>  arch/arm/mach-socfpga/include/mach/secure_vab.h  |  63 ++++++++
>  arch/arm/mach-socfpga/secure_vab.c               | 188
> +++++++++++++++++++++++
>  common/Kconfig.boot                              |   2 +-
>  6 files changed, 270 insertions(+), 1 deletion(-)  create mode 100644
> arch/arm/mach-socfpga/include/mach/secure_vab.h
>  create mode 100644 arch/arm/mach-socfpga/secure_vab.c
> 
> diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-
> socfpga/Kconfig index 5dee193b31..1dfe08ec86 100644
> --- a/arch/arm/mach-socfpga/Kconfig
> +++ b/arch/arm/mach-socfpga/Kconfig
> @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET
>  config NR_DRAM_BANKS
>  	default 1
> 
> +config SECURE_VAB_AUTH
Add prefix SOCFPGA_ for socfpga config, same for config below.

> +	bool "Enable boot image authentication with Secure Device
> Manager"
> +	depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_DM
> +	select FIT_IMAGE_POST_PROCESS
> +	select SHA512_ALGO
> +	select SHA384
Sort alphanumeric order

> +	select SPL_FIT_IMAGE_POST_PROCESS
> +	help
> +	 All images loaded from FIT will be authenticated by Secure Device
> +	 Manager.
> +
> +config SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
> +	bool "Allow non-FIT VAB signed images"
> +	depends on SECURE_VAB_AUTH
> +
>  config SPL_SIZE_LIMIT
>  	default 0x10000 if TARGET_SOCFPGA_GEN5
> 
[...]



> +/*
> + * struct fcs_hps_vab_certificate_header
> + * @cert_magic_num: Certificate Magic Word (0x25D04E7F)
> + * @cert_data_sz: size of this certificate header (0x80)
> + *	Includes magic number all the way to the certificate
> + *      signing keychain (excludes cert. signing keychain)
> + * @cert_ver: Certificate Version
> + * @cert_type: Certificate Type
> + * @data: VAB HPS Image Certificate data  */ struct
> +fcs_hps_vab_certificate_header {
> +	u32 cert_magic_num;		/* offset 0 */
> +	u32 cert_data_sz;
> +	u32 cert_ver;
> +	u32 cert_type;
> +	struct fcs_hps_vab_certificate_data d;	/* offset 0x10 */
> +	/* keychain starts at offset 0x50 */
> +};
> +
> +#define VAB_CERT_HEADER_SIZE	sizeof(struct
> fcs_hps_vab_certificate_header)
> +#define VAB_CERT_MAGIC_OFFSET	offsetof \
> +				(struct fcs_hps_vab_certificate_header, d)
> +#define VAB_CERT_FIT_SHA384_OFFSET	offsetof \
> +					(struct fcs_hps_vab_certificate_data,
> \
> +					 fcs_sha384[0])
> +
> +int socfpga_vendor_authentication(void **p_image, size_t *p_size);
> +
> +#endif /* _SECURE_VAB_H_ */
> diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach-
> socfpga/secure_vab.c
> new file mode 100644
> index 0000000000..3dd4de127b
> --- /dev/null
> +++ b/arch/arm/mach-socfpga/secure_vab.c
> @@ -0,0 +1,188 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (C) 2020 Intel Corporation <www.intel.com>
> + *
> + */
> +
> +#include <common.h>
> +#include <hang.h>
> +#include <asm/arch/mailbox_s10.h>
> +#include <asm/arch/secure_vab.h>
> +#include <asm/arch/smc_api.h>
> +#include <asm/unaligned.h>
> +#include <exports.h>
> +#include <image.h>
> +#include <linux/errno.h>
> +#include <linux/intel-smc.h>
> +#include <log.h>
Sort alphanumeric order
> +
> +#define CHUNKSZ_PER_WD_RESET		(256 * 1024)
SZ_1K for 1024
> +	/* We need to use the 4 bytes before the certificate for T */
What is "T"?


> +	backup_word = *(u32 *)mbox_data_addr;
> +	/* T = 0 */
> +	*(u32 *)mbox_data_addr = 0;
> +
> +	do {
> +#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF)
> +		/* Invoke SMC call to ATF to send the VAB certificate to SDM
> */
> +		ret  = smc_send_mailbox(MBOX_VAB_SRC_CERT,
> mbox_data_sz,
> +					(u32 *)mbox_data_addr, 0,
> &resp_len,
> +					&resp);
> +#else
> +		/* Send the VAB certficate to SDM for authentication */
> +		ret = mbox_send_cmd(MBOX_ID_UBOOT,
> MBOX_VAB_SRC_CERT,
> +				    MBOX_CMD_DIRECT, mbox_data_sz,
> +				    (u32 *)mbox_data_addr, 0, &resp_len,
> +				    &resp);
> +#endif
> +		/* If SDM is not available, just delay 50ms and retry again */
> +		if (ret == MBOX_RESP_DEVICE_BUSY)
> +			mdelay(50);
> +		else
> +			break;
> +	} while (--retry_count);
Should error if retry more than expected value.

> +
> +	/* Restore the original 4 bytes */
> +	*(u32 *)mbox_data_addr = backup_word;
> +
> +	/* Exclude the size of the VAB certificate from image size */
> +	*p_size = img_sz;
> +
> +	debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp,
> +	      resp_len);
> +

[...]

Regards
Ley Foon

[v1 2/5] arm: socfpga: cmd: Support 'vab' command

[Tan, Ley Foon]

> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim@intel.com>
> Sent: Tuesday, November 10, 2020 3:05 PM
> To: u-boot at lists.denx.de
> Cc: Marek Vasut <marex@denx.de>; Tan, Ley Foon
> <ley.foon.tan@intel.com>; See, Chin Liang <chin.liang.see@intel.com>;
> Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>; Chee, Tien Fong
> <tien.fong.chee@intel.com>; Westergreen, Dalon
> <dalon.westergreen@intel.com>; Simon Glass <sjg@chromium.org>; Gan,
> Yau Wai <yau.wai.gan@intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin.lim@intel.com>
> Subject: [v1 2/5] arm: socfpga: cmd: Support 'vab' command
> 
> Support 'vab' command to perform vendor authentication.
> 
> Command format: vab addr len
> Authorize 'len' bytes starting at 'addr' via vendor public key
> 
> Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
> ---
>  arch/arm/mach-socfpga/Makefile |  2 ++
>  arch/arm/mach-socfpga/vab.c    | 37
> +++++++++++++++++++++++++++++++++++++

Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>

[v1 3/5] arm: socfpga: dts: soc64: Update filename in binman node of FIT image with VAB support

[Tan, Ley Foon]

> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim@intel.com>
> Sent: Tuesday, November 10, 2020 3:05 PM
> To: u-boot at lists.denx.de
> Cc: Marek Vasut <marex@denx.de>; Tan, Ley Foon
> <ley.foon.tan@intel.com>; See, Chin Liang <chin.liang.see@intel.com>;
> Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>; Chee, Tien Fong
> <tien.fong.chee@intel.com>; Westergreen, Dalon
> <dalon.westergreen@intel.com>; Simon Glass <sjg@chromium.org>; Gan,
> Yau Wai <yau.wai.gan@intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin.lim@intel.com>
> Subject: [v1 3/5] arm: socfpga: dts: soc64: Update filename in binman node
> of FIT image with VAB support
> 
> FIT image of Vendor Authentication Coot (VAB) contains signed images.
> 
> Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
> ---
>  arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22
> ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
> 
> diff --git a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
> b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
> index 2d4d56a6df..a23b45575a 100644
> --- a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
> +++ b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi

Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>

[v1 4/5] configs: socfpga: soc64: Remove 'run linux_qspi_enable' from bootcommand

[Tan, Ley Foon]

> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim@intel.com>
> Sent: Tuesday, November 10, 2020 3:05 PM
> To: u-boot at lists.denx.de
> Cc: Marek Vasut <marex@denx.de>; Tan, Ley Foon
> <ley.foon.tan@intel.com>; See, Chin Liang <chin.liang.see@intel.com>;
> Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>; Chee, Tien Fong
> <tien.fong.chee@intel.com>; Westergreen, Dalon
> <dalon.westergreen@intel.com>; Simon Glass <sjg@chromium.org>; Gan,
> Yau Wai <yau.wai.gan@intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin.lim@intel.com>
> Subject: [v1 4/5] configs: socfpga: soc64: Remove 'run linux_qspi_enable'
> from bootcommand
> 
> Remove 'run linux_qspi_enable' from bootcommand. When using FIT for OS
> boot, 'run linux_qspi_enable' will be called 'board_prep_linux'
> function.
> 
> Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
> ---
>  include/configs/socfpga_soc64_common.h | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/include/configs/socfpga_soc64_common.h
> b/include/configs/socfpga_soc64_common.h
> index 194df5940d..911c3a91fd 100644
> --- a/include/configs/socfpga_soc64_common.h
> +++ b/include/configs/socfpga_soc64_common.h
> @@ -86,8 +86,7 @@ unsigned int cm_get_qspi_controller_clk_hz(void);
> 
>  #ifdef CONFIG_FIT
>  #define CONFIG_BOOTFILE "kernel.itb"
> -#define CONFIG_BOOTCOMMAND "run fatscript; run mmcfitload;run
> linux_qspi_enable;" \
> -			   "run mmcfitboot"
> +#define CONFIG_BOOTCOMMAND "run fatscript; run mmcfitload; run
> mmcfitboot"
>  #else
>  #define CONFIG_BOOTFILE "Image"
>  #define CONFIG_BOOTCOMMAND "run fatscript; run mmcload;run
> linux_qspi_enable;" \

Latest U-boot moves CONFIG_BOOTCOMMAND to Kconfig, this needs move to _defconfig.

Regards
Ley Foon

[v1 5/5] configs: socfpga: Add defconfig for Agilex and Diamond Mesa with VAB support

[Tan, Ley Foon]

> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim@intel.com>
> Sent: Tuesday, November 10, 2020 3:05 PM
> To: u-boot at lists.denx.de
> Cc: Marek Vasut <marex@denx.de>; Tan, Ley Foon
> <ley.foon.tan@intel.com>; See, Chin Liang <chin.liang.see@intel.com>;
> Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>; Chee, Tien Fong
> <tien.fong.chee@intel.com>; Westergreen, Dalon
> <dalon.westergreen@intel.com>; Simon Glass <sjg@chromium.org>; Gan,
> Yau Wai <yau.wai.gan@intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin.lim@intel.com>
> Subject: [v1 5/5] configs: socfpga: Add defconfig for Agilex and Diamond
> Mesa with VAB support
> 
> Booting Agilex and Diamond Mesa with Vendor Authorized Boot.
> 
> Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
> ---
>  configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} |
> 3 ++-
>  configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig}         | 3
> ++-
>  2 files changed, 4 insertions(+), 2 deletions(-)  copy
> configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig}
> (96%)  copy configs/{socfpga_dm_atf_defconfig =>
> socfpga_dm_vab_defconfig} (96%)
> 
> diff --git a/configs/socfpga_agilex_atf_defconfig
> b/configs/socfpga_agilex_vab_defconfig
> similarity index 96%
> copy from configs/socfpga_agilex_atf_defconfig
> copy to configs/socfpga_agilex_vab_defconfig
> index ad87a8098f..d437f49ce0 100644
> --- a/configs/socfpga_agilex_atf_defconfig
> +++ b/configs/socfpga_agilex_vab_defconfig
> @@ -1,5 +1,4 @@
>  CONFIG_ARM=y
> -CONFIG_ARM_SMCCC=y
>  CONFIG_SPL_LDSCRIPT="arch/arm/mach-socfpga/u-boot-spl-soc64.lds"
>  CONFIG_ARCH_SOCFPGA=y
>  CONFIG_SYS_TEXT_BASE=0x200000
> @@ -8,6 +7,7 @@ CONFIG_ENV_SIZE=0x1000
>  CONFIG_ENV_OFFSET=0x200
>  CONFIG_DM_GPIO=y
>  CONFIG_NR_DRAM_BANKS=2
> +CONFIG_SECURE_VAB_AUTH=y
>  CONFIG_TARGET_SOCFPGA_AGILEX_SOCDK=y
>  CONFIG_IDENT_STRING="socfpga_agilex"
>  CONFIG_SPL_FS_FAT=y
> @@ -15,6 +15,7 @@ CONFIG_SPL_TEXT_BASE=0xFFE00000  CONFIG_FIT=y
> CONFIG_SPL_LOAD_FIT=y
>  CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
> +# CONFIG_LEGACY_IMAGE_FORMAT is not set
>  # CONFIG_USE_SPL_FIT_GENERATOR is not set
>  CONFIG_BOOTDELAY=5
>  CONFIG_USE_BOOTARGS=y
> diff --git a/configs/socfpga_dm_atf_defconfig
> b/configs/socfpga_dm_vab_defconfig
> similarity index 96%
> copy from configs/socfpga_dm_atf_defconfig copy to
> configs/socfpga_dm_vab_defconfig index 975f20c752..97dc269057 100644
> --- a/configs/socfpga_dm_atf_defconfig
> +++ b/configs/socfpga_dm_vab_defconfig
> @@ -1,5 +1,4 @@
>  CONFIG_ARM=y
> -CONFIG_ARM_SMCCC=y
>  CONFIG_SPL_LDSCRIPT="arch/arm/mach-socfpga/u-boot-spl-soc64.lds"
>  CONFIG_ARCH_SOCFPGA=y
>  CONFIG_SYS_TEXT_BASE=0x200000
> @@ -8,6 +7,7 @@ CONFIG_ENV_SIZE=0x1000
>  CONFIG_ENV_OFFSET=0x200
>  CONFIG_DM_GPIO=y
>  CONFIG_NR_DRAM_BANKS=2
> +CONFIG_SECURE_VAB_AUTH=y
>  CONFIG_TARGET_SOCFPGA_DM_SOCDK=y
>  CONFIG_IDENT_STRING="socfpga_dm"
>  CONFIG_SPL_FS_FAT=y
> @@ -15,6 +15,7 @@ CONFIG_SPL_TEXT_BASE=0xFFE00000  CONFIG_FIT=y
> CONFIG_SPL_LOAD_FIT=y
>  CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
> +# CONFIG_LEGACY_IMAGE_FORMAT is not set
>  # CONFIG_USE_SPL_FIT_GENERATOR is not set
>  CONFIG_BOOTDELAY=5
>  CONFIG_USE_BOOTARGS=y

See comment in Patch [4/5], this patch need to be updated.

Regards
Ley Foon