[PATCH v1] imx: spl: fix imx8m secure boot

[PATCH v1] imx: spl: fix imx8m secure boot

[Heiko Schocher]

inspired from NXP code:
719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")

fix loading FIT buffer address to fix position
CONFIG_SYS_TEXT_BASE - CONFIG_FIT_EXTERNAL_OFFSET

and fix secure boot on imx8m based boards. Problem was
that FIT header and so IVT header too, was loaded to
memallocated address. So the ivt header address coded
in IVT itself does not fit with the real position.

Signed-off-by: Heiko Schocher <hs@denx.de>


---
replaces Series:
https://lists.denx.de/pipermail/u-boot/2021-August/457308.html

@Tim: could you please test this version on your hardware?

azure build:
https://dev.azure.com/hs0298/hs/_build/results?buildId=71&view=results
(fetch error for rockchip, but this should be no problem for this
 patch. How do I restart one specific job on azure?)

Works on sdcard and QSPI NOR boot on phycore-imx8mp board.

 arch/arm/mach-imx/spl.c | 11 +++++++++++
 common/spl/spl_fit.c    |  7 ++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 36033d611c..6991d88dbf 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -334,6 +334,17 @@ void board_spl_fit_post_load(const void *fit)
 }
 #endif
 
+#if defined(CONFIG_FIT_EXTERNAL_OFFSET)
+void *board_spl_fit_buffer_addr(ulong fit_size, int bl_len)
+{
+	/*
+	 * use fix position
+	 * TEXT_BASE - FIT_EXTERNAL_OFFSET
+	 */
+	return  (void *)((CONFIG_SYS_TEXT_BASE - CONFIG_FIT_EXTERNAL_OFFSET));
+}
+#endif
+
 #endif
 
 #if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index f41abca0cc..a4337d3c88 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -538,6 +538,11 @@ static void *spl_get_fit_load_buffer(size_t size)
 	return buf;
 }
 
+__weak void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len)
+{
+	return spl_get_fit_load_buffer(sectors * bl_len);
+}
+
 /*
  * Weak default function to allow customizing SPL fit loading for load-only
  * use cases by allowing to skip the parsing/processing of the FIT contents
@@ -631,7 +636,7 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx,
 	 * For FIT with external data, data is not loaded in this step.
 	 */
 	sectors = get_aligned_image_size(info, size, 0);
-	buf = spl_get_fit_load_buffer(sectors * info->bl_len);
+	buf = board_spl_fit_buffer_addr(size, sectors, info->bl_len);
 
 	count = info->read(info, sector, sectors, buf);
 	ctx->fit = buf;
-- 
2.31.1

Re: [EXT] [PATCH v1] imx: spl: fix imx8m secure boot

[Ye Li]

Hi Heiko,

On Mon, 2021-08-16 at 07:07 +0200, Heiko Schocher wrote:
> Caution: EXT Email
> 
> inspired from NXP code:
> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image
> through uuu")
> 
> fix loading FIT buffer address to fix position
> CONFIG_SYS_TEXT_BASE - CONFIG_FIT_EXTERNAL_OFFSET
> 
> and fix secure boot on imx8m based boards. Problem was
> that FIT header and so IVT header too, was loaded to
> memallocated address. So the ivt header address coded
> in IVT itself does not fit with the real position.
> 
> Signed-off-by: Heiko Schocher <hs@denx.de>
> 
> 
> ---
> replaces Series:
> https://lists.denx.de/pipermail/u-boot/2021-August/457308.html
> 
> @Tim: could you please test this version on your hardware?
> 
> azure build:
> https://dev.azure.com/hs0298/hs/_build/results?buildId=71&view=result
> s
> (fetch error for rockchip, but this should be no problem for this
>  patch. How do I restart one specific job on azure?)
> 
> Works on sdcard and QSPI NOR boot on phycore-imx8mp board.
> 
>  arch/arm/mach-imx/spl.c | 11 +++++++++++
>  common/spl/spl_fit.c    |  7 ++++++-
>  2 files changed, 17 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
> index 36033d611c..6991d88dbf 100644
> --- a/arch/arm/mach-imx/spl.c
> +++ b/arch/arm/mach-imx/spl.c
> @@ -334,6 +334,17 @@ void board_spl_fit_post_load(const void *fit)
>  }
>  #endif
> 
> +#if defined(CONFIG_FIT_EXTERNAL_OFFSET)
> +void *board_spl_fit_buffer_addr(ulong fit_size, int bl_len)
> +{
> +       /*
> +        * use fix position
> +        * TEXT_BASE - FIT_EXTERNAL_OFFSET
> +        */
> +       return  (void *)((CONFIG_SYS_TEXT_BASE -
> CONFIG_FIT_EXTERNAL_OFFSET));

It looks odd to use CONFIG_FIT_EXTERNAL_OFFSET. This config is used
to designate the image offset inside the FIT. It is irrelevant here.
Please follow the patch 719d665a87c6: ("MLK-20467 imx8m: Fix issue for
booting signed image through uuu") to fix the issue, which also keep
the HAB block aligned.

Best regards,
Ye Li

> +}
> +#endif
> +
>  #endif
> 
>  #if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> index f41abca0cc..a4337d3c88 100644
> --- a/common/spl/spl_fit.c
> +++ b/common/spl/spl_fit.c
> @@ -538,6 +538,11 @@ static void *spl_get_fit_load_buffer(size_t
> size)
>         return buf;
>  }
> 
> +__weak void *board_spl_fit_buffer_addr(ulong fit_size, int sectors,
> int bl_len)
> +{
> +       return spl_get_fit_load_buffer(sectors * bl_len);
> +}
> +
>  /*
>   * Weak default function to allow customizing SPL fit loading for
> load-only
>   * use cases by allowing to skip the parsing/processing of the FIT
> contents
> @@ -631,7 +636,7 @@ static int spl_simple_fit_read(struct
> spl_fit_info *ctx,
>          * For FIT with external data, data is not loaded in this
> step.
>          */
>         sectors = get_aligned_image_size(info, size, 0);
> -       buf = spl_get_fit_load_buffer(sectors * info->bl_len);
> +       buf = board_spl_fit_buffer_addr(size, sectors, info->bl_len);
> 
>         count = info->read(info, sector, sectors, buf);
>         ctx->fit = buf;
> --
> 2.31.1
> 

Re: [EXT] [PATCH v1] imx: spl: fix imx8m secure boot

[Heiko Schocher]

Hello Li,

On 16.08.21 10:26, Ye Li wrote:
> Hi Heiko,
> 
> On Mon, 2021-08-16 at 07:07 +0200, Heiko Schocher wrote:
>> Caution: EXT Email
>>
>> inspired from NXP code:
>> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image
>> through uuu")
>>
>> fix loading FIT buffer address to fix position
>> CONFIG_SYS_TEXT_BASE - CONFIG_FIT_EXTERNAL_OFFSET
>>
>> and fix secure boot on imx8m based boards. Problem was
>> that FIT header and so IVT header too, was loaded to
>> memallocated address. So the ivt header address coded
>> in IVT itself does not fit with the real position.
>>
>> Signed-off-by: Heiko Schocher <hs@denx.de>
>>
>>
>> ---
>> replaces Series:
>> https://lists.denx.de/pipermail/u-boot/2021-August/457308.html
>>
>> @Tim: could you please test this version on your hardware?
>>
>> azure build:
>> https://dev.azure.com/hs0298/hs/_build/results?buildId=71&view=result
>> s
>> (fetch error for rockchip, but this should be no problem for this
>>  patch. How do I restart one specific job on azure?)
>>
>> Works on sdcard and QSPI NOR boot on phycore-imx8mp board.
>>
>>  arch/arm/mach-imx/spl.c | 11 +++++++++++
>>  common/spl/spl_fit.c    |  7 ++++++-
>>  2 files changed, 17 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
>> index 36033d611c..6991d88dbf 100644
>> --- a/arch/arm/mach-imx/spl.c
>> +++ b/arch/arm/mach-imx/spl.c
>> @@ -334,6 +334,17 @@ void board_spl_fit_post_load(const void *fit)
>>  }
>>  #endif
>>
>> +#if defined(CONFIG_FIT_EXTERNAL_OFFSET)
>> +void *board_spl_fit_buffer_addr(ulong fit_size, int bl_len)
>> +{
>> +       /*
>> +        * use fix position
>> +        * TEXT_BASE - FIT_EXTERNAL_OFFSET
>> +        */
>> +       return  (void *)((CONFIG_SYS_TEXT_BASE -
>> CONFIG_FIT_EXTERNAL_OFFSET));
> 
> It looks odd to use CONFIG_FIT_EXTERNAL_OFFSET. This config is used
> to designate the image offset inside the FIT. It is irrelevant here.
> Please follow the patch 719d665a87c6: ("MLK-20467 imx8m: Fix issue for
> booting signed image through uuu") to fix the issue, which also keep
> the HAB block aligned.

Hmm.. ok, I can change...

bye,
Heiko
> 
> Best regards,
> Ye Li
> 
>> +}
>> +#endif
>> +
>>  #endif
>>
>>  #if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
>> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
>> index f41abca0cc..a4337d3c88 100644
>> --- a/common/spl/spl_fit.c
>> +++ b/common/spl/spl_fit.c
>> @@ -538,6 +538,11 @@ static void *spl_get_fit_load_buffer(size_t
>> size)
>>         return buf;
>>  }
>>
>> +__weak void *board_spl_fit_buffer_addr(ulong fit_size, int sectors,
>> int bl_len)
>> +{
>> +       return spl_get_fit_load_buffer(sectors * bl_len);
>> +}
>> +
>>  /*
>>   * Weak default function to allow customizing SPL fit loading for
>> load-only
>>   * use cases by allowing to skip the parsing/processing of the FIT
>> contents
>> @@ -631,7 +636,7 @@ static int spl_simple_fit_read(struct
>> spl_fit_info *ctx,
>>          * For FIT with external data, data is not loaded in this
>> step.
>>          */
>>         sectors = get_aligned_image_size(info, size, 0);
>> -       buf = spl_get_fit_load_buffer(sectors * info->bl_len);
>> +       buf = board_spl_fit_buffer_addr(size, sectors, info->bl_len);
>>
>>         count = info->read(info, sector, sectors, buf);
>>         ctx->fit = buf;
>> --
>> 2.31.1

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-52   Fax: +49-8142-66989-80   Email: hs@denx.de