From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id AB45EECAAD8
	for <u-boot@archiver.kernel.org>; Fri, 16 Sep 2022 04:56:07 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 2320884BA0;
	Fri, 16 Sep 2022 06:55:35 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="db5Lxlmi";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id BAD6384BC7; Fri, 16 Sep 2022 06:55:28 +0200 (CEST)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com
 [IPv6:2607:f8b0:4864:20::532])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 458E884BA0
 for <u-boot@lists.denx.de>; Fri, 16 Sep 2022 06:55:20 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=judge.packham@gmail.com
Received: by mail-pg1-x532.google.com with SMTP id v4so19262841pgi.10
 for <u-boot@lists.denx.de>; Thu, 15 Sep 2022 21:55:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date;
 bh=k/EV/IWP2iaJjxQ6v+W3EF+pI4p86gxs7PnswI3aBZc=;
 b=db5LxlmipJ/g4jIzKuZolp6zF841Abdgp1Nna5IsdzQILq4uc4Gx1wH5J4SwN9/G6j
 /ve/ZNLXkm7D73moAJ5pbYS/bQcY895xQMCXGFaCmSq9offSLd39IT22VVleeYA5c761
 +xlAXjbn1SJGbjepwXW2aG/HzJQF1EWS97xgcLbfpqNzUP6qR6/VR8owyAODJHVrHU8s
 aXg7gdIJDBInTn/J5dbi6A1D/dh7H2MxJlL3A+pSg/0V9PUNF3c5ohbzbvS4kzPDO4y0
 ZDL90QXfwqM3rjnY/ODDBEDlPXiWE4qizoeGQI3XzxRfw7qWfEJtKDnvC2cTo8LDoErV
 DhOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date;
 bh=k/EV/IWP2iaJjxQ6v+W3EF+pI4p86gxs7PnswI3aBZc=;
 b=aK5F9R67I0gH2J2Z78V7YYotO2M0HY1bPkBOnnYqk56Bz711DtEd6wnDNEDCz1EoiC
 A0VNc/6xeFmPMMVLUJVhBq6Vvkddca7uO/KhrZqnomvV1Vj4U45atTPCzMwDxLyYCIQR
 7ysG8cQrk6+gbpfhdi5BeY3m1pJ4J4M8HaOg7Gr0YIs1+WYRmFKcchjTxv2b0+BKNU8o
 gjH1Efefe7U47caSC40S9znABy9bfeO+cSADLEwjjez2qb07FqIg7RkZ5MyV+SLJTral
 4Ec3D3yKZQh8eRAJ/RhaNiyVWzPEdseNS4VFrLyO8vMxBg7obtLaY4eKV+Wb4mvrc+oY
 uX9g==
X-Gm-Message-State: ACrzQf01VR8vHFQEKlV11pKLaqbcMt0M50A7umggkY+95TF+6PRlNX7q
 If11mQ4DubODH23dRe1H7K0=
X-Google-Smtp-Source: AMsMyM4bwhVLTLEZfYXXBgycRKY6f2lJutC6ZKNwwUuEhmQaRW50TzOsWzc3M++Ri4derXM6liUaMQ==
X-Received: by 2002:a05:6a00:809:b0:543:d583:4a6 with SMTP id
 m9-20020a056a00080900b00543d58304a6mr3551396pfk.62.1663304118555; 
 Thu, 15 Sep 2022 21:55:18 -0700 (PDT)
Received: from chrisp-dl.atlnz.lc ([2001:df5:b000:22:1d7c:c94b:55d3:ab82])
 by smtp.gmail.com with ESMTPSA id
 e7-20020a17090301c700b001782398648dsm12340346plh.8.2022.09.15.21.55.14
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 15 Sep 2022 21:55:17 -0700 (PDT)
From: Chris Packham <judge.packham@gmail.com>
To: Stefan Roese <sr@denx.de>
Cc: Elad Nachman <enachman@marvell.com>,
 Vadym Kochan <vadym.kochan@plvision.eu>,
 Chris Packham <judge.packham@gmail.com>,
 =?UTF-8?q?Marek=20Beh=C3=BAn?= <kabel@kernel.org>,
 =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>, u-boot@lists.denx.de
Subject: [PATCH 7/7] tools: kwboot: Add knowledge of Marvell's TIM
Date: Fri, 16 Sep 2022 16:54:23 +1200
Message-Id: <20220916045423.3635985-8-judge.packham@gmail.com>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <20220916045423.3635985-1-judge.packham@gmail.com>
References: <20220916045423.3635985-1-judge.packham@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

Marvell's proprietary TIM (trusted image) is used on the Armada-3700 and
AlledCat5/5X (and possibly others). It has a whole host of features that
work to implement a version of secure boot.

Kwboot's interest in this format is simply to detect that the image is
one of these and not attempt to patch it (the images will work over UART
boot as-is). This is done by checking for a specific magic value
("TIMH") in the first 32bits of the image.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
---
It might be possible to make the check more robust by validating more of
the image. There is a checksum field that might be useful for this
purpose. I haven't done this as I couldn't figure out Marvell's
validation of this field.

 tools/kwbimage.h | 29 +++++++++++++++++++++++++++++
 tools/kwboot.c   |  3 +++
 2 files changed, 32 insertions(+)

diff --git a/tools/kwbimage.h b/tools/kwbimage.h
index 505522332b..8aab26952a 100644
--- a/tools/kwbimage.h
+++ b/tools/kwbimage.h
@@ -224,6 +224,28 @@ struct register_set_hdr_v1 {
 #define OPT_HDR_V1_BINARY_TYPE   0x2
 #define OPT_HDR_V1_REGISTER_TYPE 0x3
 
+/* TIM (trusted image), Armada 3700, AlleyCat5 */
+struct tim_block_hdr {
+	uint32_t signature_id;
+	uint16_t opcode;
+	uint16_t blocksize;
+} __packed;
+
+struct tim_hdr {
+	struct tim_block_hdr hdr;
+	uint32_t trusted;
+	uint32_t signed_tim_size;
+	uint32_t unsigned_tim_size;
+	uint32_t unique_id;
+	uint64_t loadaddr;
+	uint32_t flags;
+	uint32_t software_prot_version;
+	uint32_t num_blocks;
+	uint32_t checksum;
+} __packed;
+
+#define TIM_HDR_SIGNATURE	0x54494d48 /* "TIMH" */
+
 /*
  * Byte 8 of the image header contains the version number. In the v0
  * header, byte 8 was reserved, and always set to 0. In the v1 header,
@@ -270,6 +292,13 @@ static inline size_t kwbheader_size_for_csum(const void *header)
 		return kwbheader_size(header);
 }
 
+static inline bool kwbimage_is_tim(void *img)
+{
+	const struct tim_hdr *hdr = img;
+
+	return le32_to_cpu(hdr->hdr.signature_id) == TIM_HDR_SIGNATURE;
+}
+
 static inline struct ext_hdr_v0 *ext_hdr_v0_first(void *img)
 {
 	struct main_hdr_v0 *mhdr;
diff --git a/tools/kwboot.c b/tools/kwboot.c
index da4fe32da2..a9b3d0fd04 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -1869,6 +1869,9 @@ kwboot_img_patch(void *img, size_t *size, int baudrate)
 	if (*size < sizeof(struct main_hdr_v1))
 		goto err;
 
+	if (kwbimage_is_tim(img))
+		return 0;
+
 	image_ver = kwbimage_version(img);
 	if (image_ver != 0 && image_ver != 1) {
 		fprintf(stderr, "Invalid image header version\n");
-- 
2.37.3