[U-Boot] [PATCH v2 0/5] arm: imx6: Enable Secure Boot (HAB) with SPL Builds

[U-Boot] [PATCH v2 0/5] arm: imx6: Enable Secure Boot (HAB) with SPL Builds

[Sven Ebenfeld]

When trying to build U-Boot for Wandboard with Secure Boot, the build fails
because it tries to compile the dekblob commands within the SPL. The dekblob
command depends on the CAAM driver, which is also not required in the SPL. 
Additionally, this blows the SPL up to a size beyond the limit of 69KiB in
i.MX6DL OCRAM. Therefore I deactivate building the commands during SPL build.

Next I implemented HAB verification before jumping to the loaded image. To
create images that are HAB compatible, I updated the mkimage tool and added some
documentation. At last I try to make the signing process easier as the output of
the mkimage tool will be preserverd within the build dir. The output contains
information required to correctly sign HAB images.

Cc: sbabic at denx.de

v2 Changes:
 - Repair build failures in many SPLs due to incorrect variable assignment.
 - Repair mx31 and mx27 builds without imx-common libs (nothing is built there
   for them.

Sven Ebenfeld (5):
  arm: imx: remove bmode , hdmidet and dek commands from SPL
  arm: imx: add HAB authentication of image to SPL boot
  tools: mkimage: add firmware-ivt image type for HAB verification
  doc: imx6: add section for secure boot with SPL
  Makefile: preserve output for images that can contain HAB Blocks

 .gitignore                            |   2 +-
 Makefile                              |  15 +++-
 arch/arm/Makefile                     |   2 +-
 arch/arm/imx-common/Makefile          |   6 ++
 arch/arm/imx-common/hab.c             | 129 ++++++++++++++++++----------------
 arch/arm/imx-common/spl.c             |  25 +++++++
 arch/arm/imx-common/spl_sd.cfg        |  10 +++
 arch/arm/include/asm/imx-common/hab.h |   2 +
 common/image.c                        |   6 ++
 doc/README.imx6                       |  49 +++++++++++++
 include/configs/mx6_common.h          |   3 +
 include/image.h                       |   1 +
 scripts/Makefile.lib                  |   3 +-
 scripts/Makefile.spl                  |   4 +-
 tools/default_image.c                 |  10 ++-
 tools/mkimage.c                       |  32 +++++++++
 16 files changed, 232 insertions(+), 67 deletions(-)

-- 
2.7.4

[U-Boot] [PATCH v2 1/5] arm: imx: remove bmode , hdmidet and dek commands from SPL

[Sven Ebenfeld]

These files are blowing up the SPL and should not be required
there as the SPL delivers no command console. Because building fails
for mx27 and mx31 machines with SPL build, we remove the linker flag
for them from the Makefile. Nothing is built for them to be linked
in that directory.

Cc: sbabic at denx.de

v2 Changes:
 - Remove mx27 and mx31 from Makefile during SPL build as nothing is built for
   them in that directory. And removing the commands with the libs-y directive
   lead to linker failures. e.g. "armv5te-ld.bfd: cannot find arch/arm/imx-common/built-in.o: No such file or directory)"

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
---
 arch/arm/Makefile            | 2 +-
 arch/arm/imx-common/Makefile | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index 42093c2..6faf29e 100644
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -93,7 +93,7 @@ libs-y += arch/arm/cpu/
 libs-y += arch/arm/lib/
 
 ifeq ($(CONFIG_SPL_BUILD),y)
-ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx27 mx5 mx6 mx7 mx31 mx35))
+ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx5 mx6 mx7 mx35))
 libs-y += arch/arm/imx-common/
 endif
 else
diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile
index 1873185..03b3c12 100644
--- a/arch/arm/imx-common/Makefile
+++ b/arch/arm/imx-common/Makefile
@@ -34,9 +34,11 @@ endif
 ifeq ($(SOC),$(filter $(SOC),vf610))
 obj-y += ddrmc-vf610.o
 endif
+ifneq ($(CONFIG_SPL_BUILD),y)
 obj-$(CONFIG_CMD_BMODE) += cmd_bmode.o
 obj-$(CONFIG_CMD_HDMIDETECT) += cmd_hdmidet.o
 obj-$(CONFIG_CMD_DEKBLOB) += cmd_dek.o
+endif
 
 PLUGIN = board/$(BOARDDIR)/plugin
 
-- 
2.7.4

[U-Boot] [PATCH v2 2/5] arm: imx: add HAB authentication of image to SPL boot

[Sven Ebenfeld]

When using HAB as secure boot mechanism on Wandboard, the chain of
trust breaks immediately after the SPL. As this is not checking
the authenticity of the loaded image before jumping to it.

The HAB status output will not be implemented in SPL as it adds
a lot of strings that are only required in debug cases. With those
it exceeds the maximum size of the available OCRAM (69 KiB).

The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
to check if HAB is enabled.

Cc: sbabic at denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
---
 arch/arm/imx-common/hab.c             | 129 ++++++++++++++++++----------------
 arch/arm/imx-common/spl.c             |  25 +++++++
 arch/arm/imx-common/spl_sd.cfg        |  10 +++
 arch/arm/include/asm/imx-common/hab.h |   2 +
 include/configs/mx6_common.h          |   3 +
 5 files changed, 110 insertions(+), 59 deletions(-)

diff --git a/arch/arm/imx-common/hab.c b/arch/arm/imx-common/hab.c
index 6731825..7449487 100644
--- a/arch/arm/imx-common/hab.c
+++ b/arch/arm/imx-common/hab.c
@@ -110,6 +110,10 @@
  * +------------+ + CSF_PAD_SIZE
  */
 
+static bool is_hab_enabled(void);
+
+#if !defined(CONFIG_SPL_BUILD)
+
 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
 
 struct record {
@@ -257,22 +261,6 @@ uint8_t hab_engines[16] = {
 	-1
 };
 
-bool is_hab_enabled(void)
-{
-	struct imx_sec_config_fuse_t *fuse =
-		(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
-	uint32_t reg;
-	int ret;
-
-	ret = fuse_read(fuse->bank, fuse->word, &reg);
-	if (ret) {
-		puts("\nSecure boot fuse read error\n");
-		return ret;
-	}
-
-	return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
-}
-
 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
 {
 	uint8_t idx = 0;
@@ -359,6 +347,68 @@ int get_hab_status(void)
 	return 0;
 }
 
+int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	if ((argc != 1)) {
+		cmd_usage(cmdtp);
+		return 1;
+	}
+
+	get_hab_status();
+
+	return 0;
+}
+
+static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
+				char * const argv[])
+{
+	ulong	addr, ivt_offset;
+	int	rcode = 0;
+
+	if (argc < 3)
+		return CMD_RET_USAGE;
+
+	addr = simple_strtoul(argv[1], NULL, 16);
+	ivt_offset = simple_strtoul(argv[2], NULL, 16);
+
+	rcode = authenticate_image(addr, ivt_offset);
+
+	return rcode;
+}
+
+U_BOOT_CMD(
+		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
+		"display HAB status",
+		""
+	  );
+
+U_BOOT_CMD(
+		hab_auth_img, 3, 0, do_authenticate_image,
+		"authenticate image via HAB",
+		"addr ivt_offset\n"
+		"addr - image hex address\n"
+		"ivt_offset - hex offset of IVT in the image"
+	  );
+
+
+#endif /* !defined(CONFIG_SPL_BUILD) */
+
+static bool is_hab_enabled(void)
+{
+	struct imx_sec_config_fuse_t *fuse =
+		(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
+	uint32_t reg;
+	int ret;
+
+	ret = fuse_read(fuse->bank, fuse->word, &reg);
+	if (ret) {
+		puts("\nSecure boot fuse read error\n");
+		return ret;
+	}
+
+	return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
+}
+
 uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 {
 	uint32_t load_addr = 0;
@@ -400,7 +450,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 				     (void *)(ddr_start + ivt_offset+IVT_SIZE),
 				     4, 0x10, 0);
 
+#if  !defined(CONFIG_SPL_BUILD)
 			get_hab_status();
+#endif
 
 			puts("\nCalling authenticate_image in ROM\n");
 			printf("\tivt_offset = 0x%x\n", ivt_offset);
@@ -449,7 +501,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 
 		hab_caam_clock_enable(0);
 
+#if !defined(CONFIG_SPL_BUILD)
 		get_hab_status();
+#endif
 	} else {
 		puts("hab fuse not enabled\n");
 	}
@@ -459,46 +513,3 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 
 	return result;
 }
-
-int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
-{
-	if ((argc != 1)) {
-		cmd_usage(cmdtp);
-		return 1;
-	}
-
-	get_hab_status();
-
-	return 0;
-}
-
-static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
-				char * const argv[])
-{
-	ulong	addr, ivt_offset;
-	int	rcode = 0;
-
-	if (argc < 3)
-		return CMD_RET_USAGE;
-
-	addr = simple_strtoul(argv[1], NULL, 16);
-	ivt_offset = simple_strtoul(argv[2], NULL, 16);
-
-	rcode = authenticate_image(addr, ivt_offset);
-
-	return rcode;
-}
-
-U_BOOT_CMD(
-		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
-		"display HAB status",
-		""
-	  );
-
-U_BOOT_CMD(
-		hab_auth_img, 3, 0, do_authenticate_image,
-		"authenticate image via HAB",
-		"addr ivt_offset\n"
-		"addr - image hex address\n"
-		"ivt_offset - hex offset of IVT in the image"
-	  );
diff --git a/arch/arm/imx-common/spl.c b/arch/arm/imx-common/spl.c
index bdcda7d..c86b6f8 100644
--- a/arch/arm/imx-common/spl.c
+++ b/arch/arm/imx-common/spl.c
@@ -12,6 +12,7 @@
 #include <asm/arch/imx-regs.h>
 #include <asm/spl.h>
 #include <spl.h>
+#include <asm/imx-common/hab.h>
 
 #if defined(CONFIG_MX6)
 /* determine boot device from SRC_SBMR1 (BOOT_CFG[4:1]) or SRC_GPR9 register */
@@ -90,3 +91,27 @@ u32 spl_boot_mode(const u32 boot_device)
 	}
 }
 #endif
+
+#if defined(CONFIG_SECURE_BOOT)
+
+__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
+{
+	typedef void __noreturn (*image_entry_noargs_t)(void);
+
+	image_entry_noargs_t image_entry =
+		(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
+
+	debug("image entry point: 0x%X\n", spl_image->entry_point);
+
+	/* HAB looks for the CSF at the end of the authenticated data therefore,
+	 * we need to subtract the size of the CSF from the actual filesize */
+	if (authenticate_image(spl_image->load_addr,
+			       spl_image->size - CONFIG_CSF_SIZE)) {
+		image_entry();
+	} else {
+		puts("spl: ERROR:  image authentication unsuccessful\n");
+		hang();
+	}
+}
+
+#endif
diff --git a/arch/arm/imx-common/spl_sd.cfg b/arch/arm/imx-common/spl_sd.cfg
index 5fc3e8a..14c135c 100644
--- a/arch/arm/imx-common/spl_sd.cfg
+++ b/arch/arm/imx-common/spl_sd.cfg
@@ -4,5 +4,15 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
+#define __ASSEMBLY__
+#include <config.h>
+
 IMAGE_VERSION	2
 BOOT_FROM	sd
+
+/*
+ * Secure boot support
+ */
+#ifdef CONFIG_SECURE_BOOT
+CSF CONFIG_CSF_SIZE
+#endif
\ No newline at end of file
diff --git a/arch/arm/include/asm/imx-common/hab.h b/arch/arm/include/asm/imx-common/hab.h
index dab6789..e0ff459 100644
--- a/arch/arm/include/asm/imx-common/hab.h
+++ b/arch/arm/include/asm/imx-common/hab.h
@@ -145,4 +145,6 @@ typedef void hapi_clock_init_t(void);
 
 /* ----------- end of HAB API updates ------------*/
 
+uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size);
+
 #endif
diff --git a/include/configs/mx6_common.h b/include/configs/mx6_common.h
index d28654b..44822d6 100644
--- a/include/configs/mx6_common.h
+++ b/include/configs/mx6_common.h
@@ -98,6 +98,9 @@
 #define CONFIG_FSL_CAAM
 #define CONFIG_CMD_DEKBLOB
 #define CONFIG_SYS_FSL_SEC_LE
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+#endif
 #endif
 
 #endif
-- 
2.7.4

[U-Boot] [PATCH v2 3/5] tools: mkimage: add firmware-ivt image type for HAB verification

[Sven Ebenfeld]

When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic at denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
---
 Makefile              |  9 ++++++++-
 common/image.c        |  6 ++++++
 include/image.h       |  1 +
 tools/default_image.c | 10 ++++++++--
 tools/mkimage.c       | 32 ++++++++++++++++++++++++++++++++
 5 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index dcba7db..15151ff 100644
--- a/Makefile
+++ b/Makefile
@@ -754,7 +754,11 @@ ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
 endif
 endif
 ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
+ifeq ($(CONFIG_MX6)$(CONFIG_SECURE_BOOT), yy)
+ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
+else
 ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
+endif
 ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
 ALL-$(CONFIG_OF_SEPARATE) += u-boot.dtb
 ifeq ($(CONFIG_SPL_FRAMEWORK),y)
@@ -921,6 +925,9 @@ else
 MKIMAGEFLAGS_u-boot.img = -A $(ARCH) -T firmware -C none -O u-boot \
 	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
 	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
+MKIMAGEFLAGS_u-boot-ivt.img = -A $(ARCH) -T firmware_ivt -C none -O u-boot \
+	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
+	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
 endif
 
 MKIMAGEFLAGS_u-boot-dtb.img = $(MKIMAGEFLAGS_u-boot.img)
@@ -934,7 +941,7 @@ MKIMAGEFLAGS_u-boot-spl.kwb = -n $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \
 MKIMAGEFLAGS_u-boot.pbl = -n $(srctree)/$(CONFIG_SYS_FSL_PBL_RCW:"%"=%) \
 		-R $(srctree)/$(CONFIG_SYS_FSL_PBL_PBI:"%"=%) -T pblimage
 
-u-boot-dtb.img u-boot.img u-boot.kwb u-boot.pbl: \
+u-boot-dtb.img u-boot.img u-boot.kwb u-boot.pbl u-boot-ivt.img: \
 		$(if $(CONFIG_SPL_LOAD_FIT),u-boot-nodtb.bin dts/dt.dtb,u-boot.bin) FORCE
 	$(call if_changed,mkimage)
 
diff --git a/common/image.c b/common/image.c
index 0e86c13..01e1dea 100644
--- a/common/image.c
+++ b/common/image.c
@@ -165,6 +165,7 @@ static const table_entry_t uimage_type[] = {
 	{	IH_TYPE_ZYNQIMAGE,  "zynqimage",  "Xilinx Zynq Boot Image" },
 	{	IH_TYPE_ZYNQMPIMAGE, "zynqmpimage", "Xilinx ZynqMP Boot Image" },
 	{	IH_TYPE_FPGA,       "fpga",       "FPGA Image" },
+	{	IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" },
 	{	-1,		    "",		  "",			},
 };
 
@@ -364,6 +365,11 @@ void image_print_contents(const void *ptr)
 				printf("%s    Offset = 0x%08lx\n", p, data);
 			}
 		}
+	} else if (image_check_type(hdr, IH_TYPE_FIRMWARE_IVT)) {
+		printf("HAB Blocks:   0x%08x   0x0000   0x%08x\n",
+				image_get_load(hdr) - image_get_header_size(),
+				image_get_size(hdr) + image_get_header_size()
+						- 0x1FE0);
 	}
 }
 
diff --git a/include/image.h b/include/image.h
index 2b1296c..14d0a3d 100644
--- a/include/image.h
+++ b/include/image.h
@@ -279,6 +279,7 @@ enum {
 	IH_TYPE_ZYNQMPIMAGE,		/* Xilinx ZynqMP Boot Image */
 	IH_TYPE_FPGA,			/* FPGA Image */
 	IH_TYPE_VYBRIDIMAGE,	/* VYBRID .vyb Image */
+	IH_TYPE_FIRMWARE_IVT,		/* Firmware Image with HABv4 IVT */
 
 	IH_TYPE_COUNT,			/* Number of image types */
 };
diff --git a/tools/default_image.c b/tools/default_image.c
index 6e4ae14..4e5568e 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -25,7 +25,7 @@ static image_header_t header;
 static int image_check_image_types(uint8_t type)
 {
 	if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) ||
-	    (type == IH_TYPE_KERNEL_NOLOAD))
+	    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT))
 		return EXIT_SUCCESS;
 	else
 		return EXIT_FAILURE;
@@ -89,6 +89,7 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 {
 	uint32_t checksum;
 	time_t time;
+	uint32_t imagesize;
 
 	image_header_t * hdr = (image_header_t *)ptr;
 
@@ -98,11 +99,16 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 			sbuf->st_size - sizeof(image_header_t));
 
 	time = imagetool_get_source_date(params, sbuf->st_mtime);
+	if (params->type == IH_TYPE_FIRMWARE_IVT)
+		/* Add size of CSF minus IVT */
+		imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
+	else
+		imagesize = sbuf->st_size - sizeof(image_header_t);
 
 	/* Build new header */
 	image_set_magic(hdr, IH_MAGIC);
 	image_set_time(hdr, time);
-	image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
+	image_set_size(hdr, imagesize);
 	image_set_load(hdr, params->addr);
 	image_set_ep(hdr, params->ep);
 	image_set_dcrc(hdr, checksum);
diff --git a/tools/mkimage.c b/tools/mkimage.c
index 3c594a0..46ff533 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -9,6 +9,7 @@
  */
 
 #include "mkimage.h"
+#include "imximage.h"
 #include <image.h>
 #include <version.h>
 
@@ -503,6 +504,37 @@ int main(int argc, char **argv)
 		} else {
 			copy_file(ifd, params.datafile, pad_len);
 		}
+		if (params.type == IH_TYPE_FIRMWARE_IVT) {
+			/* Add alignment and IVT */
+			uint32_t aligned_filesize = (params.file_size + 0x1000
+					- 1) & ~(0x1000 - 1);
+			flash_header_v2_t ivt_header = { { 0xd1, 0x2000, 0x40 },
+					params.addr, 0, 0, 0, params.addr
+							+ aligned_filesize
+							- tparams->header_size,
+					params.addr + aligned_filesize
+							- tparams->header_size
+							+ 0x20, 0 };
+			int i = params.file_size;
+			for (; i < aligned_filesize; i++) {
+				if (write(ifd, &i, 1) != 1) {
+					fprintf(stderr,
+							"%s: Write error on %s: %s\n",
+							params.cmdname,
+							params.imagefile,
+							strerror(errno));
+					exit(EXIT_FAILURE);
+				}
+			}
+			if (write(ifd, &ivt_header, sizeof(flash_header_v2_t))
+					!= sizeof(flash_header_v2_t)) {
+				fprintf(stderr, "%s: Write error on %s: %s\n",
+						params.cmdname,
+						params.imagefile,
+						strerror(errno));
+				exit(EXIT_FAILURE);
+			}
+		}
 	}
 
 	/* We're a bit of paranoid */
-- 
2.7.4

[U-Boot] [PATCH v2 4/5] doc: imx6: add section for secure boot with SPL

[Sven Ebenfeld]

Cc: sbabic at denx.de

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
---
 doc/README.imx6 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/doc/README.imx6 b/doc/README.imx6
index 73b8b0b..add1d80 100644
--- a/doc/README.imx6
+++ b/doc/README.imx6
@@ -138,3 +138,51 @@ c
 The last "c" command tells kermit (from ckermit package in most distros)
 to switch from command line mode to communication mode, and when the
 script is finished, the U-Boot prompt is shown in the same shell.
+
+3. Using Secure Boot on i.MX6 machines with SPL support
+-------------------------------------------------------
+
+This version of U-Boot is able to build a signable version of the SPL
+as well as a signable version of the U-Boot image. The signature can
+be verified through High Assurance Boot (HAB).
+
+CONFIG_SECURE_BOOT is needed to build those two binaries.
+After building, you need to create a command sequence file and use
+Freescales Code Signing Tool to sign both binaries. After creation,
+the mkimage tool outputs the required information about the HAB Blocks
+parameter for the CSF.
+
+More information about the CSF and HAB can be found in the AN4581.
+https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
+
+We don't want to explain how to create a PKI tree or SRK table as
+this is well explained in the Application Note.
+
+Example Output of the SPL (imximage) creation:
+ Image Type:   Freescale IMX Boot Image
+ Image Ver:    2 (i.MX53/6/7 compatible)
+ Mode:         DCD
+ Data Size:    61440 Bytes = 60.00 kB = 0.06 MB
+ Load Address: 00907420
+ Entry Point:  00908000
+ HAB Blocks:   00907400 00000000 0000cc00
+
+Example Output of the u-boot-ivt.img (firmware_ivt) creation:
+ Image Name:   U-Boot 2016.11-rc1-31589-g2a4411
+ Created:      Sat Nov  5 21:53:28 2016
+ Image Type:   ARM U-Boot Firmware with HABv4 IVT (uncompressed)
+ Data Size:    352192 Bytes = 343.94 kB = 0.34 MB
+ Load Address: 17800000
+ Entry Point:  00000000
+ HAB Blocks:   0x177fffc0   0x0000   0x00054020
+
+The CST (Code Signing Tool) can be downloaded from NXP.
+# Compile CSF and create signature
+./cst --o csf-u-boot.bin < command_sequence_uboot.csf
+./cst --o csf-SPL.bin < command_sequence_spl.csf
+# Append compiled CSF to Binary
+cat SPL csf-SPL.bin > SPL-signed
+cat u-boot-ivt.img csf-u-boot.bin > u-boot-signed.img
+
+These two signed binaries can be used on an i.MX6 in closed
+configuration when the according SRK Table Hash has been flashed.
\ No newline at end of file
-- 
2.7.4

[U-Boot] [PATCH v2 5/5] Makefile: preserve output for images that can contain HAB Blocks

[Sven Ebenfeld]

To being able to sign created binaries, we need to know the HAB Blocks
for that image. Especially for the imximage type the HAB Blocks are
only available during creation of the image. We want to preserve the
information until we get to sign the files.
In the verbose case we still get them printed out instead of writing
to log files.

Cc: sbabic at denx.de

v2-Changes:
 - No usage of MKIMAGEOUTPUT_$(@F) macro.
 - Predefine default value /dev/null in every involved Makefile.

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
---
 .gitignore                   | 2 +-
 Makefile                     | 6 +++++-
 arch/arm/imx-common/Makefile | 4 ++++
 doc/README.imx6              | 3 ++-
 scripts/Makefile.lib         | 3 ++-
 scripts/Makefile.spl         | 4 +++-
 6 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 33abbd3..7fac5b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,7 +31,7 @@
 # Top-level generic files
 #
 /MLO*
-/SPL
+/SPL*
 /System.map
 /u-boot*
 /boards.cfg
diff --git a/Makefile b/Makefile
index 15151ff..1c19627 100644
--- a/Makefile
+++ b/Makefile
@@ -804,9 +804,11 @@ cmd_zobjcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $(OBJCOPYFLAGS_$(@F)) $< $@
 quiet_cmd_efipayload = OBJCOPY $@
 cmd_efipayload = $(OBJCOPY) -I binary -O $(EFIPAYLOAD_BFDTARGET) -B $(EFIPAYLOAD_BFDARCH) $< $@
 
+MKIMAGEOUTPUT ?= /dev/null
+
 quiet_cmd_mkimage = MKIMAGE $@
 cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
-	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+	$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))
 
 quiet_cmd_cat = CAT     $@
 cmd_cat = cat $(filter-out $(PHONY), $^) > $@
@@ -928,6 +930,8 @@ MKIMAGEFLAGS_u-boot.img = -A $(ARCH) -T firmware -C none -O u-boot \
 MKIMAGEFLAGS_u-boot-ivt.img = -A $(ARCH) -T firmware_ivt -C none -O u-boot \
 	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
 	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
+u-boot-ivt.img: MKIMAGEOUTPUT = u-boot-ivt.img.log
+CLEAN_FILES += u-boot-ivt.img.log u-boot-dtb.imx.log SPL.log u-boot.imx.log
 endif
 
 MKIMAGEFLAGS_u-boot-dtb.img = $(MKIMAGEFLAGS_u-boot.img)
diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile
index 03b3c12..da53f62 100644
--- a/arch/arm/imx-common/Makefile
+++ b/arch/arm/imx-common/Makefile
@@ -68,6 +68,7 @@ $(IMX_CONFIG): %.cfgtmp: % FORCE
 
 MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
 	-e $(CONFIG_SYS_TEXT_BASE)
+u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log
 
 u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 	$(call if_changed,mkimage)
@@ -75,6 +76,7 @@ u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 ifeq ($(CONFIG_OF_SEPARATE),y)
 MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
 	-e $(CONFIG_SYS_TEXT_BASE)
+u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log
 
 u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 	$(call if_changed,mkimage)
@@ -83,6 +85,8 @@ endif
 MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
 	-e $(CONFIG_SPL_TEXT_BASE)
 
+SPL: MKIMAGEOUTPUT = SPL.log
+
 SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 	$(call if_changed,mkimage)
 
diff --git a/doc/README.imx6 b/doc/README.imx6
index add1d80..0e00968 100644
--- a/doc/README.imx6
+++ b/doc/README.imx6
@@ -150,7 +150,8 @@ CONFIG_SECURE_BOOT is needed to build those two binaries.
 After building, you need to create a command sequence file and use
 Freescales Code Signing Tool to sign both binaries. After creation,
 the mkimage tool outputs the required information about the HAB Blocks
-parameter for the CSF.
+parameter for the CSF. During the build, the information is preserved
+in log files named as the binaries. (SPL.log and u-boot-ivt.log).
 
 More information about the CSF and HAB can be found in the AN4581.
 https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 45a0e1d..fb69438 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -431,6 +431,7 @@ cmd_xzmisc = (cat $(filter-out FORCE,$^) | \
 #
 # mkimage
 # ---------------------------------------------------------------------------
+MKIMAGEOUTPUT ?= /dev/null
 quiet_cmd_mkimage = MKIMAGE $@
 cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
-	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+	$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))
diff --git a/scripts/Makefile.spl b/scripts/Makefile.spl
index e8cf9f3..04f90e4 100644
--- a/scripts/Makefile.spl
+++ b/scripts/Makefile.spl
@@ -122,9 +122,11 @@ LDPPFLAGS += \
 	$(shell $(LD) --version | \
 	  sed -ne 's/GNU ld version \([0-9][0-9]*\)\.\([0-9][0-9]*\).*/-DLD_MAJOR=\1 -DLD_MINOR=\2/p')
 
+MKIMAGEOUTPUT ?= /dev/null
+
 quiet_cmd_mkimage = MKIMAGE $@
 cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
-	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+	$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))
 
 MKIMAGEFLAGS_MLO = -T omapimage -a $(CONFIG_SPL_TEXT_BASE)
 
-- 
2.7.4

[U-Boot] [PATCH v2 1/5] arm: imx: remove bmode , hdmidet and dek commands from SPL

[George McCollister]

On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld <sven.ebenfeld@gmail.com> wrote:
> These files are blowing up the SPL and should not be required
> there as the SPL delivers no command console. Because building fails
> for mx27 and mx31 machines with SPL build, we remove the linker flag
> for them from the Makefile. Nothing is built for them to be linked
> in that directory.
>
> Cc: sbabic at denx.de
>
> v2 Changes:
>  - Remove mx27 and mx31 from Makefile during SPL build as nothing is built for
>    them in that directory. And removing the commands with the libs-y directive
>    lead to linker failures. e.g. "armv5te-ld.bfd: cannot find arch/arm/imx-common/built-in.o: No such file or directory)"
>
> Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
> ---
>  arch/arm/Makefile            | 2 +-
>  arch/arm/imx-common/Makefile | 2 ++
>  2 files changed, 3 insertions(+), 1 deletion(-)
>

Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>

[U-Boot] [PATCH v2 2/5] arm: imx: add HAB authentication of image to SPL boot

[George McCollister]

On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld <sven.ebenfeld@gmail.com> wrote:
> When using HAB as secure boot mechanism on Wandboard, the chain of
> trust breaks immediately after the SPL. As this is not checking
> the authenticity of the loaded image before jumping to it.
>
> The HAB status output will not be implemented in SPL as it adds
> a lot of strings that are only required in debug cases. With those
> it exceeds the maximum size of the available OCRAM (69 KiB).
>
> The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
> to check if HAB is enabled.
>
> Cc: sbabic at denx.de
>
> v2-Changes: None
>
> Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
> ---
>  arch/arm/imx-common/hab.c             | 129 ++++++++++++++++++----------------
>  arch/arm/imx-common/spl.c             |  25 +++++++
>  arch/arm/imx-common/spl_sd.cfg        |  10 +++
>  arch/arm/include/asm/imx-common/hab.h |   2 +
>  include/configs/mx6_common.h          |   3 +
>  5 files changed, 110 insertions(+), 59 deletions(-)
>

Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>

[U-Boot] [PATCH v2 3/5] tools: mkimage: add firmware-ivt image type for HAB verification

[George McCollister]

On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld <sven.ebenfeld@gmail.com> wrote:
> When we want to use Secure Boot with HAB from SPL over U-Boot.img,
> we need to append the IVT to the image and leave space for the CSF.
> Images generated as firmware_ivt can directly be signed using the
> Freescale code signing tool. For creation of a CSF, mkimage outputs
> the correct HAB Blocks for the image.
> The changes to the usual firmware image class are quite small,
> that is why I implemented that directly into the default_image.
>
> Cc: sbabic at denx.de
>
> v2-Changes: None
>
> Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
> ---
>  Makefile              |  9 ++++++++-
>  common/image.c        |  6 ++++++
>  include/image.h       |  1 +
>  tools/default_image.c | 10 ++++++++--
>  tools/mkimage.c       | 32 ++++++++++++++++++++++++++++++++
>  5 files changed, 55 insertions(+), 3 deletions(-)
>

Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>

[U-Boot] [PATCH v2 4/5] doc: imx6: add section for secure boot with SPL

[George McCollister]

On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld <sven.ebenfeld@gmail.com> wrote:
> Cc: sbabic at denx.de
>
> Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
> ---
>  doc/README.imx6 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 48 insertions(+)
>

Reviewed-by: George McCollister <george.mccollister@gmail.com>

[U-Boot] [PATCH v2 5/5] Makefile: preserve output for images that can contain HAB Blocks

[George McCollister]

On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld <sven.ebenfeld@gmail.com> wrote:
> To being able to sign created binaries, we need to know the HAB Blocks
> for that image. Especially for the imximage type the HAB Blocks are
> only available during creation of the image. We want to preserve the
> information until we get to sign the files.
> In the verbose case we still get them printed out instead of writing
> to log files.
>
> Cc: sbabic at denx.de
>
> v2-Changes:
>  - No usage of MKIMAGEOUTPUT_$(@F) macro.
>  - Predefine default value /dev/null in every involved Makefile.
>
> Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
> ---
>  .gitignore                   | 2 +-
>  Makefile                     | 6 +++++-
>  arch/arm/imx-common/Makefile | 4 ++++
>  doc/README.imx6              | 3 ++-
>  scripts/Makefile.lib         | 3 ++-
>  scripts/Makefile.spl         | 4 +++-
>  6 files changed, 17 insertions(+), 5 deletions(-)
>

Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>

[U-Boot] [PATCH v2 0/5] arm: imx6: Enable Secure Boot (HAB) with SPL Builds

[Stefano Babic]

On 06/11/2016 16:37, Sven Ebenfeld wrote:
> When trying to build U-Boot for Wandboard with Secure Boot, the build fails
> because it tries to compile the dekblob commands within the SPL. The dekblob
> command depends on the CAAM driver, which is also not required in the SPL. 
> Additionally, this blows the SPL up to a size beyond the limit of 69KiB in
> i.MX6DL OCRAM. Therefore I deactivate building the commands during SPL build.
> 
> Next I implemented HAB verification before jumping to the loaded image. To
> create images that are HAB compatible, I updated the mkimage tool and added some
> documentation. At last I try to make the signing process easier as the output of
> the mkimage tool will be preserverd within the build dir. The output contains
> information required to correctly sign HAB images.
> 
> Cc: sbabic at denx.de
> 
> v2 Changes:
>  - Repair build failures in many SPLs due to incorrect variable assignment.
>  - Repair mx31 and mx27 builds without imx-common libs (nothing is built there
>    for them.
> 
> Sven Ebenfeld (5):
>   arm: imx: remove bmode , hdmidet and dek commands from SPL
>   arm: imx: add HAB authentication of image to SPL boot
>   tools: mkimage: add firmware-ivt image type for HAB verification
>   doc: imx6: add section for secure boot with SPL
>   Makefile: preserve output for images that can contain HAB Blocks
> 
>  .gitignore                            |   2 +-
>  Makefile                              |  15 +++-
>  arch/arm/Makefile                     |   2 +-
>  arch/arm/imx-common/Makefile          |   6 ++
>  arch/arm/imx-common/hab.c             | 129 ++++++++++++++++++----------------
>  arch/arm/imx-common/spl.c             |  25 +++++++
>  arch/arm/imx-common/spl_sd.cfg        |  10 +++
>  arch/arm/include/asm/imx-common/hab.h |   2 +
>  common/image.c                        |   6 ++
>  doc/README.imx6                       |  49 +++++++++++++
>  include/configs/mx6_common.h          |   3 +
>  include/image.h                       |   1 +
>  scripts/Makefile.lib                  |   3 +-
>  scripts/Makefile.spl                  |   4 +-
>  tools/default_image.c                 |  10 ++-
>  tools/mkimage.c                       |  32 +++++++++
>  16 files changed, 232 insertions(+), 67 deletions(-)
> 

Applied to u-boot-imx, -master, thanks !

Best regards,
Stefano Babic

-- 
=====================================================================
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================