From: Svyatoslav Ryhel <clamor95@gmail.com>
To: Simon Glass <sjg@chromium.org>
Cc: Tom Warren <twarren@nvidia.com>,
Stephen Warren <swarren@nvidia.com>,
Marcel Ziswiler <marcel.ziswiler@toradex.com>,
Allen Martin <amartin@nvidia.com>,
Jagan Teki <jagan@amarulasolutions.com>,
Lukasz Majewski <lukma@denx.de>, Marek Vasut <marex@denx.de>,
Ramin Khonsari <raminterex@yahoo.com>,
Thierry Reding <thierry.reding@gmail.com>,
Maxim Schwalm <maxim.schwalm@gmail.com>,
Dmitry Osipenko <digetx@gmail.com>,
u-boot@lists.denx.de
Subject: Re: [PATCH v2 15/16] ARM: tegra30: implement BCT patching
Date: Fri, 3 Feb 2023 09:27:12 +0200 [thread overview]
Message-ID: <CAPVz0n3ada4kRBs1cNu2h8xVBLuRFRWX_Dw2BbmLcPo2guRedQ@mail.gmail.com> (raw)
In-Reply-To: <CAPnjgZ3rVHpYE1eo5wFfAUp8v0QpE_77jq4eEOOWr3GeEk4FEw@mail.gmail.com>
Greetings!
пт, 3 лют. 2023 р. о 04:15 Simon Glass <sjg@chromium.org> пише:
>
> Hi Svyatoslav,
>
> On Thu, 2 Feb 2023 at 11:23, Svyatoslav Ryhel <clamor95@gmail.com> wrote:
> >
> > From: Ramin Khonsari <raminterex@yahoo.com>
> >
> > This function allows updating bootloader from u-boot
> > on production devices without need in host PC.
> >
> > Be aware! It works only with re-crypted BCT.
> >
> > Tested-by: Andreas Westman Dorcsak <hedmoo@yahoo.com> # ASUS TF T30
> > Tested-by: Svyatoslav Ryhel <clamor95@gmail.com> # LG P895 T30
> > Signed-off-by: Ramin Khonsari <raminterex@yahoo.com>
> > Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
> > ---
> > arch/arm/mach-tegra/Kconfig | 10 ++++
> > arch/arm/mach-tegra/tegra30/Makefile | 1 +
> > arch/arm/mach-tegra/tegra30/bct.c | 78 ++++++++++++++++++++++++++++
> > arch/arm/mach-tegra/tegra30/bct.h | 42 +++++++++++++++
> > 4 files changed, 131 insertions(+)
> > create mode 100644 arch/arm/mach-tegra/tegra30/bct.c
> > create mode 100644 arch/arm/mach-tegra/tegra30/bct.h
>
> Please add something to doc/ about this.
>
> >
> > diff --git a/arch/arm/mach-tegra/Kconfig b/arch/arm/mach-tegra/Kconfig
> > index 5b0cd92d9e..922e57726f 100644
> > --- a/arch/arm/mach-tegra/Kconfig
> > +++ b/arch/arm/mach-tegra/Kconfig
> > @@ -229,4 +229,14 @@ config CMD_ENTERRCM
> > for mechanical button actuators, or hooking up relays/... to the
> > button.
> >
> > +config CMD_EBTUPDATE
> > + bool "Enable 'ebtupdate' command"
> > + depends on TEGRA30
> > + select TEGRA_CRYPTO
> > + default n
>
> That is always the default so you can drop this line
Will do
>
> > + help
> > + Updating u-boot from within u-boot in rather complex or even
> > + impossible on production devices. To make it easier procedure of
> > + re-cryption was created. If your device was re-crypted choose Y.
> > +
> > endif
> > diff --git a/arch/arm/mach-tegra/tegra30/Makefile b/arch/arm/mach-tegra/tegra30/Makefile
> > index 9f170576e7..28dd486d8d 100644
> > --- a/arch/arm/mach-tegra/tegra30/Makefile
> > +++ b/arch/arm/mach-tegra/tegra30/Makefile
> > @@ -3,5 +3,6 @@
> > # Copyright (c) 2010-2012, NVIDIA CORPORATION. All rights reserved.
> >
> > obj-$(CONFIG_SPL_BUILD) += cpu.o
> > +obj-$(CONFIG_$(SPL_)CMD_EBTUPDATE) += bct.o
> >
> > obj-y += clock.o funcmux.o pinmux.o
> > diff --git a/arch/arm/mach-tegra/tegra30/bct.c b/arch/arm/mach-tegra/tegra30/bct.c
> > new file mode 100644
> > index 0000000000..c26338e263
> > --- /dev/null
> > +++ b/arch/arm/mach-tegra/tegra30/bct.c
> > @@ -0,0 +1,78 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (c) 2022, Ramin <raminterex@yahoo.com>
> > + * Copyright (c) 2022, Svyatoslav Ryhel <clamor95@gmail.com>
> > + */
> > +
> > +#include <common.h>
> > +#include <command.h>
> > +#include <log.h>
> > +#include <asm/arch-tegra/crypto.h>
> > +#include "bct.h"
> > +#include "uboot_aes.h"
> > +
> > +/*
> > + * \param bct boot config table start in RAM
> > + * \param ect bootloader start in RAM
> > + * \param ebt_size bootloader file size in bytes
>
> Returns ?
will add
>
> > + */
> > +static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
> > +{
> > + struct nvboot_config_table *bct_tbl = NULL;
> > + u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
> > + u8 sbk[AES128_KEY_LENGTH] = { 0 };
> > + u8 *bct_hash = bct;
> > + int ret;
> > +
> > + bct += BCT_HASH;
> > +
> > + memcpy(sbk, (u8 *)(bct + BCT_LENGTH),
> > + NVBOOT_CMAC_AES_HASH_LENGTH * 4);
> > +
> > + ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
> > + if (ret)
> > + return 1;
> > +
> > + ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
> > +
> > + ret = encrypt_data_block(ebt, ebt_size, sbk);
> > + if (ret)
> > + return 1;
> > +
> > + ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
> > + if (ret)
> > + return 1;
> > +
> > + bct_tbl = (struct nvboot_config_table *)bct;
> > +
> > + memcpy((u8 *)&bct_tbl->bootloader[0].crypto_hash,
> > + ebt_hash, NVBOOT_CMAC_AES_HASH_LENGTH * 4);
> > + bct_tbl->bootloader[0].entry_point = CONFIG_SPL_TEXT_BASE;
> > + bct_tbl->bootloader[0].load_addr = CONFIG_SPL_TEXT_BASE;
> > + bct_tbl->bootloader[0].length = ebt_size;
> > +
> > + ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
> > + if (ret)
> > + return 1;
> > +
> > + ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk);
> > + if (ret)
> > + return 1;
> > +
> > + return 0;
> > +}
> > +
> > +static int do_ebtupdate(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char *const argv[])
> > +{
> > + u32 bct_addr = hextoul(argv[1], NULL);
> > + u32 ebt_addr = hextoul(argv[2], NULL);
> > + u32 ebt_size = hextoul(argv[3], NULL);
> > +
> > + return bct_patch((u8 *)bct_addr, (u8 *)ebt_addr, ebt_size);
> > +}
> > +
> > +U_BOOT_CMD(ebtupdate, 4, 0, do_ebtupdate,
> > + "update bootloader on re-crypted Tegra30 devices",
> > + ""
>
> Please add doc/usage/cmd file
will do
>
> > +);
> > diff --git a/arch/arm/mach-tegra/tegra30/bct.h b/arch/arm/mach-tegra/tegra30/bct.h
> > new file mode 100644
> > index 0000000000..9797384da3
> > --- /dev/null
> > +++ b/arch/arm/mach-tegra/tegra30/bct.h
> > @@ -0,0 +1,42 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +
> > +#ifndef _BCT_H_
> > +#define _BCT_H_
> > +
> > +/*
> > + * Defines the BCT parametres for T30
> > + */
> > +#define BCT_LENGTH 0x17E0
> > +#define BCT_HASH 0x10
> > +#define EBT_ALIGNMENT 0x10
> > +
> > +/*
> > + * Defines the CMAC-AES-128 hash length in 32 bit words. (128 bits = 4 words)
> > + */
> > +#define NVBOOT_CMAC_AES_HASH_LENGTH 4
> > +
> > +/*
> > + * Defines the maximum number of bootloader descriptions in the BCT.
> > + */
> > +#define NVBOOT_MAX_BOOTLOADERS 4
> > +
> > +struct nv_bootloader_info {
> > + u32 version;
> > + u32 start_blk;
> > + u32 start_page;
> > + u32 length;
> > + u32 load_addr;
> > + u32 entry_point;
> > + u32 attribute;
> > + u32 crypto_hash[NVBOOT_CMAC_AES_HASH_LENGTH];
> > +};
> > +
> > +struct nvboot_config_table {
> > + u32 unused0[4];
> > + u32 boot_data_version;
> > + u32 unused1[972];
> > + struct nv_bootloader_info bootloader[NVBOOT_MAX_BOOTLOADERS];
> > + u32 unused2[508];
> > +};
> > +
> > +#endif /* _BCT_H_ */
> > --
> > 2.37.2
> >
>
> Regards,
> Simon
Thanks!
Best regards
Svyatoslav R.
next prev parent reply other threads:[~2023-02-03 7:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-02 18:13 [PATCH v2 00/16] General Tegra improvements Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 01/16] tegra30: clock: add EXTPERIPH Svyatoslav Ryhel
2023-02-03 2:15 ` Simon Glass
2023-02-02 18:13 ` [PATCH v2 02/16] ARM: t20/t30: swap host1x and disp1 clock parents Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 03/16] ARM: tegra: clock: add clk_id_to_pll_id helper Svyatoslav Ryhel
2023-02-02 22:05 ` Tom Warren
2023-02-03 7:19 ` Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 04/16] ARM: tegra: clock: add clock_decode_pair helper Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 05/16] ARM: tegra30: add PLLD to pll setup Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 06/16] ARM: tegra: Fix Tegra PWM parent clock Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 07/16] spi: tegra20_slink: accept any word length Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 08/16] ARM: tegra: provide default USB gadget setup Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 09/16] ARM: tegra: add late init support Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 10/16] ARM: tegra: create common pre-dm i2c write Svyatoslav Ryhel
2023-02-03 2:15 ` Simon Glass
2023-02-03 7:15 ` Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 11/16] board: tegra124: switch to updated " Svyatoslav Ryhel
2023-02-03 2:15 ` Simon Glass
2023-02-02 18:13 ` [PATCH v2 12/16] board: tegra30: " Svyatoslav Ryhel
2023-02-03 2:15 ` Simon Glass
2023-02-02 18:13 ` [PATCH v2 13/16] ARM: tegra: expose crypto module for all Tegra SoCs Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 14/16] ARM: tegra: crypto: extend crypto functional Svyatoslav Ryhel
2023-02-02 18:13 ` [PATCH v2 15/16] ARM: tegra30: implement BCT patching Svyatoslav Ryhel
2023-02-03 2:15 ` Simon Glass
2023-02-03 7:27 ` Svyatoslav Ryhel [this message]
2023-02-02 18:13 ` [PATCH v2 16/16] ARM: tegra20: " Svyatoslav Ryhel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPVz0n3ada4kRBs1cNu2h8xVBLuRFRWX_Dw2BbmLcPo2guRedQ@mail.gmail.com \
--to=clamor95@gmail.com \
--cc=amartin@nvidia.com \
--cc=digetx@gmail.com \
--cc=jagan@amarulasolutions.com \
--cc=lukma@denx.de \
--cc=marcel.ziswiler@toradex.com \
--cc=marex@denx.de \
--cc=maxim.schwalm@gmail.com \
--cc=raminterex@yahoo.com \
--cc=sjg@chromium.org \
--cc=swarren@nvidia.com \
--cc=thierry.reding@gmail.com \
--cc=twarren@nvidia.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.