From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E4A1C4338F for ; Sun, 22 Aug 2021 17:44:21 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A113C6124E for ; Sun, 22 Aug 2021 17:44:20 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A113C6124E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5EDF1821F0; Sun, 22 Aug 2021 19:44:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="BSTIrk2K"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="wnTiQ9ul"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9162881BC0; Sun, 22 Aug 2021 19:44:16 +0200 (CEST) Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0A6BC82BD6 for ; Sun, 22 Aug 2021 19:44:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailnew.nyi.internal (Postfix) with ESMTP id 0AB9C580447; Sun, 22 Aug 2021 13:44:11 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 22 Aug 2021 13:44:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= to:cc:references:from:subject:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s=fm3; bh=M 24o2BD1aTm11LYE1op4jTqbDyzbHCs/YQknRTxPsF0=; b=BSTIrk2KuQLsXXFQc RKUrBAy/Lqzsu1XeAEpNlFu166tG0s5hnu4xg7CikoIxb0MBTMz43J1HdrZdCmtL YKYatBD9UD4DuU5hCJpgeQCtlNuWqAVui3ImqKPZT3zzPN+TbAKS42svJpcQZPxp Tdtih+YmU/aDJTdWPHkAhQ5F0gLauQKz1wb6fFOjBzBZfdpSGLsD4gWlmjcwW5FA pMc6/SjGfh4ofG5yanWvdswSeEVddFgnuTOpjNKbIwOjiOTaV/isM82q+KtejEZ6 nfp/1/HPIBKcLSFYe2Zcxhxl/2I1VC91v70SsSJbep5BzqNlwqVEdoJsGj15lLeV Bfx1g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=M24o2BD1aTm11LYE1op4jTqbDyzbHCs/YQknRTxPs F0=; b=wnTiQ9ul4O1WOQD0lKyfotNJ2GHaS0UV4fEzxuvyXbrrodSGF5upU/s9a 0ObgaMLcc9SuJ2T58yVOEm4EVCAy+4MI+EGQ9/kVmEcBh+2Ppdu7x+X/2Rl8PY/Q NV0OAkjVjhn0BXlb7TKqfEpT72lZlU1RMJnnLG4zz0oQcsGSQ9yi5uSetRis5lDh 489CzBuLJVyLXzYX6QpSQFIqIQRgopOj36RIrWTm5tqEBf01fIjIJ/BkiuU92Prp oIPELvzT24jrdtKSMCBA8kh3YQZDRE73ITGmsg72EVx7yOY+FMlimOqM8xzP2IFM BxQ/AOYaSq/Ah7RP5zYbRGXBY0phQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddruddtfedgudduiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefvfhfhuffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpefurghm uhgvlhcujfholhhlrghnugcuoehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhgqeenuc ggtffrrghtthgvrhhnpedvtddtjeeiuddugfffveetkeffgeffgedutdfgfeekudevudek ffehtdefveeuvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 22 Aug 2021 13:44:05 -0400 (EDT) To: =?UTF-8?Q?Pali_Roh=c3=a1r?= Cc: u-boot@lists.denx.de, Jagan Teki , Andre Przywara , AKASHI Takahiro , Alexandru Gagniuc , Baruch Siach , Bharat Gooty , Chris Packham , Fabio Estevam , Frieder Schrempf , Jernej Skrabec , =?UTF-8?Q?Marek_Beh=c3=ban?= , "NXP i.MX U-Boot Team" , Naoki Hayama , Patrick Delaunay , Priyanka Jain , Rayagonda Kokatanur , Simon Glass , Stefan Roese , Stefano Babic , Sughosh Ganu , Trevor Woerner , lauri.hintsala@silabs.com References: <20210822044649.13585-1-samuel@sholland.org> <20210822044649.13585-3-samuel@sholland.org> <20210822100712.6ho23p2y56ghyuny@pali> From: Samuel Holland Subject: Re: [PATCH v2 2/4] tools: mkimage: Add Allwinner TOC0 support Message-ID: Date: Sun, 22 Aug 2021 12:44:05 -0500 User-Agent: Mozilla/5.0 (X11; Linux ppc64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: <20210822100712.6ho23p2y56ghyuny@pali> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 8/22/21 5:07 AM, Pali Rohár wrote: > Hello! > > On Saturday 21 August 2021 23:46:46 Samuel Holland wrote: >> Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and >> secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the >> existing sunxi_egon image type. The secure boot ROM (SBROM) uses a >> completely different image type, known as TOC0. >> >> A TOC0 image is composed of a header and two or more items. One item >> is the firmware binary. The others form a chain linking the firmware >> signature to the root-of-trust public key (ROTPK), which has its hash >> burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256. >> >> The pseudo-ASN.1 structure is manually assembled; this is done to work >> around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0 >> implementation has been verified to work with the A50, A64, H5, H6, >> and H616 SBROMs, and it may work with other SoCs. >> >> Signed-off-by: Samuel Holland >> --- >> >> Changes in v2: >> - Moved certificate and key item structures out of sunxi_image.h >> - Renamed "main" and "item" variables for clarity >> - Improved error messages, and added a hint about key generation >> - Added a comment explaining the purpose of the various key files >> - Mentioned testing this code on A50 in the commit message >> >> arch/arm/Kconfig | 1 + >> common/image.c | 1 + >> include/image.h | 1 + >> include/sunxi_image.h | 36 ++ >> tools/Makefile | 3 +- >> tools/sunxi_toc0.c | 907 ++++++++++++++++++++++++++++++++++++++++++ >> 6 files changed, 948 insertions(+), 1 deletion(-) >> create mode 100644 tools/sunxi_toc0.c >> >> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig >> index d692139199c..799fe7d43af 100644 >> --- a/arch/arm/Kconfig >> +++ b/arch/arm/Kconfig >> @@ -1014,6 +1014,7 @@ config ARCH_SUNXI >> select SUNXI_GPIO >> select SYS_NS16550 >> select SYS_THUMB_BUILD if !ARM64 >> + select TOOLS_LIBCRYPTO >> select USB if DISTRO_DEFAULTS >> select USB_KEYBOARD if DISTRO_DEFAULTS && USB_HOST >> select USB_STORAGE if DISTRO_DEFAULTS && USB_HOST >> diff --git a/common/image.c b/common/image.c >> index 59c52a1f9ad..8f1634c1206 100644 >> --- a/common/image.c >> +++ b/common/image.c >> @@ -191,6 +191,7 @@ static const table_entry_t uimage_type[] = { >> { IH_TYPE_MTKIMAGE, "mtk_image", "MediaTek BootROM loadable Image" }, >> { IH_TYPE_COPRO, "copro", "Coprocessor Image"}, >> { IH_TYPE_SUNXI_EGON, "sunxi_egon", "Allwinner eGON Boot Image" }, >> + { IH_TYPE_SUNXI_TOC0, "sunxi_toc0", "Allwinner TOC0 Boot Image" }, >> { -1, "", "", }, >> }; >> >> diff --git a/include/image.h b/include/image.h >> index e20f0b69d58..a4efc090309 100644 >> --- a/include/image.h >> +++ b/include/image.h >> @@ -284,6 +284,7 @@ enum { >> IH_TYPE_IMX8IMAGE, /* Freescale IMX8Boot Image */ >> IH_TYPE_COPRO, /* Coprocessor Image for remoteproc*/ >> IH_TYPE_SUNXI_EGON, /* Allwinner eGON Boot Image */ >> + IH_TYPE_SUNXI_TOC0, /* Allwinner TOC0 Boot Image */ >> >> IH_TYPE_COUNT, /* Number of image types */ >> }; >> diff --git a/include/sunxi_image.h b/include/sunxi_image.h >> index 5b2055c0af3..399ad0be999 100644 >> --- a/include/sunxi_image.h >> +++ b/include/sunxi_image.h >> @@ -9,9 +9,12 @@ >> * >> * Shared between mkimage and the SPL. >> */ >> + >> #ifndef SUNXI_IMAGE_H >> #define SUNXI_IMAGE_H >> >> +#include >> + >> #define BOOT0_MAGIC "eGON.BT0" >> #define BROM_STAMP_VALUE 0x5f0a6c39 >> #define SPL_SIGNATURE "SPL" /* marks "sunxi" SPL header */ >> @@ -79,4 +82,37 @@ struct boot_file_head { >> /* Compile time check to assure proper alignment of structure */ >> typedef char boot_file_head_not_multiple_of_32[1 - 2*(sizeof(struct boot_file_head) % 32)]; > > (Just suggestion for future, not related to this patch series: above > check could be rewritten/cleaned to use static assert) I will send a separate patch once this is merged. >> >> +struct toc0_main_info { >> + uint8_t name[8]; >> + __le32 magic; >> + __le32 checksum; >> + __le32 serial; >> + __le32 status; >> + __le32 num_items; >> + __le32 length; >> + uint8_t platform[4]; >> + uint8_t reserved[8]; >> + uint8_t end[4]; >> +}; >> + >> +#define TOC0_MAIN_INFO_NAME "TOC0.GLH" >> +#define TOC0_MAIN_INFO_MAGIC 0x89119800 >> +#define TOC0_MAIN_INFO_END "MIE;" >> + >> +struct toc0_item_info { >> + __le32 name; >> + __le32 offset; >> + __le32 length; >> + __le32 status; >> + __le32 type; >> + __le32 load_addr; >> + uint8_t reserved[4]; >> + uint8_t end[4]; >> +}; > > These structures are raw image structures, right? Therefore they should > be marked as __packed? I'm not sure why I would want to do that? The structures do not have any padding to start with, and the layout of the image format implies that they will be naturally aligned (and in fact the boot ROM assumes this). Marking them as packed would only cause GCC to generate less efficient code. >> +U_BOOT_IMAGE_TYPE( >> + sunxi_toc0, >> + "Allwinner TOC0 Boot Image support", >> + TOC0_DEFAULT_HEADER_LEN, >> + NULL, >> + toc0_check_params, >> + toc0_verify_header, >> + toc0_print_header, >> + toc0_set_header, >> + NULL, > > Are you planning to implement this missing (extract_subimage) dumpimage > function in future? Yes, eventually. I didn't want to delay the rest of the code for it, since it is not needed to build U-Boot. Regards, Samuel