mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Marco Felsch <m.felsch@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>
Cc: "open list:BAREBOX" <barebox@lists.infradead.org>
Subject: Re: [PATCH 00/13] am625: support secure loading of full barebox
Date: Mon, 10 Mar 2025 18:40:58 +0100	[thread overview]
Message-ID: <20250310174058.t3rsxws6syxz2rqp@pengutronix.de> (raw)
In-Reply-To: <20250228-am625-secure-v1-0-4002488ff5ed@pengutronix.de>

Hi Sascha,

On 25-02-28, Sascha Hauer wrote:
> On K3 SoCs only a small barebox is loaded by the ROM into SRAM. This
> barebox then loads the full barebox from SD/eMMC or USB DFU. In a secure
> boot environment the full barebox must be authenticated. This series
> implements two ways for accomplishing this.
> 
> First way is to utilize the ROM API to authenticate images. The other
> way is to compile a secure hash into the first stage binary and check
> if the full barebox image matches the hash. Using the ROM API means
> different first stage and second stage images can be combined whereas
> hashing binds specific builds together avoiding mix and match attacks.

before having a closer look on your patchset, do we really want to have
the 2nd case to be available? If we really want the 2nd case to be
available we should bound it to CONFIG_INSECURE (if not already done).

Regards,
  Marco

> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> Sascha Hauer (13):
>       firmware: always generate sha256sum
>       firmware: add function to verify next image
>       ARM: k3: r5: drop loading of separate binaries
>       ARM: k3: r5: add proper error handling
>       fip: rework fip_image_open()
>       fip: fix wrong function call
>       fip: add function to calculate a sha256 over FIP image
>       ARM: am625: support hash verification of full barebox
>       ARM: k3: add support for authenticating images against the ROM API
>       ARM: k3: r5: delete fip image when it can't be opened
>       ARM: k3: r5: Allow to authenticate next image by ROM API
>       scripts/k3img: remove temporary files
>       scripts: add k3sign
> 
>  arch/arm/mach-k3/Kconfig  |  15 ++++
>  arch/arm/mach-k3/common.c |  99 ++++++++++++++++++++++
>  arch/arm/mach-k3/r5.c     | 206 +++++++++++++++++++++++++---------------------
>  firmware/Kconfig          |  23 ++++++
>  firmware/Makefile         |   8 +-
>  include/fiptool.h         |   3 +
>  include/firmware.h        |  28 +++++++
>  include/mach/k3/common.h  |   1 +
>  lib/fip.c                 | 101 ++++++++++++++---------
>  scripts/k3img             |   9 +-
>  scripts/k3sign            | 126 ++++++++++++++++++++++++++++
>  11 files changed, 478 insertions(+), 141 deletions(-)
> ---
> base-commit: 748ba0627681797b01a94be1b3f879ed2e52a361
> change-id: 20250228-am625-secure-49301f641738
> 
> Best regards,
> -- 
> Sascha Hauer <s.hauer@pengutronix.de>
> 
> 
> 



  parent reply	other threads:[~2025-03-10 18:50 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-28  7:16 Sascha Hauer
2025-02-28  7:16 ` [PATCH 01/13] firmware: always generate sha256sum Sascha Hauer
2025-02-28  7:16 ` [PATCH 02/13] firmware: add function to verify next image Sascha Hauer
2025-03-10 18:37   ` Marco Felsch
2025-03-11  7:35     ` Sascha Hauer
2025-02-28  7:16 ` [PATCH 03/13] ARM: k3: r5: drop loading of separate binaries Sascha Hauer
2025-03-10 18:44   ` Marco Felsch
2025-02-28  7:16 ` [PATCH 04/13] ARM: k3: r5: add proper error handling Sascha Hauer
2025-03-10 18:52   ` Marco Felsch
2025-03-11  8:24     ` Sascha Hauer
2025-03-11  8:50       ` Marco Felsch
2025-02-28  7:16 ` [PATCH 05/13] fip: rework fip_image_open() Sascha Hauer
2025-02-28  7:16 ` [PATCH 06/13] fip: fix wrong function call Sascha Hauer
2025-02-28  7:16 ` [PATCH 07/13] fip: add function to calculate a sha256 over FIP image Sascha Hauer
2025-02-28  7:16 ` [PATCH 08/13] ARM: am625: support hash verification of full barebox Sascha Hauer
2025-03-10 19:22   ` Marco Felsch
2025-03-11  7:53     ` Sascha Hauer
2025-02-28  7:16 ` [PATCH 09/13] ARM: k3: add support for authenticating images against the ROM API Sascha Hauer
2025-02-28  7:16 ` [PATCH 10/13] ARM: k3: r5: delete fip image when it can't be opened Sascha Hauer
2025-02-28  7:16 ` [PATCH 11/13] ARM: k3: r5: Allow to authenticate next image by ROM API Sascha Hauer
2025-03-10 19:26   ` Marco Felsch
2025-03-11  7:54     ` Sascha Hauer
2025-02-28  7:17 ` [PATCH 12/13] scripts/k3img: remove temporary files Sascha Hauer
2025-02-28  7:17 ` [PATCH 13/13] scripts: add k3sign Sascha Hauer
2025-03-10 17:40 ` Marco Felsch [this message]
2025-03-11  8:12   ` [PATCH 00/13] am625: support secure loading of full barebox Sascha Hauer
2025-03-11  8:48     ` Marco Felsch
2025-03-11  9:13       ` Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250310174058.t3rsxws6syxz2rqp@pengutronix.de \
    --to=m.felsch@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    --cc=s.hauer@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox