From: Sascha Hauer <s.hauer@pengutronix.de>
To: "open list:BAREBOX" <barebox@lists.infradead.org>
Subject: [PATCH v2 00/14] am625: support secure loading of full barebox
Date: Tue, 11 Mar 2025 13:25:13 +0100 [thread overview]
Message-ID: <20250311-am625-secure-v2-0-3cbbfa092346@pengutronix.de> (raw)
On K3 SoCs only a small barebox is loaded by the ROM into SRAM. This
barebox then loads the full barebox from SD/eMMC or USB DFU. In a secure
boot environment the full barebox must be authenticated. This series
implements two ways for accomplishing this.
First way is to utilize the ROM API to authenticate images. The other
way is to compile a secure hash into the first stage binary and check
if the full barebox image matches the hash. Using the ROM API means
different first stage and second stage images can be combined whereas
hashing binds specific builds together avoiding mix and match attacks.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
Changes in v2:
- select HAS_INSECURE_DEFAULTS when necessary
- use 'ret' as error value variable rather than mixing 'err' and 'ret'
in a single file
- rename firmware_next_image_verify() to
firmware_next_image_check_sha256() and drop unnecessary hash_size argument
- Link to v1: https://lore.kernel.org/r/20250228-am625-secure-v1-0-4002488ff5ed@pengutronix.de
---
Sascha Hauer (14):
firmware: always generate sha256sum
firmware: add function to verify next image
ARM: k3: r5: drop loading of separate binaries
ARM: k3: r5: add proper error handling
fip: rework fip_image_open()
fip: fix wrong function call
fip: add function to calculate a sha256 over FIP image
ARM: am625: support hash verification of full barebox
ARM: k3: add support for authenticating images against the ROM API
ARM: k3: r5: delete fip image when it can't be opened
ARM: k3: r5: Allow to authenticate next image by ROM API
scripts/k3img: remove temporary files
scripts: add k3sign
ARM: k3: r5: select HAS_INSECURE_DEFAULTS when necessary
arch/arm/mach-k3/Kconfig | 16 ++++
arch/arm/mach-k3/common.c | 99 +++++++++++++++++++++
arch/arm/mach-k3/r5.c | 214 ++++++++++++++++++++++++----------------------
firmware/Kconfig | 23 +++++
firmware/Makefile | 8 +-
include/fiptool.h | 3 +
include/firmware.h | 26 ++++++
include/mach/k3/common.h | 1 +
lib/fip.c | 101 ++++++++++++++--------
scripts/k3img | 9 +-
scripts/k3sign | 126 +++++++++++++++++++++++++++
11 files changed, 481 insertions(+), 145 deletions(-)
---
base-commit: 66b293c915276c3926cfda068f3f7a4b39b19f4a
change-id: 20250228-am625-secure-49301f641738
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
next reply other threads:[~2025-03-11 12:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-11 12:25 Sascha Hauer [this message]
2025-03-11 12:25 ` [PATCH v2 01/14] firmware: always generate sha256sum Sascha Hauer
2025-03-11 13:13 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 02/14] firmware: add function to verify next image Sascha Hauer
2025-03-11 13:19 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 03/14] ARM: k3: r5: drop loading of separate binaries Sascha Hauer
2025-03-11 13:20 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 04/14] ARM: k3: r5: add proper error handling Sascha Hauer
2025-03-11 13:21 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 05/14] fip: rework fip_image_open() Sascha Hauer
2025-03-11 13:42 ` Marco Felsch
2025-03-12 11:02 ` Sascha Hauer
2025-03-12 11:45 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 06/14] fip: fix wrong function call Sascha Hauer
2025-03-11 12:25 ` [PATCH v2 07/14] fip: add function to calculate a sha256 over FIP image Sascha Hauer
2025-03-11 13:43 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 08/14] ARM: am625: support hash verification of full barebox Sascha Hauer
2025-03-11 13:44 ` Marco Felsch
2025-03-11 12:25 ` [PATCH v2 09/14] ARM: k3: add support for authenticating images against the ROM API Sascha Hauer
2025-03-11 12:25 ` [PATCH v2 10/14] ARM: k3: r5: delete fip image when it can't be opened Sascha Hauer
2025-03-11 12:25 ` [PATCH v2 11/14] ARM: k3: r5: Allow to authenticate next image by ROM API Sascha Hauer
2025-03-11 12:25 ` [PATCH v2 12/14] scripts/k3img: remove temporary files Sascha Hauer
2025-03-11 12:25 ` [PATCH v2 13/14] scripts: add k3sign Sascha Hauer
2025-03-11 12:25 ` [PATCH v2 14/14] ARM: k3: r5: select HAS_INSECURE_DEFAULTS when necessary Sascha Hauer
2025-03-11 13:46 ` Marco Felsch
2025-03-12 10:22 ` [PATCH v2 00/14] am625: support secure loading of full barebox Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250311-am625-secure-v2-0-3cbbfa092346@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox