From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Subject: [PATCH v3 00/16] HAB for i.MX8MQ
Date: Tue, 6 Aug 2019 07:10:50 +0200 [thread overview]
Message-ID: <cover.20f706d0d5a7ead5c114378becb025aefb9c7b8a.1565068235.git-series.r.czerwinski@pengutronix.de> (raw)
This patch series adds HAB support for i.MX8MQ.
This was tested on the NXP i.MX8MQ EVK. Other i.MX8MQ boards should
still be supported but will require a lowlevel.c rework similar to this
done for the i.MX8MQ.
The first part adds the necessary HAB interfaces for i.MX8MQ. Than the
ability to read and copy the piggydata to the correct location in DRAM
is added. Next imx-image is adjusted to support signing of the i.MX8MQ
images. The fourth part is the addition of sha256 to the PBL. This is
necessary since only the PBL is authenticated using HAB, the main
barebox binary is than authenticated to a sha256sum built into the PBL.
Finally the EVK board files are adjusted to the changes.
To test, add the following lines to Makefile.imx:
FILE_barebox-nxp-imx8mq-evk-signed.img = start_nxp_imx8mq_evk.pblb.psimximg
image-$(CONFIG_MACH_NXP_IMX8MQ_EVK) = barebox-nxp-imx8mq-evk-signed.img
v3:
- flush before invalidate for status retrival
- drop global_variable_offset from piggy verification stage
- switch to current_el() from DRAM and TF-A init required detection
- make PBL_VERIFY_PIGGY not user configurable and select it from ARCH_IMX8MQ
By Lucas Stach
v2:
- Add the -p option to imx-image and use this options to distinguish the
different HAB insertion methods.
- Add wrappers and rework panic for PBL, allowing the same use in PBL as
in barebox.
- Rework hab initcalls by moving the status calls under explanation and
removing the return variable.
By Sascha Hauer
Kind Regards,
Rouven Czerwinski
Rouven Czerwinski (16):
i.MX: HABv4: ignore return for i.MX28/6 initcalls
i.MX: HABv4: implement interface for i.MX8MQ
mach-imx: enable HAB on i.MX8MQ
arm: lib: add CSF section between PBL and piggy
esdhc-pbl: extract header parsing from image start
esdhc-pbl: add piggy load function
sections: fix macro for barebox_pbl_size
scripts: imx: support signing for i.MX8MQ
images: always build sha256sum into pbl
pbl: add sha256 and piggy verification to PBL
stdio: puts and putchar static inline wrappers
pbl: support panic with log output
arm: uncompress: verify sha256 if enabled
mach-imx: add gencsf header for i.MX8MQ
mach-imx: hab: select piggy verification for i.MX8
boards: nxp-mx8-evk: rework to different boot flow
arch/arm/boards/nxp-imx8mq-evk/Makefile | 4 +-
arch/arm/boards/nxp-imx8mq-evk/flash-header-imx8mq-evk.imxcfg | 1 +-
arch/arm/boards/nxp-imx8mq-evk/lowlevel.c | 81 ++--
arch/arm/boards/nxp-imx8mq-evk/trampoline.S | 10 +-
arch/arm/cpu/uncompress.c | 17 +-
arch/arm/lib/pbl.lds.S | 17 +-
arch/arm/mach-imx/Kconfig | 5 +-
arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h | 59 +++-
arch/arm/mach-imx/include/mach/imx-header.h | 2 +-
arch/arm/mach-imx/include/mach/xload.h | 5 +-
arch/arm/mach-imx/xload-common.c | 6 +-
crypto/Makefile | 2 +-
crypto/sha2.c | 11 +-
drivers/hab/hab.c | 2 +-
drivers/hab/habv4.c | 134 ++++++-
drivers/mci/imx-esdhc-pbl.c | 90 ++++-
images/Makefile | 22 +-
images/Makefile.imx | 11 +-
images/sha_sum.S | 7 +-
include/asm-generic/sections.h | 4 +-
include/crypto/pbl-sha.h | 13 +-
include/pbl.h | 2 +-
include/stdio.h | 17 +-
pbl/Kconfig | 9 +-
pbl/decomp.c | 39 ++-
pbl/misc.c | 5 +-
scripts/imx/imx-image.c | 64 ++-
scripts/imx/imx.c | 15 +-
28 files changed, 556 insertions(+), 98 deletions(-)
create mode 100644 arch/arm/boards/nxp-imx8mq-evk/trampoline.S
create mode 100644 arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h
create mode 100644 images/sha_sum.S
create mode 100644 include/crypto/pbl-sha.h
base-commit: af66ec677c40dfaed68a124d21dd59d5f8c63381
--
git-series 0.9.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next reply other threads:[~2019-08-06 5:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-06 5:10 Rouven Czerwinski [this message]
2019-08-06 5:10 ` [PATCH v3 01/16] i.MX: HABv4: ignore return for i.MX28/6 initcalls Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 02/16] i.MX: HABv4: implement interface for i.MX8MQ Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 03/16] mach-imx: enable HAB on i.MX8MQ Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 04/16] arm: lib: add CSF section between PBL and piggy Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 05/16] esdhc-pbl: extract header parsing from image start Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 06/16] esdhc-pbl: add piggy load function Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 07/16] sections: fix macro for barebox_pbl_size Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 08/16] scripts: imx: support signing for i.MX8MQ Rouven Czerwinski
2019-08-06 5:10 ` [PATCH v3 09/16] images: always build sha256sum into pbl Rouven Czerwinski
2019-08-06 5:11 ` [PATCH v3 10/16] pbl: add sha256 and piggy verification to PBL Rouven Czerwinski
2019-08-06 8:16 ` Lucas Stach
2019-08-06 13:21 ` [PATCH] fixup! " r.czerwinski
2019-08-06 5:11 ` [PATCH v3 11/16] stdio: puts and putchar static inline wrappers Rouven Czerwinski
2019-08-06 5:11 ` [PATCH v3 12/16] pbl: support panic with log output Rouven Czerwinski
2019-08-06 5:11 ` [PATCH v3 13/16] arm: uncompress: verify sha256 if enabled Rouven Czerwinski
2019-08-06 5:11 ` [PATCH v3 14/16] mach-imx: add gencsf header for i.MX8MQ Rouven Czerwinski
2019-08-06 5:11 ` [PATCH v3 15/16] mach-imx: hab: select piggy verification for i.MX8 Rouven Czerwinski
2019-08-06 5:11 ` [PATCH v3 16/16] boards: nxp-mx8-evk: rework to different boot flow Rouven Czerwinski
2019-08-08 6:21 ` [PATCH v3 00/16] HAB for i.MX8MQ Sascha Hauer
2019-08-08 6:51 ` Rouven Czerwinski
2019-08-08 7:43 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.20f706d0d5a7ead5c114378becb025aefb9c7b8a.1565068235.git-series.r.czerwinski@pengutronix.de \
--to=r.czerwinski@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox