On Fri, Jan 12, 2018 at 6:09 PM, Bryan O'Donoghue <bryan.odonog...@linaro.org> wrote: > v6: > - Added patch 21/25 return zero on open (unlocked) board when > calling authenticate_image() - Breno > > - Added Tested-by: Breno Matheus Lima <brenomath...@gmail.com> > as indicated for remainder 24/25 patches > > - Added Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> > as indicated for remainder 24/25 patches > > v5: > - Drop dcache disable across HAB call. > We can't replicate this error on the current codebase and the available > images. We'll have to wait for the error to crop up again before pushing > that patch any further. > > v4: > - No change mixed extra patches @ v3 unnoticed with previous > git-send > > v3: > - Only call into ROM if headers are verified. - Bryan > > - Print HAB event log if and only if a call was made to HAB > and a meaningful status code has been obtained. - Breno > > v2: > - Fix compilation warnings and errors in SPL highlighted by > Breno Matheus Lima > > - Add CC: Breno Matheus Lima <brenomath...@gmail.com> to all patches > > v1: > This patchset updates the i.MX HAB layer in u-boot to fix a list of > identified issues and then to add and extend existing functionality. > > The first block of patches 0001-0006 deal with fixing existing code, > > - Fixes indentation > - Fixes the treatment of input parameters to hab_auth_image. > > The second block of patches 0007-0013 are about tidying up the HAB code > > - Remove reliance on hard-coding to specific offsets > - IVT header drives locating CSF > - Continue to support existing boards > > Patches 0014 onwards extend out the HAB functionality. > > - hab_rvt_check_target is a recommended check in the NXP documents to > perform prior to hab_rvt_authenticate_image > - hab_rvt_failsafe is a useful function to set the board into BootROM > USB recovery mode. > > > > Bryan O'Donoghue (25): > arm: imx: hab: Make authenticate_image return int > arm: imx: hab: Fix authenticate_image result code > arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail > arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail > arm: imx: hab: Move IVT_SIZE to hab.h > arm: imx: hab: Move CSF_PAD_SIZE to hab.h > arm: imx: hab: Fix authenticate_image input parameters > arm: imx: hab: Add IVT header definitions > arm: imx: hab: Add IVT header verification > arm: imx: hab: Verify IVT self matches calculated address > arm: imx: hab: Only call ROM once headers are verified > arm: imx: hab: Print CSF based on IVT descriptor > arm: imx: hab: Print additional IVT elements during debug > arm: imx: hab: Define rvt_check_target() > arm: imx: hab: Implement hab_rvt_check_target > arm: imx: hab: Add a hab_rvt_check_target to image auth > arm: imx: hab: Print HAB event log only after calling ROM > arm: imx: hab: Make internal functions and data static > arm: imx: hab: Prefix authenticate_image with imx_hab > arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled > arm: imx: hab: Make authenticate_image() return zero on open boards > arm: imx: hab: Make imx_hab_is_enabled global > arm: imx: hab: Define rvt_failsafe() > arm: imx: hab: Implement hab_rvt_failsafe > arm: imx: hab: Add hab_failsafe console command > > arch/arm/include/asm/mach-imx/hab.h | 46 +++- > arch/arm/mach-imx/hab.c | 461 > +++++++++++++++++++++--------------- > arch/arm/mach-imx/spl.c | 38 ++- > 3 files changed, 354 insertions(+), 191 deletions(-)
I tried Secure boot before[1] with SPL and U-Boot proper and work well. I'm observing authentication issue while loading U-Boot proper, U-Boot proper now have features like SPL DM and SPL FIT etc U-Boot SPL 2018.03-rc1-00182-gb81f7c9 (Feb 08 2018 - 17:19:03 +0530) Trying to boot from MMC1 Expected Linux image is not found. Trying to start U-boot Authenticate image from DDR location 0x17800000... bad magic magic=0xb8 length=0x841b version=0x17 bad length magic=0xb8 length=0x841b version=0x17 bad version magic=0xb8 length=0x841b version=0x17 spl: ERROR: image authentication unsuccessful ### ERROR ### Please RESET the board ### Please let me know where I missed, I'm authenticating SPL and u-boot-dtb.img now. [1] https://openedev.amarulasolutions.com/display/ODUBOOT/SPL+HABv4 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
