Hi Ley Foon,
> -----Original Message-----
> From: Tan, Ley Foon <ley.foon....@intel.com>
> Sent: Friday, February 26, 2021 5:56 PM
> To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com>; u-boot@lists.denx.de
> Cc: Marek Vasut <ma...@denx.de>; See, Chin Liang
> <chin.liang....@intel.com>; Simon Goldschmidt
> <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong
> <tien.fong.c...@intel.com>; Westergreen, Dalon
> <dalon.westergr...@intel.com>; Simon Glass <s...@chromium.org>; Gan,
> Yau Wai <yau.wai....@intel.com>
> Subject: RE: [v3 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot
> (VAB)
>
>
>
> > -----Original Message-----
> > From: Lim, Elly Siew Chin <elly.siew.chin....@intel.com>
> > Sent: Friday, February 5, 2021 6:52 PM
> > To: u-boot@lists.denx.de
> > Cc: Marek Vasut <ma...@denx.de>; Tan, Ley Foon
> > <ley.foon....@intel.com>; See, Chin Liang <chin.liang....@intel.com>;
> > Simon Goldschmidt <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong
> > <tien.fong.c...@intel.com>; Westergreen, Dalon
> > <dalon.westergr...@intel.com>; Simon Glass <s...@chromium.org>; Gan,
> > Yau Wai <yau.wai....@intel.com>; Lim, Elly Siew Chin
> > <elly.siew.chin....@intel.com>
> > Subject: [v3 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot
> > (VAB)
> >
> > Vendor Authorized Boot is a security feature for authenticating the
> > images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree
> > blob and etc loaded from FIT. After those images are loaded from FIT,
> > the VAB certificate and signature block appended at the end of each
> > image are sent to Secure Device Manager (SDM) for authentication.
> > U-Boot will validate the
> > SHA384 of the image against the SHA384 hash stored in the VAB
> > certificate before sending the image to SDM for authentication.
> >
> > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com>
> >
> > ---
> > v3
> > ---
> > - Add description for function 'socfpga_vendor_authentication'.
> > - Relocate vab certificate to first memory bank before trigger SMC call
> > to send mailbox command because ATF only able to access first memory
> > bank.
> > - Report error instead of bypass the authentication in SPL if
> > Secure Device Manager (SDM) does not support VAB.
> > - Print success string if VAB success.
> > - Replace #ifdef with if(IS_ENABLED(CONFIG_...)).
> > ---
> > arch/arm/mach-socfpga/Kconfig | 15 ++
> > arch/arm/mach-socfpga/Makefile | 2 +
> > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 +
> > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 +++++++
> > arch/arm/mach-socfpga/secure_vab.c | 218
> > +++++++++++++++++++++++
>
> [...]
>
>
> > +void board_fit_image_post_process(void **p_image, size_t *p_size) {
> > + if (socfpga_vendor_authentication(p_image, p_size))
> > + hang();
> > +}
> > +
> > +void board_prep_linux(bootm_headers_t *images) {
> > + if (!IS_ENABLED(CONFIG_SPL_BUILD)) {
> > + if
> > (!IS_ENABLED(CONFIG_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE)) {
> > + /*
> > + * Ensure the OS is always booted from FIT and with
> > + * VAB signed certificate
> > + */
> > + if (!images->fit_uname_cfg) {
> > + printf("Please use FIT with VAB signed
> > images!\n");
> > + hang();
> > + }
> > +
> > + env_set_hex("fdt_addr", (ulong)images->ft_addr);
> > + debug("images->ft_addr = 0x%08lx\n",
> > (ulong)images->ft_addr);
> > + }
> > +
> > + if (IS_ENABLED(CONFIG_CADENCE_QSPI)) {
> > + if (env_get("linux_qspi_enable"))
> > +
> > run_command(env_get("linux_qspi_enable"), 0);
> > + }
> > + }
> > +}
>
> Move board_fit_image_post_process() and board_prep_linux() outside of
> this file, can be in a new file.
> These 2 functions should be common, and can be used without VAB is
> enabled.
I have moved both of these board_* functions to arch/arm/mach-socfpga/board.c.
I have send 4th version of VAB series for review. Thanks.
>
> Regards
> Ley Foon
