Commit 03865f7279b6f66625ecad83bf8364989e5da4c1
Committed by
Ye Li
1 parent
77e37901c6
Exists in
smarc_8mq_lf_v2020.04
and in
4 other branches
MLK-20270-1 doc: imx: habv4: Add Secure Boot documentation for i.MX8M and i.MX8MM devices
Add HABv4 documentation for i.MX8M and i.MX8MM targets covering the following topics: - How to sign an securely boot an flash.bin image. - How to extend the root of trust for additional boot images. - Add 2 CSF examples. Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> (cherry picked from commit cc63be298a3e5f44e417f4098c124715917d09e1) (cherry picked from commit ca9c6f091095d3bf09cac42c3eb4493490ac8912)
Showing 3 changed files with 611 additions and 0 deletions Side-by-side Diff
doc/imx/habv4/csf_examples/mx8m_mx8mm/csf_fit.txt
1 | +[Header] | |
2 | + Version = 4.3 | |
3 | + Hash Algorithm = sha256 | |
4 | + Engine = CAAM | |
5 | + Engine Configuration = 0 | |
6 | + Certificate Format = X509 | |
7 | + Signature Format = CMS | |
8 | + | |
9 | +[Install SRK] | |
10 | + # Index of the key location in the SRK table to be installed | |
11 | + File = "../crts/SRK_1_2_3_4_table.bin" | |
12 | + Source index = 0 | |
13 | + | |
14 | +[Install CSFK] | |
15 | + # Key used to authenticate the CSF data | |
16 | + File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem" | |
17 | + | |
18 | +[Authenticate CSF] | |
19 | + | |
20 | +[Install Key] | |
21 | + # Key slot index used to authenticate the key to be installed | |
22 | + Verification index = 0 | |
23 | + # Target key slot in HAB key store where key will be installed | |
24 | + Target index = 2 | |
25 | + # Key to install | |
26 | + File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem" | |
27 | + | |
28 | +[Authenticate Data] | |
29 | + # Key slot index used to authenticate the image data | |
30 | + Verification index = 2 | |
31 | + # Authenticate Start Address, Offset, Length and file | |
32 | + Blocks = 0x401fcdc0 0x057c00 0x01020 "flash.bin", \ | |
33 | + 0x40200000 0x05AC00 0x9AAC8 "flash.bin", \ | |
34 | + 0x00910000 0x0F56C8 0x09139 "flash.bin", \ | |
35 | + 0xFE000000 0x0FE804 0x4D268 "flash.bin", \ | |
36 | + 0x4029AAC8 0x14BA6C 0x06DCF "flash.bin" |
doc/imx/habv4/csf_examples/mx8m_mx8mm/csf_spl.txt
1 | +[Header] | |
2 | + Version = 4.3 | |
3 | + Hash Algorithm = sha256 | |
4 | + Engine = CAAM | |
5 | + Engine Configuration = 0 | |
6 | + Certificate Format = X509 | |
7 | + Signature Format = CMS | |
8 | + | |
9 | +[Install SRK] | |
10 | + # Index of the key location in the SRK table to be installed | |
11 | + File = "../crts/SRK_1_2_3_4_table.bin" | |
12 | + Source index = 0 | |
13 | + | |
14 | +[Install CSFK] | |
15 | + # Key used to authenticate the CSF data | |
16 | + File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem" | |
17 | + | |
18 | +[Authenticate CSF] | |
19 | + | |
20 | +[Unlock] | |
21 | + # Leave Job Ring and DECO master ID registers Unlocked | |
22 | + Engine = CAAM | |
23 | + Features = MID | |
24 | + | |
25 | +[Install Key] | |
26 | + # Key slot index used to authenticate the key to be installed | |
27 | + Verification index = 0 | |
28 | + # Target key slot in HAB key store where key will be installed | |
29 | + Target index = 2 | |
30 | + # Key to install | |
31 | + File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem" | |
32 | + | |
33 | +[Authenticate Data] | |
34 | + # Key slot index used to authenticate the image data | |
35 | + Verification index = 2 | |
36 | + # Authenticate Start Address, Offset, Length and file | |
37 | + Blocks = 0x7e0fc0 0x1a000 0x2a600 "flash.bin" |
doc/imx/habv4/guides/mx8m_mx8mm_secure_boot.txt
1 | + +=======================================================+ | |
2 | + + i.MX8M, i.MX8MM Secure Boot guide using HABv4 + | |
3 | + +=======================================================+ | |
4 | + | |
5 | +1. HABv4 secure boot process | |
6 | +----------------------------- | |
7 | + | |
8 | +This document describes a step-by-step procedure on how to sign and securely | |
9 | +boot a bootloader image on i.MX8M and i.MX8MM devices. It is assumed that | |
10 | +the reader is familiar with basic HAB concepts and with the PKI tree generation. | |
11 | + | |
12 | +Details about HAB can be found in the application note AN4581[1] and in the | |
13 | +introduction_habv4.txt document. | |
14 | + | |
15 | +1.1 Understanding the i.MX8M and i.MX8MM flash.bin image layout | |
16 | +---------------------------------------------------------------- | |
17 | + | |
18 | +Due to the new the architecture, multiple firmwares and softwares are required | |
19 | +to boot i.MX8M and i.MX8MM devices. In order to store all the images in a | |
20 | +single binary the FIT (Flattened Image Tree) image structure is used. | |
21 | + | |
22 | +The final image is generated by the imx-mkimage project, the tool combines all | |
23 | +the input images in a FIT structure, generating a flash.bin image with an | |
24 | +appropriate IVT set. | |
25 | + | |
26 | +For a secure boot process users should ensure all images included in flash.bin | |
27 | +file are covered by a digital signature. | |
28 | + | |
29 | +- The diagram below illustrate a signed flash.bin image layout: | |
30 | + | |
31 | + +-----------------------------+ | |
32 | + | | | |
33 | + | *Signed HDMI/DP FW | | |
34 | + | | | |
35 | + +-----------------------------+ | |
36 | + | Padding | | |
37 | + ------- +-----------------------------+ -------- | |
38 | + ^ | IVT - SPL | ^ | |
39 | + Signed | +-----------------------------+ | | |
40 | + Data | | u-boot-spl.bin | | | |
41 | + | | + | | SPL | |
42 | + v | DDR FW | | Image | |
43 | + ------- +-----------------------------+ | | |
44 | + | CSF - SPL + DDR FW | v | |
45 | + +-----------------------------+ -------- | |
46 | + | Padding | | |
47 | + ------- +-----------------------------+ -------- | |
48 | + Signed ^ | FDT - FIT | ^ | |
49 | + Data | +-----------------------------+ | | |
50 | + v | IVT - FIT | | | |
51 | + ------- +-----------------------------+ | | |
52 | + | CSF - FIT | | | |
53 | + ------- +-----------------------------+ | | |
54 | + ^ | u-boot-nodtb.bin | | FIT | |
55 | + | | + | | Image | |
56 | + | | u-boot.bin | | | |
57 | + Signed | +-----------------------------+ | | |
58 | + Data | | OP-TEE (Optional) | | | |
59 | + | +-----------------------------+ | | |
60 | + | | bl31.bin (ATF) | | | |
61 | + | +-----------------------------+ | | |
62 | + v | u-boot.dtb | v | |
63 | + ------- +-----------------------------+ -------- | |
64 | + * Only supported on i.MX8M series | |
65 | + | |
66 | +The boot flow on i.MX8M and i.MX8MM devices are slightly different when compared | |
67 | +with i.MX6 and i.MX7 series, the diagram below illustrate the boot sequence | |
68 | +overview: | |
69 | + | |
70 | +- i.MX8M and i.MX8MM devices boot flow: | |
71 | + | |
72 | + Secure World Non-Secure World | |
73 | + | | |
74 | + | | |
75 | + +------------+ +------------+ | | |
76 | + | SPL | | i.MX 8M/MM | | | |
77 | + | + | ---> | ROM | | | |
78 | + | DDR FW | | + HAB | | | |
79 | + +------------+ +------------+ | | |
80 | + | | | |
81 | + v | | |
82 | + +------------+ | | |
83 | + | *Signed | | | |
84 | + | HDMI/DP FW | | | |
85 | + +------------+ | | |
86 | + | | | |
87 | + v | | |
88 | + +------------+ +------------+ | | |
89 | + | FIT Image: | | SPL | | | |
90 | + | ATF + TEE | ---> | + | | | |
91 | + | + U-Boot | | DDR FW | | +-----------+ | |
92 | + +------------+ +------------+ | | Linux | | |
93 | + | | +-----------+ | |
94 | + v | ^ | |
95 | + +------------+ | | +-------+ | |
96 | + | ARM | | +-----------+ | Linux | | |
97 | + | Trusted | ----+---> | U-Boot | <--- | + | | |
98 | + | Firmware | | +-----------+ | DTB | | |
99 | + +------------+ | +-------+ | |
100 | + | | | |
101 | + v | | |
102 | + +----------+ | | |
103 | + | **OP-TEE | | | |
104 | + +----------+ | | |
105 | + * Only supported on i.MX8M series | |
106 | + ** Optional | |
107 | + | |
108 | +On i.MX8M devices the HDMI firmware or DisplayPort firmware are the first image | |
109 | +to boot on the device. These firmwares are signed and distributed by NXP, and | |
110 | +are always authenticated regardless of security configuration. In case not | |
111 | +required by the application the HDMI or DisplayPort controllers can be disabled | |
112 | +by eFuses and the firmwares are not required anymore. | |
113 | + | |
114 | +The next images are not signed by NXP and users should follow the signing | |
115 | +procedure as described in this document. | |
116 | + | |
117 | +The Second Program Loader (SPL) and DDR firmware are loaded and authenticated | |
118 | +by the ROM code, these images are executed in the internal RAM and responsible | |
119 | +for initializing essential features such as DDR, UART, PMIC and clock | |
120 | +enablement. | |
121 | + | |
122 | +Once the DDR is available, the SPL code loads all the images included in the | |
123 | +FIT structure to their specific execution addresses, the HAB APIs are called | |
124 | +to extend the root of trust, authenticating the U-Boot, ARM trusted firmware | |
125 | +(ATF) and OP-TEE (If included). | |
126 | + | |
127 | +The root of trust can be extended again at U-Boot level to authenticate Kernel | |
128 | +and M4 images. | |
129 | + | |
130 | +1.2 Enabling the secure boot support in U-Boot | |
131 | +----------------------------------------------- | |
132 | + | |
133 | +The first step is to generate an U-Boot image supporting the HAB features, | |
134 | +similar to i.MX6 and i.MX7 series the U-Boot provides extra functions for | |
135 | +HAB, such as the HAB status logs retrievement through the hab_status command | |
136 | +and support to extend the root of trust. | |
137 | + | |
138 | +The support is enabled by adding the CONFIG_SECURE_BOOT to the build | |
139 | +configuration: | |
140 | + | |
141 | +- Defconfig: | |
142 | + | |
143 | + CONFIG_SECURE_BOOT=y | |
144 | + | |
145 | +- Kconfig: | |
146 | + | |
147 | + ARM architecture -> Support i.MX HAB features | |
148 | + | |
149 | +1.3 Preparing the fit image | |
150 | +---------------------------- | |
151 | + | |
152 | +The imx-mkimage project is used to combines all the images in a single | |
153 | +flash.bin binary, the following files are required: | |
154 | + | |
155 | +- U-Boot: | |
156 | + u-boot.bin | |
157 | + u-boot-nodtb.bin | |
158 | + u-boot-spl.bin | |
159 | + U-Boot DTB file (e.g. fsl-imx8mq-evk.dtb) | |
160 | + | |
161 | +- ATF image: | |
162 | + bl31.bin | |
163 | + | |
164 | +- DDR firmware: | |
165 | + lpddr4_pmu_train_1d_dmem.bin | |
166 | + lpddr4_pmu_train_1d_imem.bin | |
167 | + lpddr4_pmu_train_2d_dmem.bin | |
168 | + lpddr4_pmu_train_2d_imem.bin | |
169 | + | |
170 | +- HDMI firmware (Only in i.MX8M): | |
171 | + signed_hdmi_imx8m.bin | |
172 | + | |
173 | +- DisplayPort firmware (Only in i.MX8M): | |
174 | + signed_dp_imx8m.bin | |
175 | + | |
176 | +- OP-TEE (Optional): | |
177 | + tee.bin | |
178 | + | |
179 | +The procedure to build ATF and download the firmwares are out of the scope | |
180 | +of this document, please refer to the Linux BSP Release Notes and AN12212[2] | |
181 | +for further details. | |
182 | + | |
183 | +Copy all files to iMX8M directory and run the following command according to | |
184 | +the target device, on this example we are building a HDMI target and also | |
185 | +including the OP-TEE binary: | |
186 | + | |
187 | +- Assembly flash.bin binary: | |
188 | + | |
189 | + $ make SOC=<SoC Name> flash_hdmi_spl_uboot | |
190 | + | |
191 | +The mkimage log can be used to calculate the authenticate image command | |
192 | +parameters and CSF offsets: | |
193 | + | |
194 | +- imx-mkimage build log: | |
195 | + | |
196 | + Loader IMAGE: | |
197 | + header_image_off 0x1a000 | |
198 | + dcd_off 0x0 | |
199 | + image_off 0x1a040 | |
200 | + csf_off 0x44600 | |
201 | + spl hab block: 0x7e0fd0 0x1a000 0x2e600 | |
202 | + | |
203 | + Second Loader IMAGE: | |
204 | + sld_header_off 0x57c00 | |
205 | + sld_csf_off 0x58c20 | |
206 | + sld hab block: 0x401fcdc0 0x57c00 0x1020 | |
207 | + | |
208 | +Additional HAB information is provided by running the following command: | |
209 | + | |
210 | +- Printing HAB FIT information: | |
211 | + | |
212 | + $ make SOC=<SoC Name> print_fit_hab | |
213 | + | |
214 | + TEE_LOAD_ADDR=0xfe000000 ATF_LOAD_ADDR=0x00910000 ./print_fit_hab.sh \ | |
215 | + 0x60000 fsl-imx8mq-evk.dtb | |
216 | + 0x40200000 0x5AC00 0x9AAC8 | |
217 | + 0x910000 0xF56C8 0x9139 | |
218 | + 0xFE000000 0xFE804 0x4D268 | |
219 | + 0x4029AAC8 0x14BA6C 0x6DCF | |
220 | + | |
221 | +1.4 Creating the CSF description file | |
222 | +-------------------------------------- | |
223 | + | |
224 | +The CSF contains all the commands that the ROM executes during the secure | |
225 | +boot. These commands instruct the HAB code on which memory areas of the image | |
226 | +to authenticate, which keys to install, use and etc. | |
227 | + | |
228 | +CSF examples are available under doc/imx/hab/habv4/csf_examples/ directory. | |
229 | + | |
230 | +As explained in sections above the SPL is first authenticated by the ROM code | |
231 | +and the root of trust is extended to the FIT image, hence two CSF files are | |
232 | +necessary to completely sign an flash.bin image. | |
233 | + | |
234 | +The build log provided by imx-mkimage can be used to define the "Authenticate | |
235 | +Data" parameter in CSF. | |
236 | + | |
237 | +- SPL "Authenticate Data" addresses in flash.bin build log: | |
238 | + | |
239 | + spl hab block: 0x7e0fd0 0x1a000 0x2e600 | |
240 | + | |
241 | +- "Authenticate Data" command in csf_spl.txt file: | |
242 | + | |
243 | + Blocks = 0x7e0fd0 0x1a000 0x2e600 "flash.bin" | |
244 | + | |
245 | +- FIT image "Authenticate Data" addresses in flash.bin build log: | |
246 | + | |
247 | + sld hab block: 0x401fcdc0 0x57c00 0x1020 | |
248 | + | |
249 | +- FIT image "Authenticate Data" addresses in print_fit_hab build log: | |
250 | + | |
251 | + 0x40200000 0x5AC00 0x9AAC8 | |
252 | + 0x910000 0xF56C8 0x9139 | |
253 | + 0xFE000000 0xFE804 0x4D268 | |
254 | + 0x4029AAC8 0x14BA6C 0x6DCF | |
255 | + | |
256 | +- "Authenticate Data" command in csf_fit.txt file: | |
257 | + | |
258 | + Blocks = 0x401fcdc0 0x057c00 0x01020 "flash.bin", \ | |
259 | + 0x40200000 0x05AC00 0x9AAC8 "flash.bin", \ | |
260 | + 0x00910000 0x0F56C8 0x09139 "flash.bin", \ | |
261 | + 0xFE000000 0x0FE804 0x4D268 "flash.bin", \ | |
262 | + 0x4029AAC8 0x14BA6C 0x06DCF "flash.bin" | |
263 | + | |
264 | +1.4.1 Avoiding Kernel crash in closed devices | |
265 | +---------------------------------------------- | |
266 | + | |
267 | +For devices prior to HAB v4.4.0, the HAB code locks the Job Ring and DECO | |
268 | +master ID registers in closed configuration. In case the user specific | |
269 | +application requires any changes in CAAM MID registers it's necessary to | |
270 | +add the "Unlock CAAM MID" command in CSF file. | |
271 | + | |
272 | +The current NXP BSP implementation expects the CAAM registers to be unlocked | |
273 | +when configuring CAAM to operate in non-secure TrustZone world. | |
274 | + | |
275 | +The Unlock command is already included by default in the signed HDMI and | |
276 | +DisplayPort firmwares, on i.MX8MM devices or in case the HDMI or DisplayPort | |
277 | +controllers are disabled, users must ensure this command is included in SPL CSF. | |
278 | + | |
279 | +- Add Unlock MID command in csf_spl.txt: | |
280 | + | |
281 | + [Unlock] | |
282 | + Engine = CAAM | |
283 | + Features = MID | |
284 | + | |
285 | +1.5 Signing the flash.bin binary | |
286 | +--------------------------------- | |
287 | + | |
288 | +The CST tool is used for singing the flash.bin image and generating the CSF | |
289 | +binary. Users should input the CSF description file created in the step above | |
290 | +and receive a CSF binary, which contains the CSF commands, SRK table, | |
291 | +signatures and certificates. | |
292 | + | |
293 | +- Create SPL CSF binary file: | |
294 | + | |
295 | + $ ./cst -i csf_spl.txt -o csf_spl.bin | |
296 | + | |
297 | +- Create FIT CSF binary file: | |
298 | + | |
299 | + $ ./cst -i csf_fit.txt -o csf_fit.bin | |
300 | + | |
301 | +1.6 Assembling the CSF in flash.bin binary | |
302 | +------------------------------------------- | |
303 | + | |
304 | +The CSF binaries generated in the step above have to be inserted into the | |
305 | +flash.bin image. | |
306 | + | |
307 | +The CSF offsets can be obtained from the flash.bin build log: | |
308 | + | |
309 | +- SPL CSF offset: | |
310 | + | |
311 | + csf_off 0x44600 | |
312 | + | |
313 | +- FIT CSF offset: | |
314 | + | |
315 | + sld_csf_off 0x58c20 | |
316 | + | |
317 | +The signed flash.bin image can be then assembled: | |
318 | + | |
319 | +- Create a flash.bin copy: | |
320 | + | |
321 | + $ cp flash.bin signed_flash.bin | |
322 | + | |
323 | +- Insert csf_spl.bin in signed_flash.bin at 0x44600 offset: | |
324 | + | |
325 | + $ dd if=csf_spl.bin of=signed_flash.bin seek=$((0x44600)) bs=1 conv=notrunc | |
326 | + | |
327 | +- Insert csf_fit.bin in signed_flash.bin at 0x58c20 offset: | |
328 | + | |
329 | + $ dd if=csf_fit.bin of=signed_flash.bin seek=$((0x58c20)) bs=1 conv=notrunc | |
330 | + | |
331 | +- Flash signed flash.bin image: | |
332 | + | |
333 | + $ sudo dd if=signed_flash.bin of=/dev/sd<x> bs=1K seek=33 && sync | |
334 | + | |
335 | +1.7 Programming SRK Hash | |
336 | +------------------------- | |
337 | + | |
338 | +As explained in AN4581[1] and in introduction_habv4.txt document the SRK Hash | |
339 | +fuse values are generated by the srktool and should be programmed in the | |
340 | +SoC SRK_HASH[255:0] fuses. | |
341 | + | |
342 | +Be careful when programming these values, as this data is the basis for the | |
343 | +root of trust. An error in SRK Hash results in a part that does not boot. | |
344 | + | |
345 | +The U-Boot fuse tool can be used for programming eFuses on i.MX SoCs. | |
346 | + | |
347 | +- Dump SRK Hash fuses values in host machine: | |
348 | + | |
349 | + $ hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin | |
350 | + 0x20593752 | |
351 | + 0x6ACE6962 | |
352 | + 0x26E0D06C | |
353 | + 0xFC600661 | |
354 | + 0x1240E88F | |
355 | + 0x1209F144 | |
356 | + 0x831C8117 | |
357 | + 0x1190FD4D | |
358 | + | |
359 | +- Program SRK_HASH[255:0] fuses on i.MX8MQ and i.MX8MM devices: | |
360 | + | |
361 | + => fuse prog 6 0 0x20593752 | |
362 | + => fuse prog 6 1 0x6ACE6962 | |
363 | + => fuse prog 6 2 0x26E0D06C | |
364 | + => fuse prog 6 3 0xFC600661 | |
365 | + => fuse prog 7 0 0x1240E88F | |
366 | + => fuse prog 7 1 0x1209F144 | |
367 | + => fuse prog 7 2 0x831C8117 | |
368 | + => fuse prog 7 3 0x1190FD4D | |
369 | + | |
370 | + | |
371 | +1.8 Verifying HAB events | |
372 | +------------------------- | |
373 | + | |
374 | +The next step is to verify that the signatures included in flash.bin image is | |
375 | +successfully processed without errors. HAB generates events when processing | |
376 | +the commands if it encounters issues. | |
377 | + | |
378 | +The hab_status U-Boot command call the hab_report_event() and hab_status() | |
379 | +HAB API functions to verify the processor security configuration and status. | |
380 | +This command displays any events that were generated during the process. | |
381 | + | |
382 | +Prior to closing the device users should ensure no HAB events were found, as | |
383 | +the example below: | |
384 | + | |
385 | +- Verify HAB events: | |
386 | + | |
387 | + => hab_status | |
388 | + | |
389 | + Secure boot disabled | |
390 | + | |
391 | + HAB Configuration: 0xf0, HAB State: 0x66 | |
392 | + | |
393 | +1.9 Closing the device | |
394 | +----------------------- | |
395 | + | |
396 | +After the device successfully boots a signed image without generating any HAB | |
397 | +events, it is safe to close the device. This is the last step in the HAB | |
398 | +process, and is achieved by programming the SEC_CONFIG[1] fuse bit. | |
399 | + | |
400 | +Once the fuse is programmed, the chip does not load an image that has not been | |
401 | +signed using the correct PKI tree. | |
402 | + | |
403 | +- Program SEC_CONFIG[1] fuse on i.MX8MQ and i.MX8MM devices: | |
404 | + | |
405 | + => fuse prog 1 3 0x2000000 | |
406 | + | |
407 | +1.10 Completely secure the device | |
408 | +---------------------------------- | |
409 | + | |
410 | +Additional fuses can be programmed for completely secure the device, more | |
411 | +details about these fuses and their possible impact can be found at AN4581[1]. | |
412 | + | |
413 | +- Program SRK_LOCK: | |
414 | + | |
415 | + => fuse prog 0 0 0x200 | |
416 | + | |
417 | +- Program DIR_BT_DIS: | |
418 | + | |
419 | + => fuse prog 1 3 0x8000000 | |
420 | + | |
421 | +- Program SJC_DISABLE: | |
422 | + | |
423 | + => fuse prog 1 3 0x200000 | |
424 | + | |
425 | +- JTAG_SMODE: | |
426 | + | |
427 | + => fuse prog 1 3 0xC00000 | |
428 | + | |
429 | +2. Authenticating additional boot images | |
430 | +----------------------------------------- | |
431 | + | |
432 | +The High Assurance Boot (HAB) code located in the on-chip ROM provides an | |
433 | +Application Programming Interface (API) making it possible to call back | |
434 | +into the HAB code for authenticating additional boot images. | |
435 | + | |
436 | +The U-Boot is running in non-secure TrustZone world and to make use of this | |
437 | +feature it's necessary to use a SIP call to the ATF, this is already | |
438 | +implemented in hab.c code and it's transparent to the user. | |
439 | + | |
440 | +The process of signing an additional image is similar as in i.MX6 and i.MX7 | |
441 | +series devices, the steps below are using the Linux Kernel image as example. | |
442 | + | |
443 | +The diagram below illustrate the Image layout: | |
444 | + | |
445 | + ------- +-----------------------------+ <-- *load_address | |
446 | + ^ | | | |
447 | + | | | | |
448 | + | | | | |
449 | + | | | | |
450 | + | | Image | | |
451 | + Signed | | | | |
452 | + Data | | | | |
453 | + | | | | |
454 | + | +-----------------------------+ | |
455 | + | | Padding to Image size | | |
456 | + | | in header | | |
457 | + | +-----------------------------+ <-- *ivt | |
458 | + v | Image Vector Table | | |
459 | + ------- +-----------------------------+ <-- *csf | |
460 | + | | | |
461 | + | Command Sequence File (CSF) | | |
462 | + | | | |
463 | + +-----------------------------+ | |
464 | + | Padding (optional) | | |
465 | + +-----------------------------+ | |
466 | + | |
467 | +2.1 Padding the image | |
468 | +---------------------- | |
469 | + | |
470 | +The Image must be padded to the size specified in the Image header, this can be | |
471 | +achieved by using the od command. | |
472 | + | |
473 | +- Read Image size: | |
474 | + | |
475 | + $ od -x -j 0x10 -N 0x4 --endian=little Image | |
476 | + 0000020 5000 0145 | |
477 | + 0000024 | |
478 | + | |
479 | +The tool objcopy can be used for padding the image. | |
480 | + | |
481 | +- Pad the Image: | |
482 | + | |
483 | + $ objcopy -I binary -O binary --pad-to 0x1455000 --gap-fill=0x00 \ | |
484 | + Image Image_pad.bin | |
485 | + | |
486 | +2.2 Generating Image Vector Table | |
487 | +---------------------------------- | |
488 | + | |
489 | +The HAB code requires an Image Vector Table (IVT) for determining the image | |
490 | +length and the CSF location. Since Image does not include an IVT this has | |
491 | +to be manually created and appended to the end of the padded Image, the | |
492 | +script genIVT.pl in script_examples directory can be used as reference. | |
493 | + | |
494 | +- Generate IVT: | |
495 | + | |
496 | + $ genIVT.pl | |
497 | + | |
498 | +Note: The load Address may change depending on the device. | |
499 | + | |
500 | +- Append the ivt.bin at the end of the padded Image: | |
501 | + | |
502 | + $ cat Image_pad.bin ivt.bin > Image_pad_ivt.bin | |
503 | + | |
504 | +2.3 Signing the image | |
505 | +---------------------- | |
506 | + | |
507 | +A CSF file has to be created to sign the image. HAB does not allow to change | |
508 | +the SRK once the first image is authenticated, so the same SRK key used in | |
509 | +the initial image must be used when extending the root of trust. | |
510 | + | |
511 | +CSF examples are available in ../csf_examples/additional_images/ directory. | |
512 | + | |
513 | +- Create CSF binary file: | |
514 | + | |
515 | + $ ./cst --i csf_additional_images.txt --o csf_Image.bin | |
516 | + | |
517 | +- Attach the CSF binary to the end of the image: | |
518 | + | |
519 | + $ cat Image_pad_ivt.bin csf_Image.bin > Image_signed.bin | |
520 | + | |
521 | +2.4 Verifying HAB events | |
522 | +------------------------- | |
523 | + | |
524 | +The U-Boot includes the hab_auth_img command which can be used for | |
525 | +authenticating and troubleshooting the signed image, the Image must be | |
526 | +loaded at the load address specified in the IVT. | |
527 | + | |
528 | +- Authenticate additional image: | |
529 | + | |
530 | + => hab_auth_img <Load Address> <Image Size> <IVT Offset> | |
531 | + | |
532 | +If no HAB events were found the Image is successfully signed. | |
533 | + | |
534 | +References: | |
535 | +[1] AN4581: "Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using | |
536 | + HABv4" - Rev 2. | |
537 | +[2] AN12212: "Software Solutions for Migration Guide from Aarch32 to | |
538 | +Aarch64" - Rev 0. |
-
mentioned in commit 1b56ec