Eric Lee / smarc-uboot

Download as
Browse Code »

Commit 4886ec745e0ac8c38f2d61546eebca8cd0dfeb17

Authored by Breno Lima
Committed by Ye Li
1 parent e7e56da835
Exists in smarc_8mm-imx_v2019.04_4.19.35_1.1.0 and in 1 other branch smarc_8m-imx_v2019.04_4.19.35_1.1.0

MLK-22570-2 doc: habv4: Add encrypted boot documentation for i.MX8M, i.MX8MM and i.MX8MN devices 

Add HABv4 encrypted boot documentation for i.MX8M, i.MX8MM and i.MX8MN
family devices covering the following topics:

- How to encrypt and sign a flash.bin image.
- How to manage CAAM PRIBLOBs when using encrypted boot
- Add 4 CSF examples.

Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
(cherry picked from commit eee57255e0b0ea3a2808d3a2c19c8685afbac39b)

Showing 5 changed files with 700 additions and 0 deletions Inline Diff

doc/imx/habv4/csf_examples/mx8m_mx8mm/csf_fit_enc.txt
Diff comments   View file @ 4886ec7
File was created 1 [Header]
2 Version = 4.3
3 Hash Algorithm = sha256
4 Engine = CAAM
5 Engine Configuration = 0
6 Certificate Format = X509
7 Signature Format = CMS
8
9 [Install SRK]
10 File = "../crts/SRK_1_2_3_4_table.bin"
11 Source index = 0
12
13 [Install CSFK]
14 File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
15
16 [Authenticate CSF]
17
18 [Unlock]
19 Engine = CAAM
20 Features = MID
21
22 [Install Key]
23 Verification index = 0
24 Target index = 2
25 File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
26
27 [Authenticate Data]
28 Verification index = 2
29 Blocks = 0x401fcdc0 0x57c00 0x1020 "flash-spl-enc.bin"
30
31 [Install Secret Key]
32 # Install the blob
33 Verification Index = 0
34 Target Index = 0
35 Key = "dek_fit.bin"
36 Key Length = 128
37 # Fixed address defined in imx-mkimage project in iMX8M/soc.mak file
38 # DEK_BLOB_LOAD_ADDR = 0x40400000
39 Blob Address = 0x40400000
40
41 [Decrypt Data]
42 # The decrypt data command below causes CST to modify the input
43 # file and encrypt the specified block of data. This image file
44 # is a copy of the file used for the authentication command above
45 Verification Index = 0
46 Mac Bytes = 16
47 Blocks = 0x40200000 0x5AC00 0xB8940 "flash-spl-fit-enc.bin", \
48 0x920000 0x113540 0xA160 "flash-spl-fit-enc.bin", \
49 0xBE000000 0x11D6A0 0x48520 "flash-spl-fit-enc.bin"
50
doc/imx/habv4/csf_examples/mx8m_mx8mm/csf_fit_sign_enc.txt
Diff comments   View file @ 4886ec7
File was created 1 [Header]
2 Version = 4.3
3 Hash Algorithm = sha256
4 Engine = CAAM
5 Engine Configuration = 0
6 Certificate Format = X509
7 Signature Format = CMS
8
9 [Install SRK]
10 File = "../crts/SRK_1_2_3_4_table.bin"
11 Source index = 0
12
13 [Install CSFK]
14 File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
15
16 [Authenticate CSF]
17
18 [Unlock]
19 Engine = CAAM
20 Features = MID
21
22 [Install Key]
23 Verification index = 0
24 Target index = 2
25 File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
26
27 [Authenticate Data]
28 Verification index = 2
29 Blocks = 0x401fcdc0 0x57c00 0x1020 "flash-spl-fit-enc.bin", \
30 0x40200000 0x5AC00 0xB8940 "flash-spl-fit-enc.bin", \
31 0x920000 0x113540 0xA160 "flash-spl-fit-enc.bin", \
32 0xBE000000 0x11D6A0 0x48520 "flash-spl-fit-enc.bin"
33
34 [Install Secret Key]
35 # Install the blob
36 Verification Index = 0
37 Target Index = 0
38 Key = "dek_fit_dummy.bin"
39 Key Length = 128
40 # Fixed address defined in imx-mkimage project in iMX8M/soc.mak file
41 # DEK_BLOB_LOAD_ADDR = 0x40400000
42 Blob Address = 0x40400000
43
44 [Decrypt Data]
45 # The decrypt data command below causes CST to modify the input
46 # file and encrypt the specified block of data. This image file
47 # is a copy of the file used for the authentication command above
48 Verification Index = 0
49 Mac Bytes = 16
50 Blocks = 0x40200000 0x5AC00 0xB8940 "flash-spl-fit-enc-dummy.bin", \
51 0x920000 0x113540 0xA160 "flash-spl-fit-enc-dummy.bin", \
52 0xBE000000 0x11D6A0 0x48520 "flash-spl-fit-enc-dummy.bin"
53
54
doc/imx/habv4/csf_examples/mx8m_mx8mm/csf_spl_enc.txt
Diff comments   View file @ 4886ec7
File was created 1 [Header]
2 Version = 4.3
3 Hash Algorithm = sha256
4 Engine = CAAM
5 Engine Configuration = 0
6 Certificate Format = X509
7 Signature Format = CMS
8
9 [Install SRK]
10 File = "../crts/SRK_1_2_3_4_table.bin"
11 Source index = 0
12
13 [Install CSFK]
14 File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
15
16 [Authenticate CSF]
17
18 [Unlock]
19 Engine = CAAM
20 Features = MID
21
22 [Install Key]
23 Verification index = 0
24 Target index = 2
25 File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
26
27 [Authenticate Data]
28 Verification index = 2
29 Blocks = 0x7e0fc0 0x0 0x40 "flash.bin"
30
31 [Install Secret Key]
32 # Install the blob
33 Verification Index = 0
34 Target Index = 0
35 Key = "dek_spl.bin"
36 Key Length = 128
37 # Authenticate Start Address + SPL & DDR FW image length + CSF Padding
38 # 0x7E0FC0 + 0x2c400 + 0x2000
39 Blob Address = 0x80F3C0
40
41 [Decrypt Data]
42 # The decrypt data command below causes CST to modify the input
43 # file and encrypt the specified block of data. This image file
44 # is a copy of the file used for the authentication command above
45 Verification Index = 0
46 Mac Bytes = 16
47 # Start Address = Start Address + SPL header = 0x7E0FC0 + 0x40 = 0x7E1000
48 # Offset = Image offset (image_off) = 0x40
49 # Decrypt size = Image length - SPL header = 0x2c400 - 0x40 = 0x2C3C0
50 Blocks = 0x7E1000 0x40 0x2C3C0 "flash-spl-enc.bin"
51
doc/imx/habv4/csf_examples/mx8m_mx8mm/csf_spl_sign_enc.txt
Diff comments   View file @ 4886ec7
File was created 1 [Header]
2 Version = 4.3
3 Hash Algorithm = sha256
4 Engine = CAAM
5 Engine Configuration = 0
6 Certificate Format = X509
7 Signature Format = CMS
8
9 [Install SRK]
10 File = "../crts/SRK_1_2_3_4_table.bin"
11 Source index = 0
12
13 [Install CSFK]
14 File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
15
16 [Authenticate CSF]
17
18 [Unlock]
19 Engine = CAAM
20 Features = MID
21
22 [Install Key]
23 Verification index = 0
24 Target index = 2
25 File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
26
27 [Authenticate Data]
28 Verification index = 2
29 Blocks = 0x7E0FC0 0x0 0x2C400 "flash-spl-enc.bin"
30
31 [Install Secret Key]
32 # Install the blob
33 Verification Index = 0
34 Target Index = 0
35 Key = "dek_spl_dummy.bin"
36 Key Length = 128
37 # Authenticate Start Address + Image length + CSF Padding
38 # 0x7E0FC0 + 0x2c400 + 0x2000
39 Blob Address = 0x80F3C0
40
41 [Decrypt Data]
42 # The decrypt data command below causes CST to modify the input
43 # file and encrypt the specified block of data. This image file
44 # is a copy of the file used for the authentication command above
45 Verification Index = 0
46 Mac Bytes = 16
47 Blocks = 0x7E1000 0x40 0x2C3C0 "flash-spl-enc-dummy.bin"
48
doc/imx/habv4/guides/mx8m_mx8mm_encrypted_boot.txt
Diff comments   View file @ 4886ec7
File was created 1 +======================================================+
2 + i.MX8M, i.MX8MM Encrypted Boot guide using HABv4 +
3 +======================================================+
4
5 1. HABv4 Encrypted Boot process
6 -------------------------------
7
8 This document describes a step-by-step procedure on how to encrypt and sign a
9 bootloader image for i.MX8M, i.MX8MM, i.MX8MN family devices. It is assumed
10 that the reader is familiar with basic HAB concepts and has already closed
11 the device, step-by-step procedure can be found in mx8m_mx8mm_secure_boot.txt
12 guide.
13
14 Details about encrypted boot can be found in application note AN12056[1] and
15 in the introduction_habv4.txt document.
16
17 The steps described in this document were based in i.MX8MM device, the same
18 concept can be applied to i.MX8M and i.MX8MN family devices.
19
20 1.1 Understanding the encrypted flash.bin image layout
21 ------------------------------------------------------
22
23 As described in mx8m_mx8mm_secure_boot.txt guide a single binary is used
24 to boot the device, the imx-mkimage tool combines all the input images in
25 a FIT structure, generating a flash.bin binary.
26
27 The encrypted boot image requires a DEK (Data Encryption Key) blob on each time
28 HABv4 is used to decrypt an image. The DEK blob is used as a security layer to
29 wrap and store the DEK off-chip using the OTPMK which is unique per device.
30 More details can be found in AN12056 application note.
31
32 The diagram below illustrates an encrypted flash.bin image layout:
33
34 +-----------------------------+
35 | |
36 | *Signed HDMI/DP FW |
37 | |
38 +-----------------------------+
39 | Padding |
40 ------------------ +-----------------------------+ --------
41 ^ | IVT - SPL | ^
42 Signed | ------- +-----------------------------+ |
43 Data | Enc ^ | u-boot-spl.bin | |
44 | Data | | + | | SPL
45 v v | DDR FW | | Image
46 ------------------ +-----------------------------+ |
47 | CSF - SPL + DDR FW | v
48 +-----------------------------+ --------
49 | DEK Blob |
50 +-----------------------------+
51 | Padding |
52 ------- +-----------------------------+ --------
53 Signed ^ | FDT - FIT | ^
54 Data | +-----------------------------+ |
55 v | IVT - FIT | |
56 ------- +-----------------------------+ |
57 | CSF - FIT | |
58 ------------------ +-----------------------------+ |
59 ^ | u-boot-nodtb.bin | | FIT
60 | +-----------------------------+ | Image
61 Signed and | | u-boot.dtb | |
62 Encrypted | +-----------------------------+ |
63 Data | | bl31.bin (ATF) | |
64 | +-----------------------------+ |
65 v | OP-TEE | |
66 ------------------ +-----------------------------+ |
67 | DEK Blob | v
68 +-----------------------------+ --------
69 * Only supported on i.MX8M series
70
71 1.2 Enabling the encrypted boot support in U-Boot
72 --------------------------------------------------
73
74 For deploying an encrypted boot image additional U-Boot tools are needed,
75 please be sure to have the following features enabled, this can be achieved
76 by following one of the methods below:
77
78 - Defconfig
79
80 CONFIG_SECURE_BOOT=y
81 CONFIG_FAT_WRITE=y
82 CONFIG_CMD_DEKBLOB=y
83 CONFIG_IMX_OPTEE_DEK_ENCAP=y
84 CONFIG_CMD_PRIBLOB=y
85
86 - Kconfig
87
88 ARM architecture -> Support i.MX HAB features
89 ARM architecture -> Support the 'dek_blob' command
90 ARM architecture -> Support the set_priblob_bitfield command
91 File systems -> Enable FAT filesystem support-> Enable FAT filesystem
92 write support
93
94 1.3 Enabling the encrypted boot support in CST
95 -----------------------------------------------
96
97 The encryption feature is not enabled by default in Code Signing tools (CST).
98 The CST backend must be recompiled, execute the following commands to enable
99 encryption support in CST:
100
101 $ sudo apt-get install libssl-dev openssl
102 $ cd <CST install directory>/code/back_end/src
103 $ gcc -o cst_encrypted -I ../hdr -L ../../../linux64/lib *.c
104 -lfrontend -lcrypto
105 $ cp cst_encrypted ../../../linux64/bin/
106
107 1.4 Building OP-TEE and ATF to support DEK blob tool
108 -----------------------------------------------------
109
110 The DEK blob must be created by a software running in Arm TrustZone Secure
111 World, the CAAM block takes into consideration the TrustZone configuration
112 when encapsulating the DEK and the resulting blob can be only decapsulated
113 by a SW running in the same configuration. As ROM code is running in ARM
114 TrustZone secure world we must encapsulate the blobs using OP-TEE.
115
116 - Building ATF to support OP-TEE:
117
118 $ make PLAT=<SoC Name> SPD=opteed bl31
119
120 - Building OP-TEE to support DEK blob encapsulation:
121
122 $ CFG_NXPCRYPT=y CFG_GEN_DEK_BLOB=y source ./scripts/nxp_build.sh <Board Name>
123
124 * OP-TEE debug logs can be enabled by adding CFG_TEE_CORE_LOG_LEVEL=4 in
125 command line above.
126
127 1.5 Preparing the fit image
128 ----------------------------
129
130 As explained in mx8m_mx8mm_secure_boot.txt document the imx-mkimage project is
131 used to combine all the images in a single flash.bin binary.
132
133 Copy all the binaries generated (U-Boot images, bl31.bin, tee.bin and Firmware)
134 into iMX8M directory and run the following commands according to the target
135 device:
136
137 - Create a dummy DEK blob:
138
139 $ dd if=/dev/zero of=iMX8M/dek_blob_fit_dummy.bin bs=96 count=1 && sync
140
141 - Assembly flash.bin binary:
142
143 $ make SOC=<SoC Name> flash_spl_uboot
144
145 The mkimage log will be used during the encrypted boot procedure to create the
146 Command Sequence File (CSF):
147
148 - imx-mkimage build log:
149
150 Loader IMAGE:
151 header_image_off 0x0
152 dcd_off 0x0
153 image_off 0x40
154 csf_off 0x2c400
155 spl hab block: 0x7e0fc0 0x0 0x2c400
156
157 Second Loader IMAGE:
158 sld_header_off 0x57c00
159 sld_csf_off 0x58c20
160 sld hab block: 0x401fcdc0 0x57c00 0x1020
161
162 - Additional HAB information is provided by running the following command:
163
164 $ make SOC=<SoC Name> print_fit_hab
165
166 ./../scripts/pad_image.sh bl31.bin
167 ./../scripts/pad_image.sh u-boot-nodtb.bin fsl-imx8mm-evk.dtb
168 TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 \
169 ./print_fit_hab.sh 0x60000 fsl-imx8mm-evk.dtb
170 0x40200000 0x5AC00 0xB0318
171 0x402B0318 0x10AF18 0x8628
172 0x920000 0x113540 0xA160
173 0xBE000000 0x11D6A0 0x48520
174
175 1.6 Creating the CSF description file for SPL + DDR FW image
176 -------------------------------------------------------------
177
178 The CSF contains all the commands that the ROM executes during the secure boot.
179 These commands instruct the HAB on which memory areas of the image to
180 authenticate and/or decrypt, which keys to install, use, etc...
181
182 CSF examples for encrypted boot are available under
183 doc/imx/hab/habv4/csf_examples/ directory.
184
185 With current CST implementation is not possible to encrypt and sign an image
186 at the same time, hence two CSF files are required on each time HAB is used.
187
188 1.6.1 csf_spl_enc.txt
189 ----------------------
190
191 The first CSF is used to encrypt the SPL and DDR FW images and generate the
192 dek_spl.bin file. The Authenticate Data command has to cover only the image
193 header and two commands have to be added to encrypt the image.
194
195 - Add the Authenticate Data command to only cover SPL IVT and boot data:
196
197 Blocks = 0x7E0FC0 0x0 0x40 "flash.bin"
198
199 - Add the Install Secret Key command to generate the dek_spl.bin file and
200 install the blob. The Blob Address depends on your image layout and can
201 be calculated as following:
202
203 Key = "dek_spl.bin"
204 Blob Address = Authenticate Start Address + Image length + CSF Padding
205 = 0x7E0FC0 + 0x2c400 + 0x2000 = 0x80F3C0
206
207 - Add the Decrypt Data command to encrypt the file. As SPL image header
208 cannot be encrypted we need to calculate the Block as following:
209
210 Start Address = Start Address + SPL header = 0x7E0FC0 + 0x40 = 0x7E1000
211 Offset = Image offset (image_off) = 0x40
212 Decrypt size = Image length - SPL header = 0x2C400 - 0x40 = 0x2C3C0
213
214 Blocks = 0x7E1000 0x40 0x2C3C0 "flash-spl-enc.bin"
215
216 1.6.2 csf_spl_sign_enc.txt
217 ---------------------------
218
219 The second CSF is used to sign the encrypted SPL image previously generated
220 (flash-spl-enc.bin).
221
222 - The Authenticate Data command should cover the entire SPL and DDR FW image,
223 the file parameter is the encrypted image flash-spl-enc.bin:
224
225 Blocks = 0x7E0FC0 0x0 0x2C400 "flash-spl-enc.bin"
226
227 - Add the Install Secret Key command to generate a dummy DEK blob file,
228 the blob address should be the same as used in csf_spl_enc.txt:
229
230 Key = "dek_spl_dummy.bin"
231
232 - Add the Decrypt Data command to encrypt the file. As image was encrypted
233 in CSF above we need to encrypt a dummy file, the block addresses should be
234 the same as used in csf_spl_enc.txt:
235
236 Blocks = 0x7E1000 0x40 0x2C3C0 "flash-spl-enc-dummy.bin"
237
238 1.7 Encrypting and signing the SPL + DDR FW image
239 --------------------------------------------------
240
241 The CST is used to encrypt the image and regenerate a random DEK. During this
242 step two CSF binaries are generated but only one will be included in final
243 image.
244
245 - Encrypt the SPL + DDR FW image:
246
247 $ cp flash.bin flash-spl-enc.bin
248 $ ./cst_encrypted -i csf_spl_enc.txt -o csf_spl_enc.bin
249
250 - Sign the encrypted SPL + DDR FW image:
251
252 $ cp flash-spl-enc.bin flash-spl-enc-dummy.bin
253 $ ./cst_encrypted -i csf_spl_sign_enc.txt -o csf_spl_sign_enc.bin
254
255 1.7.1 Create final CSF binary for SPL + DDR FW image
256 -----------------------------------------------------
257
258 As only one CSF binary will be included in final image it's necessary to
259 swap Nonce/MAC from csf_spl_enc.bin to csf_spl_sign_enc.bin.
260
261 - Calculate Nonce/MAC size based on MAC bytes value in CSF:
262
263 Nonce/MAC size = Nonce size + MAC bytes + CSF header for Nonce/Mac
264 = 12 + 16 + 8 = 36 bytes
265
266 - Calculate Nonce/MAC offset in CSF:
267
268 MAC offset = csf_spl_enc.bin size - Nonce/MAC size
269 = 3980 - 36 = 3944 Bytes
270
271 - Extract Nonce/MAC from csf_spl_enc.bin:
272
273 $ dd if=csf_spl_enc.bin of=noncemac.bin bs=1 skip=3944 count=36
274
275 - Replace the MAC of csf_spl_sign_enc with the one extracted above:
276
277 $ dd if=noncemac.bin of=csf_spl_sign_enc.bin bs=1 seek=3944 count=36
278
279 1.8 Creating the CSF description file for FIT image
280 ----------------------------------------------------
281
282 Similar to SPL image two CSF files are required encrypt and sign the FIT
283 image.
284
285 Please note that the steps below are using the flash-spl-enc.bin image created
286 in steps above.
287
288 1.8.1 csf_fit_enc.txt
289 ----------------------
290
291 The first CSF is used to encrypt the FIT image and generate the dek_fit.bin
292 file.
293
294 - Modify the Authenticate Data command to only cover FIT image FDT header:
295
296 Blocks = 0x401FCDC0 0x57C00 0x1020 "flash-spl-enc.bin"
297
298 - Add the Install Secret Key command to generate the dek_fit.bin file and
299 install the blob. The Blob Address is a fixed address defined in imx-mkimage
300 project in iMX8M/soc.mak file:
301
302 iMX8M/soc.mak:
303 DEK_BLOB_LOAD_ADDR = 0x40400000
304
305 Key = "dek_fit.bin"
306 Blob Address = 0x40400000
307
308 - Add the Decrypt Data command to encrypt the file.
309
310 The CST can only encrypt images that are 16 bytes aligned, as u-boot-nodtb.bin
311 and u-boot.dtb are together 16 bytes aligned we should consider the first two
312 lines provided in print_fit_hab as a single block.
313
314 imx-mkimage output:
315
316 0x40200000 0x5AC00 0xB0318 ──┬── Total length = 0xB0318 + 0x8628 = 0xB8940
317 0x402B0318 0x10AF18 0x8628 ──┘
318 0x920000 0x113540 0xA160
319 0xBE000000 0x11D6A0 0x48520
320
321 Decrypt data in csf_fit_enc.txt:
322
323 Blocks = 0x40200000 0x5AC00 0xB8940 "flash-spl-fit-enc.bin", \
324 0x920000 0x113540 0xA160 "flash-spl-fit-enc.bin", \
325 0xBE000000 0x11D6A0 0x48520 "flash-spl-fit-enc.bin"
326
327 1.8.2 csf_fit_sign_enc.txt
328 ---------------------------
329
330 The second CSF is used to sign the encrypted FIT image previously generated
331 (flash-spl-fit-enc.bin).
332
333 - The Authenticate Data command should cover the entire FIT image,
334 the file parameter is the encrypted FIT image flash-spl-fit-enc.bin:
335
336 Blocks = 0x401fcdc0 0x57c00 0x1020 "flash-spl-fit-enc.bin"
337 0x40200000 0x5AC00 0xB8940 "flash-spl-fit-enc.bin", \
338 0x920000 0x113540 0xA160 "flash-spl-fit-enc.bin", \
339 0xBE000000 0x11D6A0 0x48520 "flash-spl-fit-enc.bin"
340
341
342 - Add the Install Secret Key command to generate a dummy DEK blob file,
343 the blob address should be the same as used in csf_spl_enc.txt:
344
345 Key = "dek_fit_dummy.bin"
346
347 - Add the Decrypt Data command to encrypt the file. As image was encrypted
348 in CSF above we need to encrypt a dummy file, the block address should be
349 the same as used in csf_spl_enc.txt:
350
351 Blocks = 0x40200000 0x5AC00 0xB8940 "flash-spl-fit-enc-dummy.bin", \
352 0x920000 0x113540 0xA160"flash-spl-fit-enc-dummy.bin", \
353 0xBE000000 0x11D6A0 0x48520 "flash-spl-fit-enc-dummy.bin"
354
355 1.9 Encrypting and signing the FIT image
356 -----------------------------------------
357
358 The CST is used to encrypt the image and regenerate a random DEK. During this
359 step two CSF binaries are generated but only one will be included in final
360 image.
361
362 - Encrypt the FIT image:
363
364 $ cp flash-spl-enc.bin flash-spl-fit-enc.bin
365 $ ./cst_encrypted -i csf_fit_enc.txt -o csf_fit_enc.bin
366
367 - Sign the encrypted FIT image:
368
369 $ cp flash-spl-fit-enc.bin flash-spl-fit-enc-dummy.bin
370 $ ./cst_encrypted -i csf_fit_sign_enc.txt -o csf_fit_sign_enc.bin
371
372 1.9.1 Create final CSF binary for FIT image
373 -----------------------------------------------------
374
375 As only one CSF binary will be included in final image it's necessary to swap
376 Nonce/MAC from csf_fit_enc.bin to csf_fit_sign_enc.bin.
377
378 - Calculate Nonce/MAC size based on MAC bytes value in CSF:
379
380 Nonce/MAC size = Nonce size + MAC bytes + CSF header for Nonce/Mac
381 = 12 + 16 + 8 = 36 bytes
382
383 - Calculate Nonce/MAC offset in csf_fit_enc.bin:
384
385 MAC offset = csf_fit_enc.bin size - Nonce/MAC size
386 = 3996 - 36 = 3960 Bytes
387
388 - Extract Nonce/MAC from csf_fit_enc.bin:
389
390 $ dd if=csf_fit_enc.bin of=noncemac.bin bs=1 skip=3960 count=36
391
392 - Calculate Nonce/MAC offset in csf_fit_sign_enc.bin:
393
394 MAC offset = csf_fit_enc.bin size - Nonce/MAC size
395 = 4020 - 36 = 3984 Bytes
396
397 - Replace the MAC of csf_fit_sign_enc.bin with the one extracted above:
398
399 $ dd if=noncemac.bin of=csf_fit_sign_enc.bin bs=1 seek=3984 count=36
400
401 1.10 Generate the DEK Blob
402 ---------------------------
403
404 The DEK must be encapsulated into a CAAM blob so it can be included into
405 the final encrypted binary. The U-Boot provides a tool called dek_blob
406 which is calling the CAAM implementation included in OP-TEE.
407
408 Copy the dek_spl.bin and dek_fit.bin in SDCard FAT partition and run
409 the following commands from U-Boot prompt:
410
411 => mmc list
412 FSL_SDHC: 1 (SD)
413 FSL_SDHC: 2
414 => fatload mmc 1:1 0x40400000 dek_spl.bin
415 => dek_blob 0x40400000 0x40401000 128
416 => fatwrite mmc 1:1 0x40401000 dek_spl_blob.bin 0x48
417 => fatload mmc 1:1 0x40402000 dek_fit.bin
418 => dek_blob 0x40402000 0x40403000 128
419 => fatwrite mmc 1:1 0x40403000 dek_fit_blob.bin 0x48
420
421 In host PC copy the generated dek_spl_blob.bin and dek_fit_blob.bin to the
422 CST directory.
423
424 1.11 Assembly the encrypted image
425 ----------------------------------
426
427 The CSF binaries generated in the steps above have to be inserted into the
428 encrypted image.
429
430 The CSF offsets can be obtained from the flash.bin build log:
431
432 - SPL CSF offset:
433
434 csf_off 0x2c400
435
436 - FIT CSF offset:
437
438 sld_csf_off 0x58c20
439
440 The encrypted flash.bin image can be then assembled:
441
442 - Create a flash-spl-fit-enc.bin copy:
443
444 $ cp flash-spl-fit-enc.bin encrypted-flash.bin
445
446 1.11.1 Insert SPL CSF and DEK blob
447 -----------------------------------
448
449 - Insert csf_spl_sign_enc.bin in encrypted-flash.bin at 0x2c400 offset:
450
451 $ dd if=csf_spl_sign_enc.bin of=encrypted-flash.bin seek=$((0x2c400)) bs=1 conv=notrunc
452
453 - Insert dek_spl_blob.bin in encrypted-flash.bin at 0x2c400 + 0x2000 offset:
454
455 $ dd if=dek_spl_blob.bin of=encrypted-flash.bin seek=$((0x2e400)) bs=1 conv=notrunc
456
457 1.11.2 Insert FIT CSF and DEK blob
458 -----------------------------------
459
460 - Insert csf_fit_sign_enc.bin in encrypted-flash.bin at 0x58c20 offset:
461
462 $ dd if=csf_fit_sign_enc.bin of=encrypted-flash.bin seek=$((0x58c20)) bs=1 conv=notrunc
463
464 - The DEK blob must be inserted in last image entry on FIT image, the last line
465 provided by print_fit_hab taget log target can be used:
466
467 0x40200000 0x5AC00 0xB0318
468 0x402B0318 0x10AF18 0x8628
469 0x920000 0x113540 0xA160
470 0xBE000000 0x11D6A0 0x48520 -> Last line in print_fit_hab log
471
472 - Insert dek_fit_blob.bin encrypted-flash.bin at 0x11D6A0 + 0x48520 offset:
473
474 $ dd if=dek_fit_blob.bin of=encrypted-flash.bin seek=$((0x165BC0)) bs=1 conv=notrunc
475
476 1.11.3 Flash encrypted boot image
477 -----------------------------------
478
479 - Flash encrypted image in SDCard:
480
481 $ sudo dd if=encrypted-flash.bin of=/dev/sd<x> bs=1K seek=33* && sync
482 * Offset in i.MX8MN device is 32K.
483
484 2.0 Setting the PRIBLOB in CAAM SCFGR register
485 -----------------------------------------------
486
487 It is highly recommended to advance the PRIBLOB field in CAAM SCFGR register to
488 0x3, a command is available in U-Boot that should be called after all images in
489 boot flow has been decrypted by HAB:
490
491 => set_priblob_bitfield
492
493 The PRIBLOB configuration ensures cryptographic separation of private blob
494 types avoiding any modification or replacement of DEK blobs. Newly created
495 blobs will be incompatible with blobs required to decrypt an encrypted boot
496 image. When the HAB later executes the command to decrypt the DEK, an
497 incompatible DEK blob will be detected and cause an error. A substitute
498 encrypted boot image will not be decrypted, and will not be executed.
499
500 References:
501 [1] AN12056: "Encrypted Boot on HABv4 and CAAM Enabled Devices" - Rev. 1
502