Commit 570267bf173304655674bfa6f1640f310900f8f7
Committed by
Ye Li
Ye Li
1 parent
267ed0a245
Exists in
smarc_8mq_lf_v2020.04
and in
4 other branches
MLK-20061-1: doc: imx: habv4: Add Encrypted Boot documentation for i.MX 6 and i.MX 7 family devices
Add useful documentation for encrypted boot: - Add 2 CSF examples for encrypt and sign - How to encrypt and sign a U-Boot binary on closed device - Why and how increase the PRIBLOB bitfield from CAAM SCFGR Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com> (cherry picked from commit 3732dddfeddd989ca1fb930972f19303e3b67756) (cherry picked from commit 9e7ccdd51a0754e728f2e27d282aaa3dbc8eec38)
Showing 3 changed files with 381 additions and 0 deletions Side-by-side Diff
doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_enc.txt
| 1 | +[Header] | |
| 2 | + Version = 4.2 | |
| 3 | + Hash Algorithm = sha256 | |
| 4 | + Engine Configuration = 0 | |
| 5 | + Certificate Format = X509 | |
| 6 | + Signature Format = CMS | |
| 7 | + Engine = CAAM | |
| 8 | + | |
| 9 | +[Install SRK] | |
| 10 | + # Index of the key location in the SRK table to be installed | |
| 11 | + File = "../crts/SRK_1_2_3_4_table.bin" | |
| 12 | + Source index = 0 | |
| 13 | + | |
| 14 | +[Install CSFK] | |
| 15 | + # Key used to authenticate the CSF data | |
| 16 | + File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem" | |
| 17 | + | |
| 18 | +[Authenticate CSF] | |
| 19 | + | |
| 20 | +[Install Key] | |
| 21 | + # Key slot index used to authenticate the key to be installed | |
| 22 | + Verification index = 0 | |
| 23 | + # Target key slot in HAB key store where key will be installed | |
| 24 | + Target Index = 2 | |
| 25 | + # Key to install | |
| 26 | + File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem" | |
| 27 | + | |
| 28 | +[Authenticate Data] | |
| 29 | + # Key slot index used to authenticate the image data | |
| 30 | + Verification index = 2 | |
| 31 | + # This Authenticate Data command covers the IVT and DCD Data | |
| 32 | + # The image file referenced will remain unmodified by CST | |
| 33 | + Blocks = 0x877ff400 0x000 0xc00 "u-boot-dtb.imx" | |
| 34 | + | |
| 35 | +[Install Secret Key] | |
| 36 | + # Install the blob | |
| 37 | + Verification Index = 0 | |
| 38 | + Target Index = 0 | |
| 39 | + Key = "dek.bin" | |
| 40 | + Key Length = 128 | |
| 41 | + # Start address + padding 0x2000 + length | |
| 42 | + Blob Address = 0x878a0000 | |
| 43 | + | |
| 44 | +[Decrypt Data] | |
| 45 | + # The decrypt data command below causes CST to modify the input | |
| 46 | + # file and encrypt the specified block of data. This image file | |
| 47 | + # is a copy of the file used for the authentication command above | |
| 48 | + Verification Index = 0 | |
| 49 | + Mac Bytes = 16 | |
| 50 | + Blocks = 0x87800000 0x00000c00 0x9e000 "u-boot-dtb.imx-enc" |
doc/imx/habv4/csf_examples/mx6_mx7/csf_u-boot_sign_enc.txt
| 1 | +[Header] | |
| 2 | + Version = 4.2 | |
| 3 | + Hash Algorithm = sha256 | |
| 4 | + Engine Configuration = 0 | |
| 5 | + Certificate Format = X509 | |
| 6 | + Signature Format = CMS | |
| 7 | + Engine = CAAM | |
| 8 | + | |
| 9 | +[Install SRK] | |
| 10 | + # Index of the key location in the SRK table to be installed | |
| 11 | + File = "../crts/SRK_1_2_3_4_table.bin" | |
| 12 | + Source index = 0 | |
| 13 | + | |
| 14 | +[Install CSFK] | |
| 15 | + # Key used to authenticate the CSF data | |
| 16 | + File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem" | |
| 17 | + | |
| 18 | +[Authenticate CSF] | |
| 19 | + | |
| 20 | +[Install Key] | |
| 21 | + # Key slot index used to authenticate the key to be installed | |
| 22 | + Verification index = 0 | |
| 23 | + # Target key slot in HAB key store where key will be installed | |
| 24 | + Target Index = 2 | |
| 25 | + # Key to install | |
| 26 | + File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem" | |
| 27 | + | |
| 28 | +[Authenticate Data] | |
| 29 | + # This Authenticate Data commandcovers both clear and encrypted data. | |
| 30 | + # The image file referenced will remain unmodified by CST. | |
| 31 | + # Key slot index used to authenticate the image data | |
| 32 | + Verification index = 2 | |
| 33 | + # Authenticate Start Address, Offset, Length and file | |
| 34 | + Blocks = 0x877ff400 0x000 0x0009ec00 "u-boot-dtb.imx-enc" | |
| 35 | + | |
| 36 | +[Install Secret Key] | |
| 37 | + # Install the blob - This will manage a new key that will not be used in | |
| 38 | + # the final image, so the file name has to be different | |
| 39 | + Verification Index = 0 | |
| 40 | + Target Index = 0 | |
| 41 | + Key = "dek-dummy.bin" | |
| 42 | + Key Length = 128 | |
| 43 | + # Start address + padding 0x2000 + length | |
| 44 | + Blob Address = 0x878a000 | |
| 45 | + | |
| 46 | +[Decrypt Data] | |
| 47 | + # The decrypt Data command is a place holder to ensure the | |
| 48 | + # CSF includes the decrypt data command from the first pass. | |
| 49 | + # The file that CST will encrypt will not be used, so the file | |
| 50 | + # name has to be different. | |
| 51 | + Verification Index = 0 | |
| 52 | + Mac Bytes = 16 | |
| 53 | + Blocks = 0x87800000 0x00000c00 0x9e000 "u-boot-dtb.imx-dummy" |
doc/imx/habv4/guides/mx6_mx7_encrypted_boot.txt
| 1 | ++==========================================================+ | |
| 2 | ++ i.MX6, i.MX7 U-Boot Encrypted Boot guide using HABv4 + | |
| 3 | ++==========================================================+ | |
| 4 | + | |
| 5 | +1. HABv4 Encrypted Boot process | |
| 6 | +------------------------------- | |
| 7 | + | |
| 8 | +This document describes a step-by-step procedure on how to encrypt and | |
| 9 | +sign an U-Boot image. It is assumed that the reader is familiar | |
| 10 | +with basic HAB concepts and has already followed the mx6_mx7_secure_boot.txt | |
| 11 | +guide and got a working closed device. | |
| 12 | + | |
| 13 | +Details about HAB and encrypted boot process can be found in application | |
| 14 | +notes AN4581[1] and AN12056[2] and in the introduction_habv4.txt document. | |
| 15 | + | |
| 16 | +Before continuing, be sure to have fatwrite and dek_blob commands | |
| 17 | +available in U-Boot. If not, enable them in Kconfig and rebuild | |
| 18 | +U-Boot: | |
| 19 | + | |
| 20 | +- Defconfig | |
| 21 | + | |
| 22 | + CONFIG_FAT_WRITE=y | |
| 23 | + CONFIG_CMD_DEKBLOB=y | |
| 24 | + CONFIG_CDM_PRIBLOB=y | |
| 25 | + | |
| 26 | +- Kconfig | |
| 27 | + | |
| 28 | + File systems -> Enable FAT filesystem support-> Enable FAT filesystem | |
| 29 | + write support | |
| 30 | + ARM architecture -> Support the 'dek_blob' command | |
| 31 | + ARM architecture -> Support the set_priblob_bitfield command | |
| 32 | + | |
| 33 | +1.1 Building an encrypted U-Boot image | |
| 34 | +-------------------------------------- | |
| 35 | + | |
| 36 | +This U-Boot is built the same way the one from the secure document is, | |
| 37 | +so it provides the same access the the HAB APIs, extra functions | |
| 38 | +for HAB, etc... | |
| 39 | + | |
| 40 | +However, the layout of the new image is different, as a part of it is | |
| 41 | +encrypted, and a DEK blob is appended at the end. The diagram below | |
| 42 | +illustrates an encrypted u-boot-dtb.imx image layout: | |
| 43 | + | |
| 44 | + ----------------------- +-----------------------------+ <--- *start | |
| 45 | + ^ ^ | Image Vector Table | | |
| 46 | + | | +-----------------------------+ <--- *boot_data | |
| 47 | + | | | Boot Data | | |
| 48 | + | Plain | +-----------------------------+ <--- *dcd | |
| 49 | + | text | | DCD Table | | |
| 50 | + | | +-----------------------------+ | |
| 51 | + Signed | v | Padding | | |
| 52 | + data | ------- +-----------------------------+ <--- *entry | |
| 53 | + | ^ | | | |
| 54 | + | | | | | |
| 55 | + | Encrypted | | u-boot-dtb.bin | | |
| 56 | + | data | | | | |
| 57 | + | | | | | |
| 58 | + | | +-----------------------------+ | |
| 59 | + v v | Padding | | |
| 60 | + ----------------------- +-----------------------------+ <--- *csf | |
| 61 | + ^ | Command Sequence File | | |
| 62 | + 0x2000 | | (commands + SRK table + | | |
| 63 | + (in bytes) | | signatures + certificates + | | |
| 64 | + v | Nonce + MAC) | | |
| 65 | + ------- +-----------------------------+ | |
| 66 | + | Padding | | |
| 67 | + +-----------------------------+ <--- *csf + 0x2000 | |
| 68 | + | DEK Blob | | |
| 69 | + +-----------------------------+ | |
| 70 | + | Padding | | |
| 71 | + +-----------------------------+ | |
| 72 | + | |
| 73 | +1.2 Get a secure boot working | |
| 74 | +----------------------------- | |
| 75 | + | |
| 76 | +You need to go through all the steps described into the | |
| 77 | +mx6_mx7_secure_boot.txt guide, and get a signed U-Boot which can | |
| 78 | +boot successfully on a closed target. Otherwise, the following | |
| 79 | +steps will not work. | |
| 80 | + | |
| 81 | +1.3 Compile the CST to enable the encrypting feature | |
| 82 | +---------------------------------------------------- | |
| 83 | + | |
| 84 | +The encrypting feature is not enabled by default. You need to | |
| 85 | +execute the following commands to enable it: | |
| 86 | + | |
| 87 | + $ sudo apt-get install libssl-dev openssl | |
| 88 | + $ cd <CST install directory>/code/back_end/src | |
| 89 | + $ gcc -o cst_encrypted -I ../hdr -L ../../../linux64/lib *.c | |
| 90 | + -lfrontend -lcrypto | |
| 91 | + $ cp cst_encrypted ../../../<where your original CST executable is> | |
| 92 | + | |
| 93 | +1.4 Creating the CSF description files | |
| 94 | +-------------------------------------- | |
| 95 | + | |
| 96 | +The CSF contains all the commands that the ROM executes during the | |
| 97 | +secure boot. These commands instruct the HAB on which memory areas | |
| 98 | +of the image to authenticate, which keys to install, use, etc... | |
| 99 | + | |
| 100 | +CSF examples for encrypted boot are available under | |
| 101 | +doc/imx/hab/habv4/csf_examples/ directory. | |
| 102 | + | |
| 103 | +For both CSF, first part is same compared to the CSF used for | |
| 104 | +the secure boot step. | |
| 105 | +Here we describe how to encrypt the U-Boot image and then sign it. | |
| 106 | + | |
| 107 | +1.4.1 csf_u-boot_enc.txt | |
| 108 | +------------------------- | |
| 109 | + | |
| 110 | +This first CSF is used to encrypt the U-Boot image and generate the | |
| 111 | +dek.bin file. The Authenticate Data command has to be modified, and | |
| 112 | +two new commands have to be added: | |
| 113 | + | |
| 114 | +- Modify the Authenticate Data command to only cover IVT and DCD: | |
| 115 | + | |
| 116 | + Blocks = 0x877ff400 0x00000000 0x00000c00 "u-boot-dtb.imx" | |
| 117 | + | |
| 118 | +- Add the new Install Secret Key command to generate the dek.bin | |
| 119 | + file and install the blob. The parameter which depends of your | |
| 120 | + configuration is the Blob Address. Padding of 0x2000 is | |
| 121 | + recommended. Following the csf_uboot.txt data for instance: | |
| 122 | + | |
| 123 | + Blob Address = Authenticate Start Address + Padding + length | |
| 124 | + = 0x877ff400 + 0x2000 + 0x9ec00 = 0x878a0000 | |
| 125 | + | |
| 126 | +- Add the new Decrypt Data command to encrypt the file. As the file | |
| 127 | + specified in parameter will be modified, we suggest to copy it. | |
| 128 | + Then modify the Blocks command depending of your U-Boot image. | |
| 129 | + In our example: | |
| 130 | + | |
| 131 | + $ cp u-boot-dtb.imx u-boot-dtb.imx-enc | |
| 132 | + Block = (Authenticate start addr + 0xc00) 0xc00 (length - 0xc00) | |
| 133 | + u-boot-dtb.imx-enc | |
| 134 | + = (0x877ff400 + 0xc00) 0xc00 (0x9ec00 - 0xc00) | |
| 135 | + u-boot-dtb.imx-enc | |
| 136 | + = 0x87800000 0xc00 0x9e000 u-boot-dtb.imx-enc | |
| 137 | + | |
| 138 | +1.4.2 csf_u-boot_sign_enc.txt | |
| 139 | +----------------------------- | |
| 140 | + | |
| 141 | +This second CSF is used to sign the encrypted U-Boot image previously | |
| 142 | +generated (u-boot-dtb.imx-enc). The Authenticate Data part has also | |
| 143 | +to be changed, the modifications are the following: | |
| 144 | + | |
| 145 | +- The Authenticate Data command is same compared to the one in | |
| 146 | + csf_uboot.txt file, except that this time, the file parameter | |
| 147 | + is the file previously encrypted: u-boot-dtb.imx-enc. | |
| 148 | + | |
| 149 | + Blocks = 0x877ff400 0x000 0x0009ec00 "u-boot-dtb.imx-enc" | |
| 150 | + | |
| 151 | +- For the two new commands, we do not want to they modify our previously | |
| 152 | + signed/generated files. Therefore, for the Key parameter of the | |
| 153 | + Install Secret Key command, the value is now dek-dummy.bin, which | |
| 154 | + will generate a new dek file instead of erasing the previous one. | |
| 155 | + About the decrypt data command, you need to copy the u-boot-dtb.imx | |
| 156 | + file again in a u-boot-dtb.imx-dummy file, to not replace the | |
| 157 | + original encrypted file with an encrypted one: | |
| 158 | + | |
| 159 | + Key = "dek-dummy.bin" | |
| 160 | + Blocks = 0x87800000 0x00000c00 0x9e000 "u-boot-dtb.imx-dummy" | |
| 161 | + | |
| 162 | +1.5 Encrypt the U-Boot image | |
| 163 | +---------------------------- | |
| 164 | + | |
| 165 | +The image is encrypted using the Code Signing Tool. It generates also | |
| 166 | +a CSF binary and a dek.bin file, which will be used on the future | |
| 167 | +steps below. | |
| 168 | + | |
| 169 | +- Create the CSF binary file and encrypt the U-Boot image | |
| 170 | + | |
| 171 | + $ ./cst_encrypted -i csf_u-boot_enc.txt -o csf_u-boot_enc.bin | |
| 172 | + | |
| 173 | +1.6 Sign the encrypted U-Boot image | |
| 174 | +----------------------------------- | |
| 175 | + | |
| 176 | +The image is then signed using the Code Signing Tool. It also | |
| 177 | +generate a CSF binary, which will be used on the future steps below. | |
| 178 | + | |
| 179 | +- Create the CSF binary file and sign the encrypted U-Boot image | |
| 180 | + | |
| 181 | + $ ./cst_encrypted -i csf_u-boot_sign_enc.txt -o csf_u-boot_sign_enc.bin | |
| 182 | + | |
| 183 | +1.7 Swap Nonce/MAC from csf_u-boot_enc.bin to csf_u-boot_sign_enc.bin | |
| 184 | +--------------------------------------------------------------------- | |
| 185 | + | |
| 186 | +First, calculate Nonce/MAC size based on MAC bytes value | |
| 187 | +in CSF. As Mac bytes is 16: | |
| 188 | + | |
| 189 | + Nonce/MAC size = Nonce size + MAC bytes + CSF header for Nonce/Mac | |
| 190 | + = 12 + 16 + 8 = 36 bytes | |
| 191 | + | |
| 192 | +Then, calculate Nonce/MAC offset in CSF: | |
| 193 | + | |
| 194 | + MAC offset = csf_u-boot-enc.bin size - Nonce/MAC size | |
| 195 | + = 3972 - 36 = 3936 Bytes | |
| 196 | + | |
| 197 | +In the next step, extract Nonce/NAC from the first CSF: | |
| 198 | + | |
| 199 | + $ dd if=csf_u-boot_enc.bin of=noncemac.bin bs=1 skip=3936 count=36 | |
| 200 | + | |
| 201 | +Finally, replace the MAC of csf_u-boot_sign_enc.bin with the extracted | |
| 202 | +one: | |
| 203 | + | |
| 204 | + $ dd if=noncemac.bin of=csf_u-boot_sign_enc.bin bs=1 seek=3936 count=36 | |
| 205 | + | |
| 206 | +1.8 Generate encryptedu-boot with no dek | |
| 207 | +---------------------------------------- | |
| 208 | + | |
| 209 | +As described in the layout in the first part of this document, the | |
| 210 | +final image is composed of these different parts padded to known | |
| 211 | +values, to make it compliant with the CSF. | |
| 212 | + | |
| 213 | +First, pad the CSF to 0x2000: | |
| 214 | + | |
| 215 | + $ objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0xff | |
| 216 | + csf_u-boot_sign_enc.bin csf_u-boot_sign_enc_padded.bin | |
| 217 | + | |
| 218 | +Then, append this file to the encrypted U-Boot image: | |
| 219 | + | |
| 220 | + $ cat u-boot-dtb.imx-enc csf_u-boot_sign_enc_padded.bin > | |
| 221 | + u-boot_encrypted_no_dek.bin | |
| 222 | + | |
| 223 | +Pad this new file to width+offset (0x9ec00 + 0x2000 = 0xa0c00): | |
| 224 | + | |
| 225 | + $ objcopy -I binary -O binary --pad-to 0xa0c00 --gap-fill=0x00 | |
| 226 | + u-boot_encrypted_no_dek.bin u-boot_encrypted_no_dek_padded.bin | |
| 227 | + | |
| 228 | +1.9 Generate the DEK Blob | |
| 229 | +------------------------- | |
| 230 | +The missing part to get our final U-Boot encrypted image is a DEK | |
| 231 | +blob. To generate it, copy the dek.bin file generated at step 1.5 | |
| 232 | +on the Boot partition of your SD Card. Then interrupt the boot | |
| 233 | +and your chip. You need the fatwrite and dek_blob command, which | |
| 234 | +should be enabled by the secure boot. If not, you have to enable | |
| 235 | +them in Kconfig and recompile U-Boot | |
| 236 | + | |
| 237 | +Run the following commands: | |
| 238 | + | |
| 239 | + => mmc list | |
| 240 | + FSL_SDHC: 0 (SD) #index to use for mmc in following commands | |
| 241 | + => fatload mmc 0 0x80800000 dek.bin | |
| 242 | + => dek_blob 0x80800000 0x80801000 128 | |
| 243 | + => fatwrite mmc 0 0x80801000 dek_blob.bin 0x48 | |
| 244 | + | |
| 245 | +1.10 Finalize the encrypted U-Boot image | |
| 246 | +---------------------------------------- | |
| 247 | + | |
| 248 | +Finally, copy the generated dek_blob.bin file from your SDCard to | |
| 249 | +your CST repository. Append it with the last padded file to get your | |
| 250 | +final image: | |
| 251 | + | |
| 252 | + $ cat u-boot_encrypted_no_dek_padded.bin dek_blob.bin > | |
| 253 | + u-boot_encrypted.bin | |
| 254 | + | |
| 255 | +If the image does not boot, please verify the size of your | |
| 256 | +U-Boot image, the length specified into CSF and the padding values. | |
| 257 | + | |
| 258 | +2. About the PRIBLOB bitfield from CAAM SCFGR register | |
| 259 | +------------------------------------------------------ | |
| 260 | + | |
| 261 | +It is highly recommended to set the PRIBLOB bitfield from the CAAM | |
| 262 | +SCFGR register to 0x3 once your encrypted U-Boot image is completed. | |
| 263 | +To do so, a command has been implemented in u-boot: | |
| 264 | + | |
| 265 | + => set_priblob_bitfield | |
| 266 | + | |
| 267 | +Once this bitfield is set to 0x3, it ensures cryptographic separation | |
| 268 | +of private blob types avoiding any modification or replacement of | |
| 269 | +DEK blobs. Newly created blobs will be incompatible with blobs | |
| 270 | +required to decrypt an encrypted boot image. When the HAB later | |
| 271 | +executes the command to decrypt the DEK, an incompatible DEK blob | |
| 272 | +will be detected and cause an error. A substitute encrypted boot image | |
| 273 | +will not be decrypted, and will not be executed. | |
| 274 | + | |
| 275 | +References: | |
| 276 | +[1] AN4581: "Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series | |
| 277 | +using HABv4" - Rev. 2 | |
| 278 | +[2] AN12056: "Encrypted Boot on HABv4 and CAAM Enabled Devices" - Rev. 1 |
-
mentioned in commit 94b2c4
