Commit 6605ea47d7fbbd4687c8eb636335f4c1165be4e4
1 parent
4eca15e065
Exists in
smarc_8mq_lf_v2020.04
and in
4 other branches
MLK-12500-1 HAB: Add kernel image authentication in image loading
To support the trust boot chain, we integrate the authentication into the kernel image loading process. The kernel image will be verified at its load address. So when signing the kernel image, we need to use this load address which may change on different platforms. Signed-off-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 3c118b8d6bbe1a25ca8c8bafeb528309f16fc73d) (cherry picked from commit fd9a9759ed9b3a9fc26b18aff00880382213b1ca) (cherry picked from commit 98d4faefdb83579d4a5a170e06af5efb64ad2b3c) (cherry picked from commit 3c0f0eed6cb703cd7d67ec97520b1990b5e35fb2)
Showing 2 changed files with 33 additions and 0 deletions Side-by-side Diff
cmd/bootm.c
... | ... | @@ -123,6 +123,31 @@ |
123 | 123 | return do_bootm_subcommand(cmdtp, flag, argc, argv); |
124 | 124 | } |
125 | 125 | |
126 | +#ifdef CONFIG_IMX_HAB | |
127 | + extern int authenticate_image( | |
128 | + uint32_t ddr_start, uint32_t raw_image_size); | |
129 | + | |
130 | + switch (genimg_get_format((const void *)image_load_addr)) { | |
131 | +#if defined(CONFIG_LEGACY_IMAGE_FORMAT) | |
132 | + case IMAGE_FORMAT_LEGACY: | |
133 | + if (authenticate_image(image_load_addr, | |
134 | + image_get_image_size((image_header_t *)image_load_addr)) != 0) { | |
135 | + printf("Authenticate uImage Fail, Please check\n"); | |
136 | + return 1; | |
137 | + } | |
138 | + break; | |
139 | +#endif | |
140 | +#ifdef CONFIG_ANDROID_BOOT_IMAGE | |
141 | + case IMAGE_FORMAT_ANDROID: | |
142 | + /* Do this authentication in boota command */ | |
143 | + break; | |
144 | +#endif | |
145 | + default: | |
146 | + printf("Not valid image format for Authentication, Please check\n"); | |
147 | + return 1; | |
148 | + } | |
149 | +#endif | |
150 | + | |
126 | 151 | return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START | |
127 | 152 | BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | |
128 | 153 | BOOTM_STATE_LOADOS | |
cmd/bootz.c
... | ... | @@ -56,6 +56,14 @@ |
56 | 56 | if (bootm_find_images(flag, argc, argv)) |
57 | 57 | return 1; |
58 | 58 | |
59 | +#ifdef CONFIG_IMX_HAB | |
60 | + extern int authenticate_image( | |
61 | + uint32_t ddr_start, uint32_t raw_image_size); | |
62 | + if (authenticate_image(images->ep, zi_end - zi_start) != 0) { | |
63 | + printf("Authenticate zImage Fail, Please check\n"); | |
64 | + return 1; | |
65 | + } | |
66 | +#endif | |
59 | 67 | return 0; |
60 | 68 | } |
61 | 69 |
-
mentioned in commit 3b09ef