Commit bec78ae0c26445f6d962f2c23188d9244ad962ff
1 parent
6baaad39ac
Exists in
smarc-imx-l5.0.0_1.0.0-ga
MA-6381 Add HAB support for the whole boot.img
boot.img includes kernel image, ramdisk img, dtb, and bootargs. All are critical for android security. Protect the whole boot.img with HAB. Signed-off-by: guoyin.chen <guoyin.chen@freescale.com>
Showing 1 changed file with 73 additions and 25 deletions Side-by-side Diff
common/cmd_fastboot.c
| ... | ... | @@ -2,7 +2,7 @@ |
| 2 | 2 | * Copyright 2008 - 2009 (C) Wind River Systems, Inc. |
| 3 | 3 | * Tom Rix <Tom.Rix@windriver.com> |
| 4 | 4 | * |
| 5 | - * Copyright (C) 2010-2014 Freescale Semiconductor, Inc. | |
| 5 | + * Copyright (C) 2010-2015 Freescale Semiconductor, Inc. | |
| 6 | 6 | * |
| 7 | 7 | * This program is free software; you can redistribute it and/or |
| 8 | 8 | * modify it under the terms of the GNU General Public License as |
| 9 | 9 | |
| ... | ... | @@ -1544,9 +1544,12 @@ |
| 1544 | 1544 | char *ptn = "boot"; |
| 1545 | 1545 | int mmcc = -1; |
| 1546 | 1546 | struct fastboot_boot_img_hdr *hdr = &boothdr; |
| 1547 | -#ifdef CONFIG_SECURE_BOOT | |
| 1548 | - u_int32_t load_addr; | |
| 1549 | 1547 | uint32_t image_size; |
| 1548 | + unsigned bootimg_addr; | |
| 1549 | +#ifdef CONFIG_SECURE_BOOT | |
| 1550 | +#define IVT_SIZE 0x20 | |
| 1551 | +#define CSF_PAD_SIZE 0x2000 | |
| 1552 | +#define ANDROID_BOOT_AUTH_SIZE 0x740000 | |
| 1550 | 1553 | #endif |
| 1551 | 1554 | int i = 0; |
| 1552 | 1555 | bootm_headers_t images; |
| ... | ... | @@ -1573,6 +1576,7 @@ |
| 1573 | 1576 | disk_partition_t info; |
| 1574 | 1577 | block_dev_desc_t *dev_desc = NULL; |
| 1575 | 1578 | unsigned sector; |
| 1579 | + unsigned bootimg_sectors; | |
| 1576 | 1580 | |
| 1577 | 1581 | memset((void *)&info, 0 , sizeof(disk_partition_t)); |
| 1578 | 1582 | /* i.MX use MBR as partition table, so this will have |
| 1579 | 1583 | |
| 1580 | 1584 | |
| ... | ... | @@ -1615,16 +1619,49 @@ |
| 1615 | 1619 | goto fail; |
| 1616 | 1620 | } |
| 1617 | 1621 | |
| 1618 | - sector = pte->start + (hdr->page_size / 512); | |
| 1622 | + image_size = hdr->page_size + | |
| 1623 | + ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) + | |
| 1624 | + ALIGN_SECTOR(hdr->ramdisk_size, hdr->page_size) + | |
| 1625 | + ALIGN_SECTOR(hdr->second_size, hdr->page_size); | |
| 1626 | + bootimg_sectors = image_size/512; | |
| 1627 | + bootimg_addr = hdr->kernel_addr - hdr->page_size; | |
| 1619 | 1628 | |
| 1620 | - if (mmc->block_dev.block_read(mmcc, sector, | |
| 1621 | - (hdr->kernel_size / 512) + 1, | |
| 1622 | - (void *)hdr->kernel_addr) < 0) { | |
| 1629 | +#ifdef CONFIG_SECURE_BOOT | |
| 1630 | + /* Default boot.img should be padded to ANDROID_BOOT_AUTH_SIZE | |
| 1631 | + before appended with IVT&CSF data. If the default boot.img exceed the | |
| 1632 | + size, the IVT&CSF data cannot appended to the end of boot.img */ | |
| 1633 | + if (image_size > ANDROID_BOOT_AUTH_SIZE) { | |
| 1634 | + printf("The image size is too large for athenticated boot!\n"); | |
| 1635 | + return 1; | |
| 1636 | + } | |
| 1637 | + image_size = ANDROID_BOOT_AUTH_SIZE; | |
| 1638 | + /* Make sure all data boot.img + IVT + CSF been read to memory */ | |
| 1639 | + bootimg_sectors = image_size/512 + | |
| 1640 | + ALIGN_SECTOR(IVT_SIZE + CSF_PAD_SIZE, 512)/512; | |
| 1641 | +#endif | |
| 1642 | + | |
| 1643 | + if (mmc->block_dev.block_read(mmcc, pte->start, | |
| 1644 | + bootimg_sectors, | |
| 1645 | + (void *)bootimg_addr) < 0) { | |
| 1623 | 1646 | printf("booti: mmc failed to read kernel\n"); |
| 1624 | 1647 | goto fail; |
| 1625 | 1648 | } |
| 1626 | 1649 | /* flush cache after read */ |
| 1627 | - flush_cache((ulong)hdr->kernel_addr, hdr->kernel_size); /* FIXME */ | |
| 1650 | + flush_cache((ulong)bootimg_addr, bootimg_sectors * 512); /* FIXME */ | |
| 1651 | + | |
| 1652 | +#ifdef CONFIG_SECURE_BOOT | |
| 1653 | + extern uint32_t authenticate_image(uint32_t ddr_start, | |
| 1654 | + uint32_t image_size); | |
| 1655 | + | |
| 1656 | + if (authenticate_image(bootimg_addr, image_size)) { | |
| 1657 | + printf("Authenticate OK\n"); | |
| 1658 | + } else { | |
| 1659 | + printf("Authenticate image Fail, Please check\n\n"); | |
| 1660 | + return 1; | |
| 1661 | + } | |
| 1662 | +#endif /*CONFIG_SECURE_BOOT*/ | |
| 1663 | + | |
| 1664 | + sector = pte->start + (hdr->page_size / 512); | |
| 1628 | 1665 | sector += ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) / 512; |
| 1629 | 1666 | if (mmc->block_dev.block_read(mmcc, sector, |
| 1630 | 1667 | (hdr->ramdisk_size / 512) + 1, |
| ... | ... | @@ -1678,6 +1715,29 @@ |
| 1678 | 1715 | end = fdtaddr + hdr->second_size; |
| 1679 | 1716 | } |
| 1680 | 1717 | #endif /*CONFIG_OF_LIBFDT*/ |
| 1718 | + | |
| 1719 | +#ifdef CONFIG_SECURE_BOOT | |
| 1720 | + image_size = hdr->page_size + | |
| 1721 | + ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) + | |
| 1722 | + ALIGN_SECTOR(hdr->ramdisk_size, hdr->page_size) + | |
| 1723 | + ALIGN_SECTOR(hdr->second_size, hdr->page_size); | |
| 1724 | + if (image_size > ANDROID_BOOT_AUTH_SIZE) { | |
| 1725 | + printf("The image size is too large for athenticated boot!\n"); | |
| 1726 | + return 1; | |
| 1727 | + } | |
| 1728 | + image_size = ANDROID_BOOT_AUTH_SIZE; | |
| 1729 | + bootimg_addr = addr; | |
| 1730 | + extern uint32_t authenticate_image(uint32_t ddr_start, | |
| 1731 | + uint32_t image_size); | |
| 1732 | + | |
| 1733 | + if (authenticate_image(bootimg_addr, image_size)) { | |
| 1734 | + printf("Authenticate OK\n"); | |
| 1735 | + } else { | |
| 1736 | + printf("Authenticate image Fail, Please check\n\n"); | |
| 1737 | + return 1; | |
| 1738 | + } | |
| 1739 | +#endif /*CONFIG_SECURE_BOOT*/ | |
| 1740 | + | |
| 1681 | 1741 | if (kaddr != hdr->kernel_addr) { |
| 1682 | 1742 | /*check overlap*/ |
| 1683 | 1743 | if (((hdr->kernel_addr >= addr) && |
| 1684 | 1744 | |
| 1685 | 1745 | |
| ... | ... | @@ -1726,25 +1786,13 @@ |
| 1726 | 1786 | printf("fdt @ %08x (%d)\n", hdr->second_addr, hdr->second_size); |
| 1727 | 1787 | #endif /*CONFIG_OF_LIBFDT*/ |
| 1728 | 1788 | |
| 1729 | -#ifdef CONFIG_SECURE_BOOT | |
| 1730 | -#define IVT_SIZE 0x20 | |
| 1731 | -#define CSF_PAD_SIZE 0x2000 | |
| 1732 | - extern uint32_t authenticate_image(uint32_t ddr_start, | |
| 1733 | - uint32_t image_size); | |
| 1734 | - | |
| 1735 | - image_size = hdr->ramdisk_addr + hdr->ramdisk_size - hdr->kernel_addr - | |
| 1736 | - IVT_SIZE - CSF_PAD_SIZE; | |
| 1737 | - | |
| 1738 | - if (authenticate_image(hdr->kernel_addr, image_size)) { | |
| 1739 | - printf("Authenticate OK\n"); | |
| 1740 | - } else { | |
| 1741 | - printf("Authenticate image Fail, Please check\n\n"); | |
| 1742 | - return 1; | |
| 1743 | - } | |
| 1744 | -#endif /*CONFIG_SECURE_BOOT*/ | |
| 1745 | - | |
| 1746 | 1789 | #ifdef CONFIG_CMDLINE_TAG |
| 1790 | +#ifndef CONFIG_SECURE_BOOT | |
| 1791 | + /* not allow to change bootargs in cmd line */ | |
| 1747 | 1792 | char *commandline = getenv("bootargs"); |
| 1793 | +#else | |
| 1794 | + char *commandline = NULL; | |
| 1795 | +#endif | |
| 1748 | 1796 | |
| 1749 | 1797 | /* If no bootargs env, just use hdr command line */ |
| 1750 | 1798 | if (!commandline) { |