Commit bec78ae0c26445f6d962f2c23188d9244ad962ff
1 parent
6baaad39ac
Exists in
smarc-imx-l5.0.0_1.0.0-ga
MA-6381 Add HAB support for the whole boot.img
boot.img includes kernel image, ramdisk img, dtb, and bootargs. All are critical for android security. Protect the whole boot.img with HAB. Signed-off-by: guoyin.chen <guoyin.chen@freescale.com>
Showing 1 changed file with 73 additions and 25 deletions Side-by-side Diff
common/cmd_fastboot.c
... | ... | @@ -2,7 +2,7 @@ |
2 | 2 | * Copyright 2008 - 2009 (C) Wind River Systems, Inc. |
3 | 3 | * Tom Rix <Tom.Rix@windriver.com> |
4 | 4 | * |
5 | - * Copyright (C) 2010-2014 Freescale Semiconductor, Inc. | |
5 | + * Copyright (C) 2010-2015 Freescale Semiconductor, Inc. | |
6 | 6 | * |
7 | 7 | * This program is free software; you can redistribute it and/or |
8 | 8 | * modify it under the terms of the GNU General Public License as |
9 | 9 | |
... | ... | @@ -1544,9 +1544,12 @@ |
1544 | 1544 | char *ptn = "boot"; |
1545 | 1545 | int mmcc = -1; |
1546 | 1546 | struct fastboot_boot_img_hdr *hdr = &boothdr; |
1547 | -#ifdef CONFIG_SECURE_BOOT | |
1548 | - u_int32_t load_addr; | |
1549 | 1547 | uint32_t image_size; |
1548 | + unsigned bootimg_addr; | |
1549 | +#ifdef CONFIG_SECURE_BOOT | |
1550 | +#define IVT_SIZE 0x20 | |
1551 | +#define CSF_PAD_SIZE 0x2000 | |
1552 | +#define ANDROID_BOOT_AUTH_SIZE 0x740000 | |
1550 | 1553 | #endif |
1551 | 1554 | int i = 0; |
1552 | 1555 | bootm_headers_t images; |
... | ... | @@ -1573,6 +1576,7 @@ |
1573 | 1576 | disk_partition_t info; |
1574 | 1577 | block_dev_desc_t *dev_desc = NULL; |
1575 | 1578 | unsigned sector; |
1579 | + unsigned bootimg_sectors; | |
1576 | 1580 | |
1577 | 1581 | memset((void *)&info, 0 , sizeof(disk_partition_t)); |
1578 | 1582 | /* i.MX use MBR as partition table, so this will have |
1579 | 1583 | |
1580 | 1584 | |
... | ... | @@ -1615,16 +1619,49 @@ |
1615 | 1619 | goto fail; |
1616 | 1620 | } |
1617 | 1621 | |
1618 | - sector = pte->start + (hdr->page_size / 512); | |
1622 | + image_size = hdr->page_size + | |
1623 | + ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) + | |
1624 | + ALIGN_SECTOR(hdr->ramdisk_size, hdr->page_size) + | |
1625 | + ALIGN_SECTOR(hdr->second_size, hdr->page_size); | |
1626 | + bootimg_sectors = image_size/512; | |
1627 | + bootimg_addr = hdr->kernel_addr - hdr->page_size; | |
1619 | 1628 | |
1620 | - if (mmc->block_dev.block_read(mmcc, sector, | |
1621 | - (hdr->kernel_size / 512) + 1, | |
1622 | - (void *)hdr->kernel_addr) < 0) { | |
1629 | +#ifdef CONFIG_SECURE_BOOT | |
1630 | + /* Default boot.img should be padded to ANDROID_BOOT_AUTH_SIZE | |
1631 | + before appended with IVT&CSF data. If the default boot.img exceed the | |
1632 | + size, the IVT&CSF data cannot appended to the end of boot.img */ | |
1633 | + if (image_size > ANDROID_BOOT_AUTH_SIZE) { | |
1634 | + printf("The image size is too large for athenticated boot!\n"); | |
1635 | + return 1; | |
1636 | + } | |
1637 | + image_size = ANDROID_BOOT_AUTH_SIZE; | |
1638 | + /* Make sure all data boot.img + IVT + CSF been read to memory */ | |
1639 | + bootimg_sectors = image_size/512 + | |
1640 | + ALIGN_SECTOR(IVT_SIZE + CSF_PAD_SIZE, 512)/512; | |
1641 | +#endif | |
1642 | + | |
1643 | + if (mmc->block_dev.block_read(mmcc, pte->start, | |
1644 | + bootimg_sectors, | |
1645 | + (void *)bootimg_addr) < 0) { | |
1623 | 1646 | printf("booti: mmc failed to read kernel\n"); |
1624 | 1647 | goto fail; |
1625 | 1648 | } |
1626 | 1649 | /* flush cache after read */ |
1627 | - flush_cache((ulong)hdr->kernel_addr, hdr->kernel_size); /* FIXME */ | |
1650 | + flush_cache((ulong)bootimg_addr, bootimg_sectors * 512); /* FIXME */ | |
1651 | + | |
1652 | +#ifdef CONFIG_SECURE_BOOT | |
1653 | + extern uint32_t authenticate_image(uint32_t ddr_start, | |
1654 | + uint32_t image_size); | |
1655 | + | |
1656 | + if (authenticate_image(bootimg_addr, image_size)) { | |
1657 | + printf("Authenticate OK\n"); | |
1658 | + } else { | |
1659 | + printf("Authenticate image Fail, Please check\n\n"); | |
1660 | + return 1; | |
1661 | + } | |
1662 | +#endif /*CONFIG_SECURE_BOOT*/ | |
1663 | + | |
1664 | + sector = pte->start + (hdr->page_size / 512); | |
1628 | 1665 | sector += ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) / 512; |
1629 | 1666 | if (mmc->block_dev.block_read(mmcc, sector, |
1630 | 1667 | (hdr->ramdisk_size / 512) + 1, |
... | ... | @@ -1678,6 +1715,29 @@ |
1678 | 1715 | end = fdtaddr + hdr->second_size; |
1679 | 1716 | } |
1680 | 1717 | #endif /*CONFIG_OF_LIBFDT*/ |
1718 | + | |
1719 | +#ifdef CONFIG_SECURE_BOOT | |
1720 | + image_size = hdr->page_size + | |
1721 | + ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) + | |
1722 | + ALIGN_SECTOR(hdr->ramdisk_size, hdr->page_size) + | |
1723 | + ALIGN_SECTOR(hdr->second_size, hdr->page_size); | |
1724 | + if (image_size > ANDROID_BOOT_AUTH_SIZE) { | |
1725 | + printf("The image size is too large for athenticated boot!\n"); | |
1726 | + return 1; | |
1727 | + } | |
1728 | + image_size = ANDROID_BOOT_AUTH_SIZE; | |
1729 | + bootimg_addr = addr; | |
1730 | + extern uint32_t authenticate_image(uint32_t ddr_start, | |
1731 | + uint32_t image_size); | |
1732 | + | |
1733 | + if (authenticate_image(bootimg_addr, image_size)) { | |
1734 | + printf("Authenticate OK\n"); | |
1735 | + } else { | |
1736 | + printf("Authenticate image Fail, Please check\n\n"); | |
1737 | + return 1; | |
1738 | + } | |
1739 | +#endif /*CONFIG_SECURE_BOOT*/ | |
1740 | + | |
1681 | 1741 | if (kaddr != hdr->kernel_addr) { |
1682 | 1742 | /*check overlap*/ |
1683 | 1743 | if (((hdr->kernel_addr >= addr) && |
1684 | 1744 | |
1685 | 1745 | |
... | ... | @@ -1726,25 +1786,13 @@ |
1726 | 1786 | printf("fdt @ %08x (%d)\n", hdr->second_addr, hdr->second_size); |
1727 | 1787 | #endif /*CONFIG_OF_LIBFDT*/ |
1728 | 1788 | |
1729 | -#ifdef CONFIG_SECURE_BOOT | |
1730 | -#define IVT_SIZE 0x20 | |
1731 | -#define CSF_PAD_SIZE 0x2000 | |
1732 | - extern uint32_t authenticate_image(uint32_t ddr_start, | |
1733 | - uint32_t image_size); | |
1734 | - | |
1735 | - image_size = hdr->ramdisk_addr + hdr->ramdisk_size - hdr->kernel_addr - | |
1736 | - IVT_SIZE - CSF_PAD_SIZE; | |
1737 | - | |
1738 | - if (authenticate_image(hdr->kernel_addr, image_size)) { | |
1739 | - printf("Authenticate OK\n"); | |
1740 | - } else { | |
1741 | - printf("Authenticate image Fail, Please check\n\n"); | |
1742 | - return 1; | |
1743 | - } | |
1744 | -#endif /*CONFIG_SECURE_BOOT*/ | |
1745 | - | |
1746 | 1789 | #ifdef CONFIG_CMDLINE_TAG |
1790 | +#ifndef CONFIG_SECURE_BOOT | |
1791 | + /* not allow to change bootargs in cmd line */ | |
1747 | 1792 | char *commandline = getenv("bootargs"); |
1793 | +#else | |
1794 | + char *commandline = NULL; | |
1795 | +#endif | |
1748 | 1796 | |
1749 | 1797 | /* If no bootargs env, just use hdr command line */ |
1750 | 1798 | if (!commandline) { |