verified-boot: Minimal support for booting U-Boot proper from SPL

This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>
This commit is contained in:
Teddy Reed 2016-06-09 19:18:44 -07:00 committed by Tom Rini
parent 7147a7ebd2
commit 51c14cd128
7 changed files with 23 additions and 6 deletions

11
Kconfig
View File

@ -183,6 +183,11 @@ config FIT
verified boot (secure boot using RSA). This option enables that
feature.
config SPL_FIT
bool "Support Flattened Image Tree within SPL"
depends on FIT
depends on SPL
config FIT_VERBOSE
bool "Display verbose messages on FIT boot"
depends on FIT
@ -205,6 +210,12 @@ config FIT_SIGNATURE
format support in this case, enable it using
CONFIG_IMAGE_FORMAT_LEGACY.
config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"
depends on SPL_FIT
depends on SPL_DM
select SPL_RSA
config FIT_BEST_MATCH
bool "Select the best match for the kernel device tree"
depends on FIT

View File

@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD
obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o

View File

@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/
ifdef CONFIG_SPL_BUILD
obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/

View File

@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
.name = "mod_exp_sw",
.id = UCLASS_MOD_EXP,
.ops = &mod_exp_ops_sw,
.flags = DM_FLAG_PRE_RELOC,
};
U_BOOT_DEVICE(mod_exp_sw) = {

View File

@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
obj-$(CONFIG_EFI) += efi/
obj-$(CONFIG_EFI_LOADER) += efi_loader/
obj-$(CONFIG_RSA) += rsa/
obj-$(CONFIG_LZMA) += lzma/
obj-$(CONFIG_LZO) += lzo/
obj-$(CONFIG_ZLIB) += zlib/
@ -25,8 +24,6 @@ obj-y += crc8.o
obj-y += crc16.o
obj-$(CONFIG_ERRNO_STR) += errno_str.o
obj-$(CONFIG_FIT) += fdtdec_common.o
obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
obj-$(CONFIG_GZIP) += gunzip.o
obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o
@ -39,15 +36,17 @@ obj-y += net_utils.o
obj-$(CONFIG_PHYSMEM) += physmem.o
obj-y += qsort.o
obj-y += rc4.o
obj-$(CONFIG_SHA1) += sha1.o
obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
obj-$(CONFIG_SHA256) += sha256.o
obj-$(CONFIG_TPM) += tpm.o
obj-$(CONFIG_RBTREE) += rbtree.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-y += list_sort.o
endif
obj-$(CONFIG_$(SPL_)RSA) += rsa/
obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/
ifdef CONFIG_SPL_OF_CONTROL
obj-$(CONFIG_OF_LIBFDT) += libfdt/

View File

@ -13,6 +13,10 @@ config RSA
option. The software based modular exponentiation is built into
mkimage irrespective of this option.
config SPL_RSA
bool "Use RSA Library within SPL"
depends on RSA
if RSA
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"

View File

@ -7,5 +7,5 @@
# SPDX-License-Identifier: GPL-2.0+
#
obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o