verified-boot: Minimal support for booting U-Boot proper from SPL

This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>

diff --git a/Kconfig b/Kconfig
index 4b462166656074d5979dee513b80c5c1c1deac02..817f4f08a02f0806a0d1d63c04e0e1e6829abf07 100644 (file)
--- a/Kconfig
+++ b/Kconfig
@@ -183,6 +183,11 @@ config FIT
          verified boot (secure boot using RSA). This option enables that
          feature.
 
+config SPL_FIT
+       bool "Support Flattened Image Tree within SPL"
+       depends on FIT
+       depends on SPL
+
 config FIT_VERBOSE
        bool "Display verbose messages on FIT boot"
        depends on FIT
@@ -205,6 +210,12 @@ config FIT_SIGNATURE
          format support in this case, enable it using
          CONFIG_IMAGE_FORMAT_LEGACY.
 
+config SPL_FIT_SIGNATURE
+       bool "Enable signature verification of FIT firmware within SPL"
+       depends on SPL_FIT
+       depends on SPL_DM
+       select SPL_RSA
+
 config FIT_BEST_MATCH
        bool "Select the best match for the kernel device tree"
        depends on FIT

diff --git a/common/Makefile b/common/Makefile
index 1557a044de5710b69c8e03768ec5e29899653ca5..97c59fe499a26beb8f51ec40435de385023597c1 100644 (file)
--- a/common/Makefile
+++ b/common/Makefile
@@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
 endif # !CONFIG_SPL_BUILD
 
 ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
 obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
 obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
 obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o

diff --git a/drivers/Makefile b/drivers/Makefile
index f6295d285ece6a41cf4ae16a8945ade1d51a57a0..db5317c9c7cb07141f7ee750fdcb62b3ec52aa45 100644 (file)
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)      += ram/
 
 ifdef CONFIG_SPL_BUILD
 
+obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
 obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
 obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
 obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/

diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
index dc6c064b4e3f030fb91fe3a684582664a066a2b5..3817fb3e47bf84664e399d6788490d69c902efab 100644 (file)
--- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
+++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
@@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
        .name   = "mod_exp_sw",
        .id     = UCLASS_MOD_EXP,
        .ops    = &mod_exp_ops_sw,
+       .flags  = DM_FLAG_PRE_RELOC,
 };
 
 U_BOOT_DEVICE(mod_exp_sw) = {

diff --git a/lib/Makefile b/lib/Makefile
index f77befe03c24fe35e6509cb9b17636a8c7b3cd2f..f48d90103d2134f841912ff9c82450d6b8707087 100644 (file)
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
 
 obj-$(CONFIG_EFI) += efi/
 obj-$(CONFIG_EFI_LOADER) += efi_loader/
-obj-$(CONFIG_RSA) += rsa/
 obj-$(CONFIG_LZMA) += lzma/
 obj-$(CONFIG_LZO) += lzo/
 obj-$(CONFIG_ZLIB) += zlib/
@@ -25,8 +24,6 @@ obj-y += crc8.o
 obj-y += crc16.o
 obj-$(CONFIG_ERRNO_STR) += errno_str.o
 obj-$(CONFIG_FIT) += fdtdec_common.o
-obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
-obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
 obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
 obj-$(CONFIG_GZIP) += gunzip.o
 obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o
@@ -39,15 +36,17 @@ obj-y += net_utils.o
 obj-$(CONFIG_PHYSMEM) += physmem.o
 obj-y += qsort.o
 obj-y += rc4.o
-obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
-obj-$(CONFIG_SHA256) += sha256.o
 obj-$(CONFIG_TPM) += tpm.o
 obj-$(CONFIG_RBTREE)   += rbtree.o
 obj-$(CONFIG_BITREVERSE) += bitrev.o
 obj-y += list_sort.o
 endif
 
+obj-$(CONFIG_$(SPL_)RSA) += rsa/
+obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
+obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
+
 obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/
 ifdef CONFIG_SPL_OF_CONTROL
 obj-$(CONFIG_OF_LIBFDT) += libfdt/

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 86df0a0dd83b8c60f4995f801d186d58318cc3e9..09ec3582423bc0fc30c37531ade495e06f65fa01 100644 (file)
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -13,6 +13,10 @@ config RSA
          option. The software based modular exponentiation is built into
          mkimage irrespective of this option.
 
+config SPL_RSA
+       bool "Use RSA Library within SPL"
+       depends on RSA
+
 if RSA
 config RSA_SOFTWARE_EXP
        bool "Enable driver for RSA Modular Exponentiation in software"

diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
index 6867e5054c098c20a64b18cecb128cae9b548079..4b2c1bae79bcc543ad1f27a3eaa2d702a77dfeca 100644 (file)
--- a/lib/rsa/Makefile
+++ b/lib/rsa/Makefile
@@ -7,5 +7,5 @@
 # SPDX-License-Identifier:     GPL-2.0+
 #
 
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
+obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
 obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o