On K3 SoCs only a small barebox is loaded by the ROM into SRAM. This
barebox then loads the full barebox from SD/eMMC or USB DFU. In a secure
boot environment the full barebox must be authenticated. This series
implements two ways for accomplishing this.
First way is to utilize the ROM API to authenticate images. The other
way is to compile a secure hash into the first stage binary and check
if the full barebox image matches the hash. Using the ROM API means
different first stage and second stage images can be combined whereas
hashing binds specific builds together avoiding mix and match attacks.
Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
Sascha Hauer (13):
firmware: always generate sha256sum
firmware: add function to verify next image
ARM: k3: r5: drop loading of separate binaries
ARM: k3: r5: add proper error handling
fip: rework fip_image_open()
fip: fix wrong function call
fip: add function to calculate a sha256 over FIP image
ARM: am625: support hash verification of full barebox
ARM: k3: add support for authenticating images against the ROM API
ARM: k3: r5: delete fip image when it can't be opened
ARM: k3: r5: Allow to authenticate next image by ROM API
scripts/k3img: remove temporary files
scripts: add k3sign
arch/arm/mach-k3/Kconfig | 15 ++++
arch/arm/mach-k3/common.c | 99 ++++++++++++++++++++++
arch/arm/mach-k3/r5.c | 206 +++++++++++++++++++++++++---------------------
firmware/Kconfig | 23 ++++++
firmware/Makefile | 8 +-
include/fiptool.h | 3 +
include/firmware.h | 28 +++++++
include/mach/k3/common.h | 1 +
lib/fip.c | 101 ++++++++++++++---------
scripts/k3img | 9 +-
scripts/k3sign | 126 ++++++++++++++++++++++++++++
11 files changed, 478 insertions(+), 141 deletions(-)
---
base-commit: 748ba0627681797b01a94be1b3f879ed2e52a361
change-id: 20250228-am625-secure-49301f641738
Best regards,
--
Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
