Stefano Babic | 4aa9749 | 2013-06-27 11:42:38 +0200 | [diff] [blame] | 1 | High Assurance Boot (HAB) for i.MX6 CPUs |
| 2 | |
Ulises Cardenas | 7e56f50 | 2015-04-20 13:47:58 -0500 | [diff] [blame^] | 3 | To enable the authenticated or encrypted boot mode of U-Boot, it is |
| 4 | required to set the proper configuration for the target board. This |
| 5 | is done by adding the following configuration in in the proper config |
| 6 | file (e.g. include/configs/mx6qarm2.h) |
| 7 | |
| 8 | #define CONFIG_SECURE_BOOT |
| 9 | |
| 10 | In addition, the U-Boot image to be programmed into the |
Stefano Babic | 4aa9749 | 2013-06-27 11:42:38 +0200 | [diff] [blame] | 11 | boot media needs to be properly constructed, i.e. it must contain a |
| 12 | proper Command Sequence File (CSF). |
| 13 | |
| 14 | The Initial Vector Table contains a pointer to the CSF. Please see |
| 15 | doc/README.imximage for how to prepare u-boot.imx. |
| 16 | |
| 17 | The CSF itself is being generated by Freescale HAB tools. |
| 18 | |
| 19 | mkimage will output additional information about "HAB Blocks" |
| 20 | which can be used in the Freescale tooling to authenticate U-Boot |
| 21 | (entries in the CSF file). |
| 22 | |
| 23 | Image Type: Freescale IMX Boot Image |
| 24 | Image Ver: 2 (i.MX53/6 compatible) |
| 25 | Data Size: 327680 Bytes = 320.00 kB = 0.31 MB |
| 26 | Load Address: 177ff420 |
| 27 | Entry Point: 17800000 |
| 28 | HAB Blocks: 177ff400 00000000 0004dc00 |
Wolfgang Denk | ec7fbf5 | 2013-10-04 17:43:24 +0200 | [diff] [blame] | 29 | ^^^^^^^^ ^^^^^^^^ ^^^^^^^^ |
Stefano Babic | 4aa9749 | 2013-06-27 11:42:38 +0200 | [diff] [blame] | 30 | | | | |
| 31 | | | -------- (1) |
| 32 | | | |
| 33 | | ------------------- (2) |
| 34 | | |
| 35 | --------------------------- (3) |
| 36 | |
| 37 | (1) Size of area in file u-boot.imx to sign |
| 38 | This area should include the IVT, the Boot Data the DCD |
| 39 | and U-Boot itself. |
| 40 | (2) Start of area in u-boot.imx to sign |
| 41 | (3) Start of area in RAM to authenticate |
| 42 | |
| 43 | CONFIG_SECURE_BOOT currently enables only an additional command |
| 44 | 'hab_status' in U-Boot to retrieve the HAB status and events. This |
| 45 | can be useful while developing and testing HAB. |
| 46 | |
| 47 | Commands to generate a signed U-Boot using Freescale HAB tools: |
| 48 | cst --o U-Boot_CSF.bin < U-Boot.CSF |
| 49 | objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0x00 \ |
| 50 | U-Boot_CSF.bin U-Boot_CSF_pad.bin |
| 51 | cat u-boot.imx U-Boot_CSF_pad.bin > u-boot-signed.imx |
| 52 | |
| 53 | NOTE: U-Boot_CSF.bin needs to be padded to the value specified in |
| 54 | the imximage.cfg file. |
Raul Cardenas | b5a36d8 | 2015-02-27 11:22:06 -0600 | [diff] [blame] | 55 | |
| 56 | Setup U-Boot Image for Encrypted Boot |
| 57 | ------------------------------------- |
| 58 | An authenticated U-Boot image is used as starting point for |
| 59 | Encrypted Boot. The image is encrypted by Freescale's Code |
| 60 | Signing Tool (CST). The CST replaces only the image data of |
| 61 | u-boot.imx with the encrypted data. The Initial Vector Table, |
| 62 | DCD, and Boot data, remains in plaintext. |
| 63 | |
| 64 | The image data is encrypted with a Encryption Key (DEK). |
| 65 | Therefore, this key is needed to decrypt the data during the |
| 66 | booting process. The DEK is protected by wrapping it in a Blob, |
| 67 | which needs to be appended to the U-Boot image and specified in |
| 68 | the CSF file. |
| 69 | |
| 70 | The DEK blob is generated by an authenticated U-Boot image with |
| 71 | the dek_blob cmd enabled. The image used for DEK blob generation |
| 72 | needs to have the following configurations enabled: |
| 73 | |
| 74 | CONFIG_SECURE_BOOT |
| 75 | CONFIG_SYS_FSL_SEC_COMPAT 4 /* HAB version */ |
| 76 | CONFIG_FSL_CAAM |
| 77 | CONFIG_CMD_DEKBLOB |
Ulises Cardenas | 7e56f50 | 2015-04-20 13:47:58 -0500 | [diff] [blame^] | 78 | CONFIG_SYS_FSL_SEC_LE |
Raul Cardenas | b5a36d8 | 2015-02-27 11:22:06 -0600 | [diff] [blame] | 79 | |
| 80 | Note: The encrypted boot feature is only supported by HABv4 or |
| 81 | greater. |
| 82 | |
| 83 | The dek_blob command then can be used to generate the DEK blob of |
| 84 | a DEK previously loaded in memory. The command is used as follows: |
| 85 | |
| 86 | dek_blob <DEK address> <Output Address> <Key Size in Bits> |
| 87 | example: dek_blob 0x10800000 0x10801000 192 |
| 88 | |
| 89 | The resulting DEK blob then is used to construct the encrypted |
| 90 | U-Boot image. Note that the blob needs to be transferred back |
| 91 | to the host.Then the following commands are used to construct |
| 92 | the final image. |
| 93 | |
| 94 | objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0x00 \ |
| 95 | U-Boot_CSF.bin U-Boot_CSF_pad.bin |
| 96 | cat u-boot.imx U-Boot_CSF_pad.bin > u-boot-signed.imx |
| 97 | objcopy -I binary -O binary --pad-to <blob_dst> --gap-fill=0x00 \ |
| 98 | u-boot-signed.imx u-boot-signed-pad.bin |
| 99 | cat u-boot-signed-pad.imx DEK_blob.bin > u-boot-encrypted.imx |
| 100 | |
| 101 | NOTE: u-boot-signed.bin needs to be padded to the value |
| 102 | equivalent to the address in which the DEK blob is specified |
| 103 | in the CSF. |