|
|
|
1. High Assurance Boot (HAB) for i.MX CPUs
|
|
|
|
------------------------------------------
|
|
|
|
|
|
|
|
To enable the authenticated or encrypted boot mode of U-Boot, it is
|
|
|
|
required to set the proper configuration for the target board. This
|
|
|
|
is done by adding the following configuration in the defconfig file:
|
|
|
|
|
|
|
|
CONFIG_SECURE_BOOT=y
|
|
|
|
|
|
|
|
In addition, the U-Boot image to be programmed into the
|
|
|
|
boot media needs to be properly constructed, i.e. it must contain a
|
|
|
|
proper Command Sequence File (CSF).
|
|
|
|
|
|
|
|
The CSF itself is generated by the i.MX High Assurance Boot Reference
|
|
|
|
Code Signing Tool.
|
|
|
|
https://www.nxp.com/webapp/sps/download/license.jsp?colCode=IMX_CST_TOOL
|
|
|
|
|
|
|
|
More information about the CSF and HAB can be found in the AN4581.
|
|
|
|
https://www.nxp.com/docs/en/application-note/AN4581.pdf
|
|
|
|
|
|
|
|
We don't want to explain how to create a PKI tree or SRK table as
|
|
|
|
this is well explained in the Application Note.
|
|
|
|
|
|
|
|
2. Secure Boot on non-SPL targets
|
|
|
|
---------------------------------
|
|
|
|
|
|
|
|
On non-SPL targets a singe U-Boot binary is generated, mkimage will
|
|
|
|
output additional information about "HAB Blocks" which can be used
|
|
|
|
in the CST to authenticate the U-Boot image (entries in the CSF file).
|
|
|
|
|
|
|
|
Image Type: Freescale IMX Boot Image
|
|
|
|
Image Ver: 2 (i.MX53/6 compatible)
|
|
|
|
Data Size: 327680 Bytes = 320.00 kB = 0.31 MB
|
|
|
|
Load Address: 177ff420
|
|
|
|
Entry Point: 17800000
|
|
|
|
HAB Blocks: 0x177ff400 0x00000000 0x0004dc00
|
|
|
|
^^^^^^^^^^ ^^^^^^^^^^ ^^^^^^^^^^
|
|
|
|
| | |
|
|
|
|
| | ----- (1)
|
|
|
|
| |
|
|
|
|
| ---------------- (2)
|
|
|
|
|
|
|
|
|
--------------------------- (3)
|
|
|
|
|
|
|
|
(1) Size of area in file u-boot-dtb.imx to sign
|
|
|
|
This area should include the IVT, the Boot Data the DCD
|
|
|
|
and U-Boot itself.
|
|
|
|
(2) Start of area in u-boot-dtb.imx to sign
|
|
|
|
(3) Start of area in RAM to authenticate
|
|
|
|
|
|
|
|
CONFIG_SECURE_BOOT currently enables only an additional command
|
|
|
|
'hab_status' in U-Boot to retrieve the HAB status and events. This
|
|
|
|
can be useful while developing and testing HAB.
|
|
|
|
|
|
|
|
Commands to generate a signed U-Boot using i.MX HAB CST tool:
|
|
|
|
# Compile CSF and create signature
|
|
|
|
cst --o csf-u-boot.bin --i command_sequence_uboot.csf
|
|
|
|
# Append compiled CSF to Binary
|
|
|
|
cat u-boot-dtb.imx csf-u-boot.bin > u-boot-signed.imx
|
|
|
|
|
|
|
|
3. Secure Boot on SPL targets
|
|
|
|
-----------------------------
|
|
|
|
|
|
|
|
This version of U-Boot is able to build a signable version of the SPL
|
|
|
|
as well as a signable version of the U-Boot image. The signature can
|
|
|
|
be verified through High Assurance Boot (HAB).
|
|
|
|
|
|
|
|
After building, you need to create a command sequence file and use
|
|
|
|
i.MX HAB Code Signing Tool to sign both binaries. After creation,
|
|
|
|
the mkimage tool outputs the required information about the HAB Blocks
|
|
|
|
parameter for the CSF. During the build, the information is preserved
|
|
|
|
in log files named as the binaries. (SPL.log and u-boot-ivt.log).
|
|
|
|
|
|
|
|
Example Output of the SPL (imximage) creation:
|
|
|
|
Image Type: Freescale IMX Boot Image
|
|
|
|
Image Ver: 2 (i.MX53/6/7 compatible)
|
|
|
|
Mode: DCD
|
|
|
|
Data Size: 61440 Bytes = 60.00 kB = 0.06 MB
|
|
|
|
Load Address: 00907420
|
|
|
|
Entry Point: 00908000
|
|
|
|
HAB Blocks: 0x00907400 0x00000000 0x0000cc00
|
|
|
|
|
|
|
|
Example Output of the u-boot-ivt.img (firmware_ivt) creation:
|
|
|
|
Image Name: U-Boot 2016.11-rc1-31589-g2a4411
|
|
|
|
Created: Sat Nov 5 21:53:28 2016
|
|
|
|
Image Type: ARM U-Boot Firmware with HABv4 IVT (uncompressed)
|
|
|
|
Data Size: 352192 Bytes = 343.94 kB = 0.34 MB
|
|
|
|
Load Address: 17800000
|
|
|
|
Entry Point: 00000000
|
|
|
|
HAB Blocks: 0x177fffc0 0x0000 0x00054020
|
|
|
|
|
|
|
|
# Compile CSF and create signature
|
|
|
|
cst --o csf-u-boot.bin --i command_sequence_uboot.csf
|
|
|
|
cst --o csf-SPL.bin --i command_sequence_spl.csf
|
|
|
|
# Append compiled CSF to Binary
|
|
|
|
cat SPL csf-SPL.bin > SPL-signed
|
|
|
|
cat u-boot-ivt.img csf-u-boot.bin > u-boot-signed.img
|
|
|
|
|
|
|
|
These two signed binaries can be used on an i.MX in closed
|
|
|
|
configuration when the according SRK Table Hash has been flashed.
|
|
|
|
|
|
|
|
4. Setup U-Boot Image for Encrypted Boot
|
|
|
|
----------------------------------------
|
|
|
|
An authenticated U-Boot image is used as starting point for
|
|
|
|
Encrypted Boot. The image is encrypted by i.MX Code Signing
|
|
|
|
Tool (CST). The CST replaces only the image data of
|
|
|
|
u-boot-dtb.imx with the encrypted data. The Initial Vector Table,
|
|
|
|
DCD, and Boot data, remains in plaintext.
|
|
|
|
|
|
|
|
The image data is encrypted with a Encryption Key (DEK).
|
|
|
|
Therefore, this key is needed to decrypt the data during the
|
|
|
|
booting process. The DEK is protected by wrapping it in a Blob,
|
|
|
|
which needs to be appended to the U-Boot image and specified in
|
|
|
|
the CSF file.
|
|
|
|
|
|
|
|
The DEK blob is generated by an authenticated U-Boot image with
|
|
|
|
the dek_blob cmd enabled. The image used for DEK blob generation
|
|
|
|
needs to have the following configurations enabled in Kconfig:
|
|
|
|
|
|
|
|
CONFIG_SECURE_BOOT=y
|
|
|
|
CONFIG_CMD_DEKBLOB=y
|
|
|
|
|
|
|
|
Note: The encrypted boot feature is only supported by HABv4 or
|
|
|
|
greater.
|
|
|
|
|
|
|
|
The dek_blob command then can be used to generate the DEK blob of
|
|
|
|
a DEK previously loaded in memory. The command is used as follows:
|
|
|
|
|
|
|
|
dek_blob <DEK address> <Output Address> <Key Size in Bits>
|
|
|
|
example: dek_blob 0x10800000 0x10801000 192
|
|
|
|
|
|
|
|
The resulting DEK blob then is used to construct the encrypted
|
|
|
|
U-Boot image. Note that the blob needs to be transferred back
|
|
|
|
to the host.Then the following commands are used to construct
|
|
|
|
the final image.
|
|
|
|
|
|
|
|
cat u-boot-dtb.imx csf-u-boot.bin > u-boot-signed.imx
|
|
|
|
objcopy -I binary -O binary --pad-to <blob_dst> --gap-fill=0x00 \
|
|
|
|
u-boot-signed.imx u-boot-signed-pad.bin
|
|
|
|
cat u-boot-signed-pad.imx DEK_blob.bin > u-boot-encrypted.imx
|
|
|
|
|
|
|
|
NOTE: u-boot-signed.bin needs to be padded to the value
|
|
|
|
equivalent to the address in which the DEK blob is specified
|
|
|
|
in the CSF.
|