diff options
author | Ahmad Fatoum <a.fatoum@pengutronix.de> | 2022-08-18 07:04:46 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2022-08-22 10:52:19 +0200 |
commit | 867681db2efe997d3f5c3b1ba1bebb366a336110 (patch) | |
tree | 6fb10dc8025c623952746d02142a75042ac92d44 /firmware | |
parent | 4794b2ccced53efaf2dc8d0fc1c70e71431d4daa (diff) | |
download | barebox-867681db2efe997d3f5c3b1ba1bebb366a336110.tar.gz barebox-867681db2efe997d3f5c3b1ba1bebb366a336110.tar.xz |
firmware: add external firmware PBL support
Normally, barebox embds firmware into the binary referencing it, which
means that device tree blobs, RAM training code and e.g. TF-A for i.MX8M
end up in the prebootloader, while, e.g. Freescale FMan microcode ends
up in barebox proper. The only exception so far was barebox proper:
When only the PBL fits in on-chip SRAM, barebox proper is chainloaded
from the boot medium. To avoid TOCTOU attack, it's read fully into DRAM
after setup and then a SHA256 is calculated and compared against the
hash embedded in barebox PBL, which in a secure boot system would be
trusted by virtue of the PBL as a whole being verified beforehand by
the BootROM.
Reuse this mechanism to support arbitrary firmware, which is now termed
external firmware. Such firmware is placed beyond the piggydata (barebox
proper) and only offset and hash are included in the prebootloader
image. The new get_builtin_firmware_ext() is used to retrieve this
external firmware after integrity verification with SHA256.
This enables referencing firmware blobs from PBL that would bloat the
size of the PBL beyond what can fit into on-chip SRAM, e.g. very big
OP-TEE binaries. As users of get_builtin_firmware() didn't have to worry
about TOCTOU so far, we panic when a firmware verification fails to
ensure that we never load an OP-TEE that has been modified in-transit
We can't include the OP-TEE binary in barebox proper, because we need
to install it in EL3, but barebox proper on the i.MX8M runs as BL33
in a lower exception level.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220818050447.2072932-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/Makefile | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/firmware/Makefile b/firmware/Makefile index 87bd033f6e..f6ff5b831b 100644 --- a/firmware/Makefile +++ b/firmware/Makefile @@ -30,16 +30,17 @@ firmware-$(CONFIG_FIRMWARE_CCBV2_OPTEE) += ccbv2_optee.bin # leading /, it's relative to $(srctree). fwdir := $(subst $(quote),,$(CONFIG_EXTRA_FIRMWARE_DIR)) fwdir := $(addprefix $(srctree)/,$(filter-out /%,$(fwdir)))$(filter /%,$(fwdir)) +fwobjdir := $(objtree)/firmware obj-pbl-y := $(addsuffix .gen.o, $(firmware-y)) -FWNAME = $(patsubst $(obj)/%.gen.S,%,$@) +FWNAME = $(patsubst $(obj)/%.extgen.S,%,$(patsubst $(obj)/%.gen.S,%,$@)) FWSTR = $(subst /,_,$(subst .,_,$(subst -,_,$(FWNAME)))) ASM_ALIGN = $(if $(CONFIG_64BIT),3,2) filechk_fwbin = { \ echo "/* Generated by $(src)/Makefile */" ;\ - echo " .section .rodata.$(FWSTR)" ;\ + echo " .section $2,\"$3\"" ;\ echo " .p2align $(ASM_ALIGN)" ;\ echo ".global _fw_$(FWSTR)_start" ;\ echo "_fw_$(FWSTR)_start:" ;\ @@ -48,19 +49,48 @@ filechk_fwbin = { \ echo "_fw_$(FWSTR)_end:" ;\ } +__fwbin_sha = { \ + echo " .section .rodata.$(FWSTR).sha" ;\ + echo " .p2align $(ASM_ALIGN)" ;\ + echo ".global _fw_$(FWSTR)_sha_start" ;\ + echo "_fw_$(FWSTR)_sha_start:" ;\ + echo " .incbin \"$(fwobjdir)/$(FWNAME).sha.bin\"" ;\ + echo ".global _fw_$(FWSTR)_sha_end" ;\ + echo "_fw_$(FWSTR)_sha_end:" ;\ +} + +filechk_fwbin_ext = { \ + $(filechk_fwbin) ;\ + $(__fwbin_sha) ;\ +} + $(obj)/%.gen.S: FORCE - $(call filechk,fwbin) + $(call filechk,fwbin,.rodata.$(FWSTR),) + +$(obj)/%.extgen.S: $(obj)/%.sha.bin FORCE + $(call filechk,fwbin_ext,.pblext.$(FWSTR),a) + +$(obj)/%.sha.bin: $(obj)/%.sum FORCE + $(call if_changed,sha256bin) + +$(obj)/%.sum: $(obj)/% FORCE + $(call if_changed,sha256sum) + +clean-files += *.sha.bin *.sum # The .o files depend on the binaries directly; the .S files don't. $(patsubst %,$(obj)/%.gen.o, $(obj-pbl-y)): $(obj)/%.gen.o: $(fwdir)/% # The same for pbl: $(patsubst %,$(obj)/%.gen.pbl.o, $(obj-pbl-y)): $(obj)/%.gen.pbl.o: $(fwdir)/% +$(patsubst %,$(obj)/%.extgen.pbl.o, $(pbl-y)): $(obj)/%.extgen.pbl.o: $(fwdir)/% -obj-pbl-y += $(patsubst %,%.gen.o, $(fw-external-y)) +pbl-y := $(addsuffix .extgen.o, $(fw-external-y)) targets := $(patsubst $(obj)/%,%, \ $(shell find $(obj) -name \*.gen.S 2>/dev/null)) +targets += $(patsubst $(obj)/%,%, \ + $(shell find $(obj) -name \*.extgen.S 2>/dev/null)) # just to build a built-in.o. Otherwise compilation fails when no # firmware is built. |