Skip to content

Commit

Permalink
soc: arm: npcm4xx: add secure boot config
Browse files Browse the repository at this point in the history 
add secure boot config.

after enable secure boot, default support backup/recovery image.

Signed-off-by: James Chiang <[email protected]>
  • Loading branch information
James Chiang committed Jul 12, 2024
1 parent 5b8d464 commit c4e6e77
Show file tree
Hide file tree
Showing 10 changed files with 603 additions and 409 deletions.
27 changes: 27 additions & 0 deletions soc/arm/npcm4xx/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,40 @@ add_subdirectory(${SOC_SERIES})
zephyr_include_directories(.)

# ImageGenerator
if (DEFINED CONFIG_SECURE_BOOT_ENABLE_NPCM4XX)
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
COMMAND cp ${PROJECT_BINARY_DIR}/${CONFIG_KERNEL_BIN_NAME}.bin ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config.xml ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@inputfile/${CONFIG_KERNEL_BIN_NAME}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@gen_otp/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@recover_image_offset/${CONFIG_BACKUP_IMAGE_OFFSET_NPCM4XX}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_boot/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_level/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_used/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_sel/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@not_do_backup/${CONFIG_DONT_UPDATE_BACKUP_IMAGE_NPCM4XX}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND ${PYTHON_EXECUTABLE} ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/ImageGenerator.py /g ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin ${PROJECT_BINARY_DIR}
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input/*.bin
)
else ()
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
COMMAND cp ${PROJECT_BINARY_DIR}/${CONFIG_KERNEL_BIN_NAME}.bin ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config.xml ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@inputfile/${CONFIG_KERNEL_BIN_NAME}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@gen_otp/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@recover_image_offset/0x40/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_boot/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_level/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_used/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_sel/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@not_do_backup/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND ${PYTHON_EXECUTABLE} ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/ImageGenerator.py /g ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin ${PROJECT_BINARY_DIR}
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input/*.bin
)
endif()
6 changes: 3 additions & 3 deletions soc/arm/npcm4xx/common/ImageGenerator/FunctionDefine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,9 +279,9 @@ def ClearTmpFiles():
DeleteFile('RAMCodeBBCombine')

# os.chdir(Util.Path_Key)
# DeleteFile(Util.sAESPubKeyName)
# DeleteFile('FileTemp2')
# DeleteFile('FileTemp3')
DeleteFile(Util.sAESPubKeyName)
DeleteFile('FileTemp2')
DeleteFile('FileTemp3')
# DeleteFile('oOtpRegion0Digest')
# DeleteFile('_SS')
# os._exit(0)
Expand Down
650 changes: 350 additions & 300 deletions soc/arm/npcm4xx/common/ImageGenerator/ImageGenerator.py
View file

Large diffs are not rendered by default.

Binary file added soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pri.der
View file
Binary file not shown.
39 changes: 39 additions & 0 deletions soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pri.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEApRmjyg+ftgDiRlmsrjd+rSreojY1yTBfoSn7Pp2QXYaijTQG
OpD86zRFMYrWu5NAaBJWOhhDc/PoGyGWW6dJ5m5Gql5IxJv0s9+479npy4QZNj4e
t65sTMmYXxfO8A1d7nWO2G8/B/3s+NDNrGJhw36QCc05X8pyguYGvC3Ro8GbO8os
F7bHn1NG4ixPhckzaxVfX2uocWO2lXmFiqniQqs6oc/RZEzjnjhBwuJ0yE5uXj+1
rSR1mjJwol6oFzgNIRaYK976GX8zE+lWW+xNo7cGXR66IWK3lxSbQjfhdluBl5Ew
1t484HGGPZX+SfJKJ8xlHbzL0FQzTiinIzvJWtcXSbe7vng/LONY7KYs5L1iPSzV
ZIXgUAdArUMhd8e1boGhYniECP4jnNi/BhhGiLxXV87Iz2K4qBX0kUYW2rdf+Cpt
xPnOHkaOpjqN5u6PKC0l8Ja5r5IAgbpYeu9N1/S46kA6X0X9SAuKaSO8CDzU8KEr
UiIFhIqwjXXEqndjAgMBAAECggGBAJkZRqZoiJz5Attj6tp/QawJVfysMoJHplZI
HOD6sdXYtMImHSSQMMlXZlbDvc6hhRc88dLbjylmY7VNFyYU4lWZq1PvLKGNUYS/
kLpyo/gCnnKLdma0i19FjlOYO2CltJYdU4Jm3tdlZCtzTVZuwOPNaHp+YZbvn/K8
pkA4aO/m6DGwj+TJrSGU0uWHW5Lfehvx7MgKiF/lrHm9/9UPJm7WY/+LPEw7dNPS
rUCwSMU63ePuRmWxqpB797DKACvP3/cZbQ4FV2KHxNpEzXeDv4QXHHeKBbs645sN
li0gBL6xGCz2WiLT8g09b7HhbqqX7rwVrhnSqdkQ1zvA/QTToP6EZ/ROzr4yyhmM
uju9RxJ8SATkhc7O7liIJu0C4pWrjlbJiTVnqI4w1da8Kb0AmemB6NvZ7obr0nzI
9cKN4uAA5Vv7KNunhZkZLqDzIdj/PyZsMg8CSX5irYhUvGMvz4bC4ENhe/M3Kf1I
t3VxlAXIGkNnaf4O4WXhZIq1K1JPuQKBwQDY6zlFucdkAAlc75EzlyCzcllTbwcW
ROhdXpTrvdrl+vrWmBLMRoT8pcNJdyrjY+OsVhlgPjWOwIQMmxgbVwTi++kpL3Ot
5xfLyfLFjEFpejoq8UOcTcGONvWvhMr05VZYjTH8HuxYh0WAwvu1sWNsVt9NRTQf
A4nMv+UOmYORCuz4RKhP73bCFvbLHCqKGncoGuzEHleQSFrXQbd5yhvrEkaFlxxE
OYBHgbTaH+t5saHdaOyCFUW5QAUnAb9dF2cCgcEAwthselcIgnz4jCh5XviHJ/hp
j5irSHrjJWb6aNVeKGP37ZNyT0NG8Sn+PeMq4jEZOyZRid9fUsxpZBXTlYud9kkN
6oSNpjbhgtQfdEDcK6EzS+knuaZOsCC+WvxXh0B+QYyol34K5iU9WpNvAJNXR6q3
B7dL3q+GPHa3ja2rM7g2gYGwjUXQpSDypSnCHIwCtlPXjxkM6CR5G2ztlg+lRnN4
nSQ5N8kHtL3ldJ/Dmigj/hiMs79LPxuzFDhSj06lAoHAAljBHNz+qDlL4KKC2qEG
7IoPJ1TrKbWDIgd06vv500Uc05d/lJAqviT48OGGKEGbY/Dmg2EI6Utx4kUHRLxz
RBVfl195C+eVHVJI+xQiXQbCfFZx2c4JiwVTMRvpqi6U+Y5FfSnEesyz1snFOVj6
72AdOFPIVZGPOxTUYI0OnFIW8DSl8X9wtHbVIqtiVm4k3d00tIZzgg8WVH/UgU/L
b4aaFrXky2Qn3B4uG7H+tSlTy/ZnoJykTXXA2IQvUs1/AoHABT3TNTtQJEp+WS7h
jPd8k0uwc0d1HB8KK0Bo7hcHUGjYC5ES2yUBLI2npDyPM8SEXD38pYvXwZ90Glgn
9/boie6PLEbilJ0XVfCk4/i2s4nDmoAsLGdX6I8I7+On6yCGBPdmtaSTYHuR+fTL
YKWWDHyALfn1VYk9QDUlXO9WEq8a8ELv3+0H3tlTDbRg32m4zPTWcKgI29nXVDCK
96V2Gb4TeY6251RGG8ub95Ywqd34keZRKqizun/hQmL9fZNtAoHBAJtUojd8Vdqd
I2yaWi5IHRTJ6Ffw0A7dJjSL/DnHx++MV75y29+9BHm5uo3zmuXi8vlkGpMv6iVB
7KY6jm0Omb/ugh2ltmr8CDE5q38gJ4lGZemP4Ie+i3/Q1uzwo6ESJ5/xugsBn7dz
vLqgcPW+USRX9i1E9b/tcsVucn2vpwNtI4uw82uhF3WjjQeBwVRwK0sYu5MH7HyN
T7t1SlD02x5X9Uf4po73aMU5RtAwYC8EgZ+TH8CkI+MhDX+ErWoJ3A==
-----END RSA PRIVATE KEY-----
Binary file added soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pub.der
View file
Binary file not shown.
11 changes: 11 additions & 0 deletions soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pub.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApRmjyg+ftgDiRlmsrjd+
rSreojY1yTBfoSn7Pp2QXYaijTQGOpD86zRFMYrWu5NAaBJWOhhDc/PoGyGWW6dJ
5m5Gql5IxJv0s9+479npy4QZNj4et65sTMmYXxfO8A1d7nWO2G8/B/3s+NDNrGJh
w36QCc05X8pyguYGvC3Ro8GbO8osF7bHn1NG4ixPhckzaxVfX2uocWO2lXmFiqni
Qqs6oc/RZEzjnjhBwuJ0yE5uXj+1rSR1mjJwol6oFzgNIRaYK976GX8zE+lWW+xN
o7cGXR66IWK3lxSbQjfhdluBl5Ew1t484HGGPZX+SfJKJ8xlHbzL0FQzTiinIzvJ
WtcXSbe7vng/LONY7KYs5L1iPSzVZIXgUAdArUMhd8e1boGhYniECP4jnNi/BhhG
iLxXV87Iz2K4qBX0kUYW2rdf+CptxPnOHkaOpjqN5u6PKC0l8Ja5r5IAgbpYeu9N
1/S46kA6X0X9SAuKaSO8CDzU8KErUiIFhIqwjXXEqndjAgMBAAE=
-----END PUBLIC KEY-----
53 changes: 49 additions & 4 deletions soc/arm/npcm4xx/common/ImageGenerator/Xml/_NTC_config.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,69 @@

<Description>
<Config>
<GenOTP>@gen_otp</GenOTP>
<CryptoSelect>0</CryptoSelect>
<ToolPath></ToolPath>
</Config>

<Crypto>
<OpenSSL>
<EcFwSigKey>RSA3072key_pri.pem</EcFwSigKey>
<EcFwSigKey_Idx>0</EcFwSigKey_Idx>
<EcFwPubKey0>RSA3072key_pub.der</EcFwPubKey0>
</OpenSSL>
</Crypto>

<FileName>
<FirmwareImage>@inputfile.bin</FirmwareImage>
<OutputFWName>@inputfile_signed.bin</OutputFWName>
</FileName>

<FWImageHeader>
<hImageTag>%FiMg94@</hImageTag>
<hActiveECFwOffset>0x00</hActiveECFwOffset> <!-- Unit: MCP size / 256 -->
<hSystemECFWOffset>0x00</hSystemECFWOffset> <!-- Unit: byte, align 4K -->
<hEcFwRegionSize>0x20</hEcFwRegionSize> <!-- Unit: MCP size / 256 , 0: Full -->
<hMajorVer>0x00</hMajorVer> <!-- ranging from 0 ~ 56 -->
<hActiveECFwOffset>0x00</hActiveECFwOffset> <!-- Unit: MCP size / 256 -->
<hRecoveryEcFwOffset>@recover_image_offset</hRecoveryEcFwOffset> <!-- Unit: MCP size / 256 -->
<hSystemECFWOffset>0x00</hSystemECFWOffset> <!-- Unit: byte, align 4K -->
<hEcFwRegionSize>@recover_image_offset</hEcFwRegionSize> <!-- Unit: MCP size / 256 , 0: Full -->

<hSecureBoot>@secure_boot</hSecureBoot> <!-- Effective when secure mode is not enabled -->
<hSecurityLvl>@secure_level</hSecurityLvl> <!-- Effective when secure mode is not enabled -->
<hOTPRefToTable>1</hOTPRefToTable> <!-- Effective when secure mode is not enabled -->
<hHwTrimRefOTPTable>0</hHwTrimRefOTPTable> <!-- Effective when secure mode is not enabled -->
<hNotUpdateOTPRegister>1</hNotUpdateOTPRegister> <!-- Effective when secure mode is not enabled -->
<hNotEraseOTPTable>1</hNotEraseOTPTable>
<hOTPRefToSrcTable>1</hOTPRefToSrcTable>
<hNotDoBackup>@not_do_backup</hNotDoBackup>

<hMajorVer>0x00</hMajorVer> <!-- ranging from 0 ~ 56 -->
<hMinorVer>0x0000</hMinorVer>
<hOEMversion>00000000</hOEMversion>
<hReleaseDate>0x000000</hReleaseDate>
<hProjectID>0x0000</hProjectID>
</FWImageHeader>

<OTPImageHeader>
<hOtpImgTag>%OtPmAp@</hOtpImgTag>
</OTPImageHeader>

<OTPbitmap>
<oFlashConnection>0</oFlashConnection> <!-- 0: MCP/MCP, 1:MCP/FIU, 2:FIU/FIU, 3: FIU/MCP-->
<oStrapMode1>0</oStrapMode1>
<oStrapMode2>0</oStrapMode2>
<oNotTrySysIfFIUShd>0</oNotTrySysIfFIUShd>
<oNotTrySysIfFIUPvt>0</oNotTrySysIfFIUPvt>
<oNotTrySysIfFIUBkp>0</oNotTrySysIfFIUBkp>
<oNotTryMafAndAMD>0</oNotTryMafAndAMD>
<oNotTrySysIfSPI1>0</oNotTrySysIfSPI1>
<oSecureBoot>@secure_boot</oSecureBoot>
<oSecurityLvl>@secure_level</oSecurityLvl>
<oRSAPubKeySts>0x01</oRSAPubKeySts> <!-- bit n: RSA key index n exist, n < 5 -->
<oSHA512Used>0</oSHA512Used> <!-- 0: Use SHA256, 1: Use SHA512 -->
<oLongKeyUsed>@longkey_used</oLongKeyUsed> <!-- 0: Use RSA2048/EC256, 1: Use RSA3072/RSA4096/EC384/EC521 -->
<oLongKeySel>@longkey_sel</oLongKeySel> <!-- 0: Use RSA4096, 1: Use RSA3072 -->
<oHaltIfMafRollbk>0</oHaltIfMafRollbk>
<oHaltIfActiveRollbk>0</oHaltIfActiveRollbk>
<oHaltIfOnlyMafValid>0</oHaltIfOnlyMafValid>
<oTryBootIfAllCrashed>0</oTryBootIfAllCrashed>
</OTPbitmap>
</Description>
Loading

0 comments on commit c4e6e77

Please sign in to comment.