Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

soc: arm: npcm4xx: add secure boot config #120

Merged
merged 1 commit into from
Jul 12, 2024
Merged

soc: arm: npcm4xx: add secure boot config #120

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions soc/arm/npcm4xx/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,40 @@ add_subdirectory(${SOC_SERIES})
zephyr_include_directories(.)

# ImageGenerator
if (DEFINED CONFIG_SECURE_BOOT_ENABLE_NPCM4XX)
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
COMMAND cp ${PROJECT_BINARY_DIR}/${CONFIG_KERNEL_BIN_NAME}.bin ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config.xml ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@inputfile/${CONFIG_KERNEL_BIN_NAME}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@gen_otp/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@recover_image_offset/${CONFIG_BACKUP_IMAGE_OFFSET_NPCM4XX}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_boot/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_level/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_used/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_sel/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@not_do_backup/${CONFIG_DONT_UPDATE_BACKUP_IMAGE_NPCM4XX}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND ${PYTHON_EXECUTABLE} ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/ImageGenerator.py /g ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin ${PROJECT_BINARY_DIR}
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input/*.bin
)
else ()
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
COMMAND cp ${PROJECT_BINARY_DIR}/${CONFIG_KERNEL_BIN_NAME}.bin ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config.xml ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@inputfile/${CONFIG_KERNEL_BIN_NAME}/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@gen_otp/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@recover_image_offset/0x40/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_boot/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@secure_level/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_used/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@longkey_sel/0/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND sed -i 's/@not_do_backup/1/g' ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND ${PYTHON_EXECUTABLE} ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/ImageGenerator.py /g ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND cp ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin ${PROJECT_BINARY_DIR}
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Xml/_NTC_config_t.xml
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Output/*.bin
COMMAND rm -rf ${SOC_DIR}/${ARCH}/${SOC_FAMILY}/common/ImageGenerator/Input/*.bin
)
endif()
6 changes: 3 additions & 3 deletions soc/arm/npcm4xx/common/ImageGenerator/FunctionDefine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,9 +279,9 @@ def ClearTmpFiles():
DeleteFile('RAMCodeBBCombine')

# os.chdir(Util.Path_Key)
# DeleteFile(Util.sAESPubKeyName)
# DeleteFile('FileTemp2')
# DeleteFile('FileTemp3')
DeleteFile(Util.sAESPubKeyName)
DeleteFile('FileTemp2')
DeleteFile('FileTemp3')
# DeleteFile('oOtpRegion0Digest')
# DeleteFile('_SS')
# os._exit(0)
Expand Down
650 changes: 350 additions & 300 deletions soc/arm/npcm4xx/common/ImageGenerator/ImageGenerator.py
View file
Open in desktop

Large diffs are not rendered by default.

Binary file added soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pri.der
View file
Open in desktop
Binary file not shown.
39 changes: 39 additions & 0 deletions soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pri.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEApRmjyg+ftgDiRlmsrjd+rSreojY1yTBfoSn7Pp2QXYaijTQG
OpD86zRFMYrWu5NAaBJWOhhDc/PoGyGWW6dJ5m5Gql5IxJv0s9+479npy4QZNj4e
t65sTMmYXxfO8A1d7nWO2G8/B/3s+NDNrGJhw36QCc05X8pyguYGvC3Ro8GbO8os
F7bHn1NG4ixPhckzaxVfX2uocWO2lXmFiqniQqs6oc/RZEzjnjhBwuJ0yE5uXj+1
rSR1mjJwol6oFzgNIRaYK976GX8zE+lWW+xNo7cGXR66IWK3lxSbQjfhdluBl5Ew
1t484HGGPZX+SfJKJ8xlHbzL0FQzTiinIzvJWtcXSbe7vng/LONY7KYs5L1iPSzV
ZIXgUAdArUMhd8e1boGhYniECP4jnNi/BhhGiLxXV87Iz2K4qBX0kUYW2rdf+Cpt
xPnOHkaOpjqN5u6PKC0l8Ja5r5IAgbpYeu9N1/S46kA6X0X9SAuKaSO8CDzU8KEr
UiIFhIqwjXXEqndjAgMBAAECggGBAJkZRqZoiJz5Attj6tp/QawJVfysMoJHplZI
HOD6sdXYtMImHSSQMMlXZlbDvc6hhRc88dLbjylmY7VNFyYU4lWZq1PvLKGNUYS/
kLpyo/gCnnKLdma0i19FjlOYO2CltJYdU4Jm3tdlZCtzTVZuwOPNaHp+YZbvn/K8
pkA4aO/m6DGwj+TJrSGU0uWHW5Lfehvx7MgKiF/lrHm9/9UPJm7WY/+LPEw7dNPS
rUCwSMU63ePuRmWxqpB797DKACvP3/cZbQ4FV2KHxNpEzXeDv4QXHHeKBbs645sN
li0gBL6xGCz2WiLT8g09b7HhbqqX7rwVrhnSqdkQ1zvA/QTToP6EZ/ROzr4yyhmM
uju9RxJ8SATkhc7O7liIJu0C4pWrjlbJiTVnqI4w1da8Kb0AmemB6NvZ7obr0nzI
9cKN4uAA5Vv7KNunhZkZLqDzIdj/PyZsMg8CSX5irYhUvGMvz4bC4ENhe/M3Kf1I
t3VxlAXIGkNnaf4O4WXhZIq1K1JPuQKBwQDY6zlFucdkAAlc75EzlyCzcllTbwcW
ROhdXpTrvdrl+vrWmBLMRoT8pcNJdyrjY+OsVhlgPjWOwIQMmxgbVwTi++kpL3Ot
5xfLyfLFjEFpejoq8UOcTcGONvWvhMr05VZYjTH8HuxYh0WAwvu1sWNsVt9NRTQf
A4nMv+UOmYORCuz4RKhP73bCFvbLHCqKGncoGuzEHleQSFrXQbd5yhvrEkaFlxxE
OYBHgbTaH+t5saHdaOyCFUW5QAUnAb9dF2cCgcEAwthselcIgnz4jCh5XviHJ/hp
j5irSHrjJWb6aNVeKGP37ZNyT0NG8Sn+PeMq4jEZOyZRid9fUsxpZBXTlYud9kkN
6oSNpjbhgtQfdEDcK6EzS+knuaZOsCC+WvxXh0B+QYyol34K5iU9WpNvAJNXR6q3
B7dL3q+GPHa3ja2rM7g2gYGwjUXQpSDypSnCHIwCtlPXjxkM6CR5G2ztlg+lRnN4
nSQ5N8kHtL3ldJ/Dmigj/hiMs79LPxuzFDhSj06lAoHAAljBHNz+qDlL4KKC2qEG
7IoPJ1TrKbWDIgd06vv500Uc05d/lJAqviT48OGGKEGbY/Dmg2EI6Utx4kUHRLxz
RBVfl195C+eVHVJI+xQiXQbCfFZx2c4JiwVTMRvpqi6U+Y5FfSnEesyz1snFOVj6
72AdOFPIVZGPOxTUYI0OnFIW8DSl8X9wtHbVIqtiVm4k3d00tIZzgg8WVH/UgU/L
b4aaFrXky2Qn3B4uG7H+tSlTy/ZnoJykTXXA2IQvUs1/AoHABT3TNTtQJEp+WS7h
jPd8k0uwc0d1HB8KK0Bo7hcHUGjYC5ES2yUBLI2npDyPM8SEXD38pYvXwZ90Glgn
9/boie6PLEbilJ0XVfCk4/i2s4nDmoAsLGdX6I8I7+On6yCGBPdmtaSTYHuR+fTL
YKWWDHyALfn1VYk9QDUlXO9WEq8a8ELv3+0H3tlTDbRg32m4zPTWcKgI29nXVDCK
96V2Gb4TeY6251RGG8ub95Ywqd34keZRKqizun/hQmL9fZNtAoHBAJtUojd8Vdqd
I2yaWi5IHRTJ6Ffw0A7dJjSL/DnHx++MV75y29+9BHm5uo3zmuXi8vlkGpMv6iVB
7KY6jm0Omb/ugh2ltmr8CDE5q38gJ4lGZemP4Ie+i3/Q1uzwo6ESJ5/xugsBn7dz
vLqgcPW+USRX9i1E9b/tcsVucn2vpwNtI4uw82uhF3WjjQeBwVRwK0sYu5MH7HyN
T7t1SlD02x5X9Uf4po73aMU5RtAwYC8EgZ+TH8CkI+MhDX+ErWoJ3A==
-----END RSA PRIVATE KEY-----
Binary file added soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pub.der
View file
Open in desktop
Binary file not shown.
11 changes: 11 additions & 0 deletions soc/arm/npcm4xx/common/ImageGenerator/Key/RSA3072key_pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApRmjyg+ftgDiRlmsrjd+
rSreojY1yTBfoSn7Pp2QXYaijTQGOpD86zRFMYrWu5NAaBJWOhhDc/PoGyGWW6dJ
5m5Gql5IxJv0s9+479npy4QZNj4et65sTMmYXxfO8A1d7nWO2G8/B/3s+NDNrGJh
w36QCc05X8pyguYGvC3Ro8GbO8osF7bHn1NG4ixPhckzaxVfX2uocWO2lXmFiqni
Qqs6oc/RZEzjnjhBwuJ0yE5uXj+1rSR1mjJwol6oFzgNIRaYK976GX8zE+lWW+xN
o7cGXR66IWK3lxSbQjfhdluBl5Ew1t484HGGPZX+SfJKJ8xlHbzL0FQzTiinIzvJ
WtcXSbe7vng/LONY7KYs5L1iPSzVZIXgUAdArUMhd8e1boGhYniECP4jnNi/BhhG
iLxXV87Iz2K4qBX0kUYW2rdf+CptxPnOHkaOpjqN5u6PKC0l8Ja5r5IAgbpYeu9N
1/S46kA6X0X9SAuKaSO8CDzU8KErUiIFhIqwjXXEqndjAgMBAAE=
-----END PUBLIC KEY-----
53 changes: 49 additions & 4 deletions soc/arm/npcm4xx/common/ImageGenerator/Xml/_NTC_config.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,69 @@

<Description>
<Config>
<GenOTP>@gen_otp</GenOTP>
<CryptoSelect>0</CryptoSelect>
<ToolPath></ToolPath>
</Config>

<Crypto>
<OpenSSL>
<EcFwSigKey>RSA3072key_pri.pem</EcFwSigKey>
<EcFwSigKey_Idx>0</EcFwSigKey_Idx>
<EcFwPubKey0>RSA3072key_pub.der</EcFwPubKey0>
</OpenSSL>
</Crypto>

<FileName>
<FirmwareImage>@inputfile.bin</FirmwareImage>
<OutputFWName>@inputfile_signed.bin</OutputFWName>
</FileName>

<FWImageHeader>
<hImageTag>%FiMg94@</hImageTag>
<hActiveECFwOffset>0x00</hActiveECFwOffset> <!-- Unit: MCP size / 256 -->
<hSystemECFWOffset>0x00</hSystemECFWOffset> <!-- Unit: byte, align 4K -->
<hEcFwRegionSize>0x20</hEcFwRegionSize> <!-- Unit: MCP size / 256 , 0: Full -->
<hMajorVer>0x00</hMajorVer> <!-- ranging from 0 ~ 56 -->
<hActiveECFwOffset>0x00</hActiveECFwOffset> <!-- Unit: MCP size / 256 -->
<hRecoveryEcFwOffset>@recover_image_offset</hRecoveryEcFwOffset> <!-- Unit: MCP size / 256 -->
<hSystemECFWOffset>0x00</hSystemECFWOffset> <!-- Unit: byte, align 4K -->
<hEcFwRegionSize>@recover_image_offset</hEcFwRegionSize> <!-- Unit: MCP size / 256 , 0: Full -->

<hSecureBoot>@secure_boot</hSecureBoot> <!-- Effective when secure mode is not enabled -->
<hSecurityLvl>@secure_level</hSecurityLvl> <!-- Effective when secure mode is not enabled -->
<hOTPRefToTable>1</hOTPRefToTable> <!-- Effective when secure mode is not enabled -->
<hHwTrimRefOTPTable>0</hHwTrimRefOTPTable> <!-- Effective when secure mode is not enabled -->
<hNotUpdateOTPRegister>1</hNotUpdateOTPRegister> <!-- Effective when secure mode is not enabled -->
<hNotEraseOTPTable>1</hNotEraseOTPTable>
<hOTPRefToSrcTable>1</hOTPRefToSrcTable>
<hNotDoBackup>@not_do_backup</hNotDoBackup>

<hMajorVer>0x00</hMajorVer> <!-- ranging from 0 ~ 56 -->
<hMinorVer>0x0000</hMinorVer>
<hOEMversion>00000000</hOEMversion>
<hReleaseDate>0x000000</hReleaseDate>
<hProjectID>0x0000</hProjectID>
</FWImageHeader>

<OTPImageHeader>
<hOtpImgTag>%OtPmAp@</hOtpImgTag>
</OTPImageHeader>

<OTPbitmap>
<oFlashConnection>0</oFlashConnection> <!-- 0: MCP/MCP, 1:MCP/FIU, 2:FIU/FIU, 3: FIU/MCP-->
<oStrapMode1>0</oStrapMode1>
<oStrapMode2>0</oStrapMode2>
<oNotTrySysIfFIUShd>0</oNotTrySysIfFIUShd>
<oNotTrySysIfFIUPvt>0</oNotTrySysIfFIUPvt>
<oNotTrySysIfFIUBkp>0</oNotTrySysIfFIUBkp>
<oNotTryMafAndAMD>0</oNotTryMafAndAMD>
<oNotTrySysIfSPI1>0</oNotTrySysIfSPI1>
<oSecureBoot>@secure_boot</oSecureBoot>
<oSecurityLvl>@secure_level</oSecurityLvl>
<oRSAPubKeySts>0x01</oRSAPubKeySts> <!-- bit n: RSA key index n exist, n < 5 -->
<oSHA512Used>0</oSHA512Used> <!-- 0: Use SHA256, 1: Use SHA512 -->
<oLongKeyUsed>@longkey_used</oLongKeyUsed> <!-- 0: Use RSA2048/EC256, 1: Use RSA3072/RSA4096/EC384/EC521 -->
<oLongKeySel>@longkey_sel</oLongKeySel> <!-- 0: Use RSA4096, 1: Use RSA3072 -->
<oHaltIfMafRollbk>0</oHaltIfMafRollbk>
<oHaltIfActiveRollbk>0</oHaltIfActiveRollbk>
<oHaltIfOnlyMafValid>0</oHaltIfOnlyMafValid>
<oTryBootIfAllCrashed>0</oTryBootIfAllCrashed>
</OTPbitmap>
</Description>
Loading
Loading