summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorYe Li <ye.li@nxp.com>2016-03-08 22:03:47 +0800
committerYe Li <ye.li@nxp.com>2022-04-06 14:31:09 +0800
commit3b09ef6ef88baad21e10799dd5a02f206b3c7258 (patch)
tree2fe3510ddfcd7c2d88265edabe893bdd4e47c88a /cmd
parentf63d8255a68e0b81ef4c4bc942f714399db28c35 (diff)
MLK-12500-1 HAB: Add kernel image authentication in image loading
To support the trust boot chain, we integrate the authentication into the kernel image loading process. The kernel image will be verified at its load address. So when signing the kernel image, we need to use this load address which may change on different platforms. Signed-off-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 3c118b8d6bbe1a25ca8c8bafeb528309f16fc73d) (cherry picked from commit fd9a9759ed9b3a9fc26b18aff00880382213b1ca) (cherry picked from commit 98d4faefdb83579d4a5a170e06af5efb64ad2b3c) (cherry picked from commit 3c0f0eed6cb703cd7d67ec97520b1990b5e35fb2) (cherry picked from commit 6605ea47d7fbbd4687c8eb636335f4c1165be4e4) (cherry picked from commit 6391ea5549199bff43a31c923593624f1c55e663)
Diffstat (limited to 'cmd')
-rw-r--r--cmd/bootm.c25
-rw-r--r--cmd/bootz.c8
2 files changed, 33 insertions, 0 deletions
diff --git a/cmd/bootm.c b/cmd/bootm.c
index e8b7066888..a56c729e55 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -125,6 +125,31 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
return do_bootm_subcommand(cmdtp, flag, argc, argv);
}
+#ifdef CONFIG_IMX_HAB
+ extern int authenticate_image(
+ uint32_t ddr_start, uint32_t raw_image_size);
+
+ switch (genimg_get_format((const void *)image_load_addr)) {
+#if defined(CONFIG_LEGACY_IMAGE_FORMAT)
+ case IMAGE_FORMAT_LEGACY:
+ if (authenticate_image(image_load_addr,
+ image_get_image_size((image_header_t *)image_load_addr)) != 0) {
+ printf("Authenticate uImage Fail, Please check\n");
+ return 1;
+ }
+ break;
+#endif
+#ifdef CONFIG_ANDROID_BOOT_IMAGE
+ case IMAGE_FORMAT_ANDROID:
+ /* Do this authentication in boota command */
+ break;
+#endif
+ default:
+ printf("Not valid image format for Authentication, Please check\n");
+ return 1;
+ }
+#endif
+
return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START |
BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER |
BOOTM_STATE_LOADOS |
diff --git a/cmd/bootz.c b/cmd/bootz.c
index 4f024bde5f..78c21d4740 100644
--- a/cmd/bootz.c
+++ b/cmd/bootz.c
@@ -57,6 +57,14 @@ static int bootz_start(struct cmd_tbl *cmdtp, int flag, int argc,
if (bootm_find_images(flag, argc, argv, images->ep, zi_end - zi_start))
return 1;
+#ifdef CONFIG_IMX_HAB
+ extern int authenticate_image(
+ uint32_t ddr_start, uint32_t raw_image_size);
+ if (authenticate_image(images->ep, zi_end - zi_start) != 0) {
+ printf("Authenticate zImage Fail, Please check\n");
+ return 1;
+ }
+#endif
return 0;
}