Changes between Version 5 and Version 6 of newport/secure_boot

Timestamp:

09/04/2024 11:08:23 PM (2 weeks ago)

Author:

Tim Harvey

Comment:

refactored the FIT section and OTP section

newport/secure_boot

@@ -37 +37 @@
 openssl ecparam -name prime256v1 -genkey -noout -out bdk/trust-keys/bdk-sign-private.pem
 }}}
+
+**
+The hw-rot-private.pem and bdk-sign-private.pem files must be stored in a secure database preferably indexed by board serial number in case you even need to change them.
+**
 
 To build a version of boot firmware in the Newport BSP directory using keys that you create and manage in the ~/keys directory:
@@ -62 +66 @@
 }}}
 
-**
-The hw-rot-private.pem and bdk-sign-private.pem files must be stored in a secure database preferably indexed by board serial number in case you even need to change them.
-**
-
-[=#dtb]
-== Adding signature node to DTB for booting signed FIT images
-To add the kernel, fdt, and ramdisk to the chain of trust you can use a signed fit image (see [wiki:secure_boot#fit]). This requires that the FDT controlling U-Boot have a signature node containing the key data used to verify the FIT image.
-
-To accomplish this you must alter your board dtb in the boot firmware FATFS using the method discussed in [wiki:secure_boot#fit].
-
-You can do this using the fatfs-tool which is built by the Newport BSP. For example, if your board is a GW6304 thus uses the gw6304-linux.dtb, your Newport BSP is in /usr/src/newport/bsp, and your FIT key is ~/keys/fit.key
-{{{#!bash
-# define vars used in commands below
-BSP_DIR=/usr/src/newport/bsp
-DTB=gw6304-linux.dtb
-KEY_DIR=~/keys
+
+[=#otp]
+== Blowing Fuses to lock a device to use trusted boot
+
+**Important Note: Once boards have been configured for trusted-mode boot by hard blowing fuses the JTAG chain is disabled and boards can not be re-tested by Gateworks and as a result returns (RMA) will not be accepted. It is recommended that OEM's test board functionality before permanently setting trusted-mode boot fuses.**
+
+In order to enable trusted boot you must:
+ * program the ROTPK 256bit hash into OTP
+ * enable the tz-force bit
+ * enable the fj-dis bit if you want to disable a fallback to insecure boot firmware if secure boot fails
+
+The 256bit ROTPK that needs to be used for trusted boot can be found using the following in the Newport BSP directory:
+{{{#!bash
+./newport/getkey.py bdk/trust-keys/hw-rot-private.pem
+}}}
+
+Before doing this permanently there is a way to 'soft' blow the fuses where you can perform a warm reset to verify everything boots as expected.
+
+Gateworks provides an [https://dev.gateworks.com/buildroot/newport/minimal/octeontxotp.c octeontxotp] application on its pre-built buildroot based minimal kernel+ramdisk that can be used for provisioning boards.
+
+To boot this on a Newport board download the kernel [https://dev.gateworks.com/buildroot/newport/minimal/Image Image] (which contains a ramdisk rootfs) and boot via something like:
+{{{#!bash
+tftpboot $kernel_addr_r 192.168.1.146:newport/Image.rescue && booti $kernel_addr_r - $fdtcontroladdr
+}}}
+
+This program can be used to blow the fuses necessary to enable trusted boot:
+ * soft blow (for testing)
+{{{#!bash
+octeontxotp --rotpk $ROTPK
+octeontxotp --tz_force
+octeontxotp --fj_dis
+i2cset -f -y 0 0x20 0 0 # disable power-cycle on reset
+octeontxotp --reset
+}}}
+  - replace $ROTPK above with the value output from './newport/getkey.py bdk/trust-keys/hw-rot-private.pem' in your BSP build directory
+  - the i2cset command above disables a board power-cycle on CPU reset so that the soft fuses are used
+
+After the {{{octeontxotp --reset}}} you should see the following which indicates a clean and successful trusted boot:
+{{{#!bash
+WARNING: 
+WARNING: ********************************************************
+WARNING: * Configured for soft blow of secure NV counter. This
+WARNING: * build is not suitable for production trusted boot.
+WARNING: ********************************************************
+WARNING: 
+
+
+
+Gateworks Newport SPL (12.7.0-7647df8 Wed Sep 4 20:36:41 UTC 2024)
+
+GSC     : v61 0xfa4b RST:VIN Thermal Protection Enabled at board temp of 96C
+Temp    : Board:29C/96C CPU:56C/95C
+Model   : GW6905-SP435-A2
+MFGDate : 07-11-2024
+Serial  : 448336
+RTC     : 51
+SoC     : CN8030-1500BG676-AUS-P12-G 1024KB 1500/550MHz 0xa2 Pass 1.2
+MMC1    : not detected
+MMC0    : eMMC   
+Boot    : eMMC trusted, Secure Boot
+DTB     : gw6404.dtb
+DRAM    : 4096 MB, 2133 MT/s, DDR4 UDIMM
+J9      : PCI
+J10     : PCI (hwconfig options:PCI,SATA,USB2)
+J11     : PCI
+QLM0    : PCIE_X1@8000MHz J9
+QLM1    : QSGMII@5000MHz
+QLM2    : PCIE_X1@8000MHz J11
+QLM3    : PCIE_X1@8000MHz J10
+Serial  : 2x RS232 without flow control
+MDIO0   : DP83867 (RGMII)
+MDIO1   : VSC8574 (QSGMII)
+temp    : 29.4C  
+vdd_bat : 0.000V 
+fan_tach: 0 RPM  
+vdd_vin : 17.070V
+vdd_5p0 : 5.062V 
+vdd_3p3 : 3.348V 
+vdd_2p5 : 2.506V 
+vdd_core: 0.891V 
+vdd_0p9 : 0.902V 
+vdd_1p0 : 0.999V 
+vdd_1p2 : 1.193V 
+vdd_1p5 : 1.483V 
+vdd_an1 : 1.394V 
+vdd_gsc : 3.162V 
+NOTICE:  Booting Trusted Firmware
+NOTICE:  BL1: v1.5(release):e1ffc601 (Marvell-12.1.0)
+NOTICE:  BL1: Built : 20:36:52, Sep  4 2024
+NOTICE:  CHIP UniqueID not set
+NOTICE:  BL1: Booting BL2
+NOTICE:  BL2: v1.5(release):e1ffc601 (Marvell-12.1.0)
+NOTICE:  BL2: Built : 20:37:09, Sep  4 2024
+NOTICE:  BL1: Booting BL31
+NOTICE:  BL31: v1.5(release):e1ffc601 (Marvell-12.1.0)
+NOTICE:  BL31: Built : 20:37:17, Sep  4 2024
+
+
+U-Boot 2021.01-g4ba8e461cc (Sep 04 2024 - 20:37:51 +0000)
+
+Model: Gateworks Newport CN80XX GW6404
+Board: GW6905-SP435-A2
+DRAM:  4 GiB
+WDT:   Started with servicing (60s timeout)
+MMC:   octeontx-mmc0: 0
+Loading Environment from MMC... OK
+In:    serial@87e028000000
+Out:   serial@87e028000000
+Err:   serial@87e028000000
+BGX0 QLM1 LMAC2 mode: QSGMII
+BGX0 LMACs: 4
+XCV_DLL_CTL: TX_BYP=0 RX_BYP=1
+BGX2 LMAC0 mode: RGMII
+BGX2 LMACs: 1
+Net:   eth0: vnic0, eth1: vnic1, eth2: vnic2, eth3: vnic3, eth4: vnic4
+Thermal protection:enabled at 96C
+Hit any key to stop autoboot:  0
+}}}
+
+If you use a $ROTPK value that differs from that which was used to build your image you will see no output from the UART as the board does not boot.
+
+After testing via soft blow above you can now hard blow the fuses (**this is permanent and you will no longer be able to JTAG program or RMA your board**). Repeat the boot to the rescue image and blow the fuses with:
+{{{#!bash
+octeontxotp --hard --force --rotpk $ROTPK
+octeontxotp --hard --force --lock rotpk
+octeontxotp --hard --force --tz_force
+octeontxotp --hard --force --fj_dis
+}}}
+  - replace $ROTPK above with the value output from './newport/getkey.py bdk/trust-keys/hw-rot-private.pem' in your BSP build directory
+
+At this point you have trusted boot all the way to the bootloader and can follow-up with a signed FIT image.
+
+
+[=#fit]
+== Signed FIT Image (kernel and optional ramdisk)
+To add the kernel and an optional ramdisk to the chain of trust you can use a signed FIT image (see [wiki:/secure_boot#fit]). This requires that the FDT controlling U-Boot have a signature node containing the key data used to verify the FIT image.
+
+For this you need the following:
+ * A key for your FIT image
+ * Add a signature node with the key details in the linux dtb used by U-Boot which resides in the FATFS
+ * Create a FIT image with a kernel, optional ramdisk and optional configuration
+
+Example Procedure:
+ 1. Define some env variables used in commands below (altered for your needs):
+{{{#!bash
+DTB=gw6404-linux.dtb
+KEY_DIR=$PWD/bdk/trust-keys/
 KEY_NAME=fit
-
-# get latest boot firmware
-wget http://dev.gateworks.com/newport/boot_firmware/firmware-newport.img
-
-# extract your DTB to current directory
-$BSP_DIR/bin/fatfs-tool -i firmware-newport.img extract /$DTB .
-
-# use mkimage to apply the key signature node
-cat << EOF > dummy.its
+}}}
+  - DTB should match the board linux DTB you are using
+  - KEY_NAME - what you named your key (fit) above
+  - KEY_DIR is where your key is
+ 1. Create the KEY:
+{{{#!bash
+# create key
+openssl genpkey -algorithm RSA -out $KEY_DIR/$KEY_NAME.key -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
+# create cert for key
+openssl req -batch -new -x509 -key $KEY_DIR/$KEY_NAME.key -out $KEY_DIR/$KEY_NAME.crt
+}}}
+  - you will want to save this away on a trusted source along with the keys used for secure boot above; note that a make clean will wipe any keys in bdk/trust-keys
+ 1. Alter the linux dtb (which U-Boot uses) in the boot firmware to add the signature node. This is done using the U-Boot mkimage tool then using the fatfs-tool tool to copy it into the embedded FATFS in the firmware image. Create an ITS template where each image is defined to have a has and each configuration is signed:
+{{{#!bash
+cat << EOF > fit.its
 /dts-v1/;
 
 / {
-        description = "Dummy file for signing board .dtb files";
+        description = "Image for Linux Kernel";
         #address-cells = <1>;
 
-        /* dummy image just to keep mkimage tool happy */
         images {
-                kernel@1 {
-                        description = "dummy kernel image";
-                        data = /incbin/("dummy.bin");
+                kernel {
+                        description = "Linux Kernel";
+                        data = /incbin/("./linux/arch/arm64/boot/Image.gz");
                         type = "kernel";
                         arch = "arm64";
                         os = "linux";
-                        compression = "none";
-                        load = <0x0>;
-                        entry = <0x0>;
-                        hash@1 {
+                        compression = "gzip";
+                        load =<0x48200000> ;
+                        entry = <0x48200000>;
+                        hash-1 {
                                 algo = "sha256";
                         };
@@ -111 +251 @@
         };
         configurations {
-                default = "config@1";
-                config@1 {
+                default = "config-1";
+                config-1 {
                         description = "Linux configuration";
-                        kernel = "kernel@1";
-                        signature@1 {
-                                algo = "sha256,rsa2048";
-                                key-name-hint = "dummy";
+                        kernel = "kernel";
+                        signature-1 {
+                                algo = "sha1,rsa2048";
+                                key-name-hint = "$KEY_NAME";
+                                sign-images = "kernel";
                         };
                 };
@@ -123 +264 @@
 };
 EOF
-touch dummy.bin
-# replace dummy placeholders for key-name
-sed -i "s;key-name-hint = \"dummy\";key-name-hint = \"$KEY_NAME\";g" dummy.its
-# create cert for key
-openssl req -batch -new -x509 -key $KEY_DIR/$KEY_NAME.key -out $KEY_DIR/$KEY_NAME.crt
-# add signature node to myboard.dtb
-$BSP_DIR/bin/mkimage -r -k $KEY_DIR -K $DTB -f dummy.its dummy.itb
+
+# add signature node to your dtb using mkimage
+cp dts/$DTB .
+mkimage -r -k $KEY_DIR -K $DTB -f fit.its fit.itb
 
 # pad and sign the dtb
-BDK_ROOT=$BSP_DIR/bdk $BSP_DIR/bdk/bin/bdk-aes-pad $DTB
-BDK_ROOT=$BSP_DIR/bdk $BSP_DIR/bdk/bin/bdk-sign bdk-sign-private $DTB.sign $DTB
+./bdk/bin/bdk-aes-pad $DTB
+BDK_ROOT=$PWD/bdk ./bdk/bin/bdk-sign bdk-sign-private ./$DTB.sign ./$DTB
 
 # copy the new dtb and its signature into the FATFS
-$BSP_DIR/bin/fatfs-tool -i firmware-newport.img cp $DTB $DTB.sign /
-}}}
-
-
-[=#otp]
-== Blowing Fuses to lock a device to use trusted boot
-
-**Important Note: Once boards have been configured for trusted-mode boot by hard blowing fuses the JTAG chain is disabled and boards can not be re-tested by Gateworks and as a result returns (RMA) will not be accepted. It is recommended that OEM's test board functionality before permanently setting trusted-mode boot fuses.**
-
-In order to enable trusted boot you must:
- * program the ROTPK 256bit hash into OTP
- * enable the tz-force bit
- * enable the fj-dis bit if you want to disable a fallback to insecure boot firmware if secure boot fails
-
-The 256bit ROTPK that needs to be used for trusted boot can be found using the following in the Newport BSP directory:
-{{{#!bash
-./newport/getkey.py bdk/trust-keys/hw-rot-private.pem
-}}}
-
-Before doing this permanently there is a way to 'soft' blow the fuses where you can perform a warm reset to verify everything boots as expected.
-
-Gateworks provides an octeontxotp application on its pre-built buildroot based minimal kernel+ramdisk that can be used for provisioning boards. This program can be used to blow the fuses necessary to enable trusted boot:
- * soft blow (for testing)
-{{{#!bash
-octeontxotp --rotpk $ROTPK
-octeontxotp --tz_force
-octeontxotp --fj_dis
-i2cset -f -y 0 0x20 0 0 # disable power-cycle on reset
-octeontxotp --reset
-}}}
- * hard blow (after testing via soft blow) **this is permanent and you will no longer be able to JTAG program or RMA your board**)
-{{{#!bash
-octeontxotp --hard --force --rotpk $ROTPK
-octeontxotp --hard --force --lock rotpk
-octeontxotp --hard --force --tz_force
-octeontxotp --hard --force --fj_dis
-}}}
+fatfs-tool -i firmware-newport.img cp ./$DTB ./$DTB.sign /
+
+# copy the FIT image into the FATFS
+fatfs-tool -i firmware-newport.img cp fit.itb /
+
+# create a JTAG binary image
+./mkimage_jtag --soc cn803x --emmc -s --partconf=user firmware-newport.img@user:erase_part:0-32768 > firmware-newport.bin
+}}}
+  - Note placing the FIT image containing the kernel in the FATFS is just one option. You may want to put it someplace dedicated in FLASH due to size or other prefrences.
+
+Now you can JTAG program the updated firmware-newport.bin and boot it via:
+ 1. verify the signature node is in the controlling dtb
+{{{#!bash
+GW6905-SP435-A2> fdt addr $fdtcontroladdr && fdt print /signature
+signature {
+    key-fit {
+        required = "conf";
+        algo = "sha256,rsa2048";
+        rsa,r-squared = <0xaf3ca3f0 0x73f28178 0x88f0aee0 0xaa2d9d2d 0xb1f4a926 0xfb94185f 0xf006b370 0xfe24b6f3 0x0f93dc67 0x49638257 0x33d2b04e 0xcf70c6b4 0x3abfda78 0xdbe6a1d7 0xd2a119fa 0x6e2efea8 0x359492a2 0x634dd1bf 0x5e3f1248 0x135cc54a 0x8b92f034 0xdf4b3525 0x99668d2b 0xd1b5c5cf 0xeb5a84a6 0x958edc0f 0x37bca5ee 0xb64b4b56 0x28c7b114 0x2771edde 0xd87b1b68 0x1b2c22d9 0xd44242d9 0xa3f5749d 0xa3ca7b86 0xe31923d7 0x6cf1d2c9 0x685a79f5 0x27576cea 0xa33a4be0 0x3ce85721 0xb8a1b9a1 0xe54acf5b 0x098d2201 0x0b768b19 0x9be17c61 0xb5540e51 0xe9f89f54 0xc6d69841 0x7a4a79f2 0xf9e10893 0x992f120d 0xeb874b8e 0xa1017e7c 0x5f60874a 0xf78d9b6a 0xc6b8b64f 0x4fcad653 0xdaa9f618 0x1ff8e9fc 0x5ee19772 0x5c3c66f0 0x5a006dec 0xddc182ff>;
+a6d 0x5a4e6f90 0xe31b9d42 0xcefa7d1f 0x6b757a25 0xcafe13b5 0x3b0eb7ff 0xfc281541 0xd8765ac3 0x5f19110a 0x381aac24 0xaa69c335 0x3aaddfe1 0x48bc4576 0x7c725b55 0x3a006181 0x4439a5d6 0x6a6523f2 0xeff42f8f 0x9f927be6 0xbc88d703 0xd264bc4c 0x1be6fad9 0x24e157e8 0x365f4765 0x7c63c31d 0xac83d338 0x0da0eedb 0xa2102d3a 0xf826be86 0xcd6d5e02 0x6bacb3f3 0xb82f7982 0x8fedc29e 0x81764654 0x6c4a8ce0 0x5d8bfdda 0xcb2b3973 0x8247809e 0x9abdbdd1 0x98155cc1 0x1ac51a84 0xcd6e87b2 0xf1a656e4 0x68b3cc9f 0x655ba517 0x9f6841dd 0x48de6550 0x5869179a 0x84e68b6d 0xeabd5b4c 0x146448ec 0x37d11af4 0x8e715f05>;
+        rsa,exponent = <0x00000000 0x00010001>;
+        rsa,n0-inverse = <0xde6a6a33>;
+        rsa,num-bits = <0x00000800>;
+        key-name-hint = "fit";
+    };
+};
+}}}
+ 1. Boot the FIT image
+{{{#!bash
+# boot FIT image
+setenv bootargs "root=/dev/mmcblk0p2 rootwait rw"
+load mmc 0:1 $loadaddr fit.itb && bootm $loadaddr - $fdtcontroladdr
+}}}
+
+Note that Newport's U-Boot already has the things defined necessary for signed FIT images (CONFIG_FIT_SIGNATURE, CONFIG_RSA, CONFIG_LEGACY_IMAGE_FORMAT)
+
+You can continue the process of securing your firmware image by locking down U-Boot's environment and using a ramdisk to mount an encrypted filesystem. For detailed examples of that see [wiki:/venice/secure_boot venice/secure_boot]