Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anti-rollback protection support #1072

Merged
merged 10 commits into from
Apr 10, 2023
Merged

Anti-rollback protection support #1072

merged 10 commits into from
Apr 10, 2023

Conversation

igoropaniuk
Copy link
Contributor

No description provided.

@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from 8d1c903 to ed91539 Compare March 15, 2023 21:35
@quaresmajose
Copy link
Member

the use of the fdtput requires a new dependencies DEPENDS += "dtc-native" on the the bbclass that uses the tool otherwise it can fail if the tool is not installed on the host machine.

MrCry0
MrCry0 approved these changes Mar 16, 2023
View reviewed changes
Copy link
Contributor

@MrCry0 MrCry0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from ed91539 to 54f30f4 Compare March 16, 2023 16:13
@igoropaniuk
base: lmp-boot-firmware: introduce LMP_BOOT_FIRMWARE_VERSION
0c05c07 
Introduce LMP_BOOT_FIRMWARE_VERSION variable, that can be set globally
and can share boot firmware version across multiple recipes.

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from 54f30f4 to d63b622 Compare March 29, 2023 11:47
MrCry0
MrCry0 approved these changes Mar 29, 2023
View reviewed changes
Copy link
Contributor

@MrCry0 MrCry0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@igoropaniuk
base: fip-utils.bbclass: add bootfirmware version to U-Boot DTB
efbae5a 
Add LMP_BOOT_FIRMWARE_VERSION value to U-Boot device tree blob before
final FIP creation.

Example of a node (added to /firmware):

bootloader {
    bootfirmware-version = "147";
    compatible = "lmp,bootloader";
};

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk
base: uboot-fitimage.bbclass: add bootfirmware version to U-Boot DTB
24c426d 
Add LMP_BOOT_FIRMWARE_VERSION value to U-Boot device tree blob before
final FIT creation.

Example of a node (added to /firmware):

bootloader {
    bootfirmware-version = "147";
    compatible = "lmp,bootloader";
};

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from 39dffd1 to 9ad79fb Compare March 30, 2023 14:12
@igoropaniuk
base: u-boot-ostree-scr-fit: add rollback protection support
b46b69b 
Add rollback protection support, which can be enabled by OTP variabled
fiovb.rollback_protection.

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from 9ad79fb to 72dcaf7 Compare March 30, 2023 18:17
@igoropaniuk igoropaniuk changed the title Rollback protection poc Anti-rollback protection support Mar 30, 2023
@igoropaniuk
bsp: lmp-boot-firmware: uz3eg-iocc-sec: don't use PV
3d767b7 
Provide version in LMP_BOOT_FIRMWARE_VERSION instead of PV.

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk
base: optee-fiovb: bump revision to 4a353de
51ac5e8 
Relevant changes:
- 4a353de ta: introduce support for rollback protection
- e2853fb ta: refactor read/write/delete functions
- c963a38 cmake: add initial CMakeLists.txt files
- 9f3275e fiovb: host: check privileges at startup

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk
base: fip-utils.bbclass: copy u-boot.dtb for adjustments
4b94d0a 
Copy u-boot.dtb, if any adjustments are needed to be done
additionally, and use that copy for a final FIP creation.

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from 72dcaf7 to c4320fc Compare March 31, 2023 14:11
@igoropaniuk
Copy link
Contributor Author

@ricardosalveti @quaresmajose @MrCry0 this one also depends on foundriesio/u-boot#204

@igoropaniuk
base: u-boot-fio: 2022.04: bump to 08452551bf
2cd9c5e 
Relevant changes:
- 08452551bf [FIO internal] common: introduce BOOTFIRMWARE_INFO_STRICT
- 8a9e798bc8 [FIO internal] common: introduce bootfirmware info

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk
bsp: u-boot-fio: enable bootfirmware info support
0c45cf4 
Enable CONFIG_BOOTFIRMWARE_INFO=y for stm32mp15 targets.

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk
bsp: tf-a-fio: extend STM32MP_BOOTSCR_SIZE
37b9c5c 
Extend size of boot.scr file.

Signed-off-by: Igor Opaniuk <[email protected]>
@igoropaniuk igoropaniuk force-pushed the rollback-protection-poc branch from c4320fc to 37b9c5c Compare April 4, 2023 16:04
@quaresmajose
Copy link
Member

@igoropaniuk can you please check if a change on LMP_BOOT_FIRMWARE_VERSION triggers a new run of the fip-utils.bbclass:do_deploy and uboot-fitimage.bbclass:uboot_fitimage_assemble bitbake tasks?

This can be done building a target image with LMP_BOOT_FIRMWARE_VERSION=a and after that change only it to LMP_BOOT_FIRMWARE_VERSION=b and running another build. at the end checking the refered tasks run again and the artifacts are updated.

I have doubts if we don't have to add the variable LMP_BOOT_FIRMWARE_VERSION in the dependence chain of tasks above.

@ricardosalveti
Copy link
Member

Can you squash "base: fip-utils.bbclass: copy u-boot.dtb for adjustments" into "base: fip-utils.bbclass: add bootfirmware version to U-Boot DTB"?

@quaresmajose
Copy link
Member

@igoropaniuk can you please check if a change on LMP_BOOT_FIRMWARE_VERSION triggers a new run of the fip-utils.bbclass:do_deploy and uboot-fitimage.bbclass:uboot_fitimage_assemble bitbake tasks?

This can be done building a target image with LMP_BOOT_FIRMWARE_VERSION=a and after that change only it to LMP_BOOT_FIRMWARE_VERSION=b and running another build. at the end checking the refered tasks run again and the artifacts are updated.

I have doubts if we don't have to add the variable LMP_BOOT_FIRMWARE_VERSION in the dependence chain of tasks above.

I have tested your patch locally on stm32mp15-disco and the LMP_BOOT_FIRMWARE_VERSION is taken in account on the dependencies chain of the tasks.

The steps to reproduce:

  1. echo 'LMP_BOOT_FIRMWARE_VERSION = "1"' >> conf/auto.conf
  2. bitbake lmp-base-console-image
  3. echo 'LMP_BOOT_FIRMWARE_VERSION = "2"' >> conf/auto.conf
  4. bitbake lmp-base-console-image -S printdiff

As we can see on the output of the last command [4] the variable LMP_BOOT_FIRMWARE_VERSION is taken into account.

The differences between the current build and any cached tasks start at the following tasks:
/build-stm32mp15-disco/conf/../../layers/meta-lmp/meta-lmp-base/recipes-bsp/lmp-boot-firmware/lmp-boot-firmware.bb:do_fetch
/build-stm32mp15-disco/conf/../../layers/meta-lmp/meta-lmp-base/recipes-bsp/trusted-firmware-a/tf-a-fio_2.7.bb:do_deploy
NOTE: Reparsing files to collect dependency data
Writing locked sigs to /home/quaresmajose/lmp-manifest/repo/build-stm32mp15-disco/locked-sigs.inc

Task tf-a-fio:do_deploy couldn't be used from the cache because:
  We need hash ce53a65450615894e9864ba75229f5b6129614fefef3af1f788b77eb8942875d, closest matching task was c230b13eaf20486075de8c8568e8c3870bae76ccd7f5a2f893e44e81b4878a4c
  basehash changed from a2041b7f51a46badcfa02a1e121946ad1f296e4822064439c0f51d36a7a4cdb7 to 2af5366ae27ac8bf3482c7bd273ea5656025a77a36f2b426cb7be31b5f240ade
  Variable LMP_BOOT_FIRMWARE_VERSION value changed from '1' to '2'

All of this using the latest lmp-manifest and also rebased your PR on on top of meta-lmp tip

quaresmajose
quaresmajose approved these changes Apr 6, 2023
View reviewed changes
Copy link
Member

@quaresmajose quaresmajose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also tested on IMX machines to check the uboot-fitimage and it works as expected.

@igoropaniuk
Copy link
Contributor Author

@quaresmajose @ricardosalveti all comments are addressed

ricardosalveti
ricardosalveti approved these changes Apr 10, 2023
View reviewed changes
Copy link
Member

@ricardosalveti ricardosalveti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ricardosalveti ricardosalveti merged commit a5bac91 into foundriesio:main Apr 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ricardosalveti ricardosalveti ricardosalveti approved these changes

@quaresmajose quaresmajose quaresmajose approved these changes

@MrCry0 MrCry0 MrCry0 approved these changes

@angolini angolini Awaiting requested review from angolini

@ldts ldts Awaiting requested review from ldts

@mike-scott mike-scott Awaiting requested review from mike-scott

@mwasilew mwasilew Awaiting requested review from mwasilew

@Tim-Anderson Tim-Anderson Awaiting requested review from Tim-Anderson

@vanmaegima vanmaegima Awaiting requested review from vanmaegima

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@igoropaniuk @quaresmajose @ricardosalveti @MrCry0