Commit 91a9ff4b authored by Denis Pynkin's avatar Denis Pynkin Committed by Emanuele Aina

secure-boot.md: SabreLite board preparation

Added description of how to fuse the device
with Apertis SRK hash.
Signed-off-by: default avatarDenis Pynkin <denis.pynkin@collabora.com>
parent c2ef6cd1
......@@ -235,15 +235,121 @@ well supported by upstream components. Furthermore an initial PoC for the early
boot stages was already done for the NXP Sabre Auto boards which are based on
the same SoC.
Assuming the first implementation will be on that SoC the following
initial implementation steps should be taken:
* Enabling of secure boot in the u-boot packages for Sabrelite
* Adjust the image build process to sign u-boot such that the ROM can verify
* Adjust the image build process to sign signed images for u-boot to load
(e.g. sign kernel and initramfs)
* Add documentation on how to configure the reference board for secure boot
testing and development
As next steps the following could be undertaken:
## SabreLite secure boot preparation
The [good introduction into HAB (High Assurance Boot)](https://boundarydevices.com/high-assurance-boot-hab-dummies/)
is prepared by Boundary Devices, also there are some [documentation](https://github.com/u-boot/u-boot/blob/master/doc/imx/habv4/introduction_habv4.txt)
and examples in U-Boot source tree.
The [NXP Code Signing Tool](https://gitlab.apertis.org/pkg/development/imx-code-signing-tool)
is needed to create keys, certificates and SRK hashes used during the signing
process. Apertis reference images use the [public git repository](https://gitlab.apertis.org/infrastructure/apertis-imx-srk)
with all secrets available, so it could be used for signing binaries during
development in case if board has been fused with Apertis SRK hash (**irreversible operation!!!**).
**_Caution_**: the SabreLite board can be fused with the SRK (Super Root Key)
hash only once!
To fuse the [Apertis SRK hash](https://gitlab.apertis.org/infrastructure/apertis-imx-srk/-/blob/master/SRK_1_2_3_4_fuse.bin)
we have to have the hexadecimal dump of the hash of the key. Command below will produce the
output with commands for Apertis SRK hash fusing:
```
$ hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin | for i in `seq 0 7`; do read h; echo fuse prog -y 3 $i $h; done
```
This command generates the list of commands to be executed in a U-Boot CLI.
For Apertis SRK hash fusing they are:
```
fuse prog -y 3 0 0xFD415383
fuse prog -y 3 1 0x519690F5
fuse prog -y 3 2 0xE844EB48
fuse prog -y 3 3 0x179B1826
fuse prog -y 3 4 0xEC0F8D7C
fuse prog -y 3 5 0x2F209598
fuse prog -y 3 6 0x9A98BE3
fuse prog -y 3 7 0xAAD9B3D6
```
After execution of commands above only [Apertis development keys](https://gitlab.apertis.org/infrastructure/apertis-imx-srk/)
can be used for signing the U-Boot binary.
The i.MX6 ROM does signature verification of the bootloader during
startup, and depending on the configured (fused) mode the behaviour is
different. The i.MX6 device may work in 2 modes:
- "open" -- the HAB ROM allows the use of unsigned bootloaders or bootloaders
signed with any key, without checking its validity.
In case of errors, it will only generate HAB secure events on boot without
halting the process.
- "closed" -- only signed with correct key U-Boot may be started, any
incorrectly signed bootloader will not be started.
**It is highly recommended not to use "closed" mode for development boards!**
To check if your device is booted with correctly signed bootloader, and
SRK key is fused, just type this in the U-Boot CLI:
```
=> hab_status
Secure boot enabled
HAB Configuration: 0xcc, HAB State: 0x99
No HAB Events Found!
```
The output shows if the device is in "closed" mode (secure boot enabled) and
booted without any security errors.
In case of errors in "open" mode the same command will show the
list of HAB events similar to:
```
--------- HAB Event 5 -----------------
event data:
0xdb 0x00 0x14 0x41 0x33 0x21 0xc0 0x00
0xbe 0x00 0x0c 0x00 0x03 0x17 0x00 0x00
0x00 0x00 0x00 0x50
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_CERTIFICATE (0x21)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)
```
During Linux kernel verification it is possible to emulate the "closed" mode
with `fuse override` command and proceed with the boot:
```
=> fuse override 0 6 0x2
=> run bootcmd
```
_Note_: the only issue with closed mode emulation -- the device will
accept kernel signed with any key, but HAB events will be
generated and shown in that case.
To close a device you need to fuse the same values used for overriding.
**_Caution_**: the board can only use bootloaders signed with the Apertis development key after the
step below! This is irreversible operation:
```
=> fuse prog 0 6 0x2
```
## Secure boot in the U-Boot package for Sabrelite
The U-Boot bootloader must be configured with the option `CONFIG_SECURE_BOOT`
to enable support of HAB (High Assurance Boot) support on i.MX6 platform.
Upstream U-Boot has no protection based on the HAB engine to prevent executing
unsigned binaries. Verified boot with the usage of HAB ROM is enabled in
U-Boot for Apertis only for [FIT (Flattened uImage Tree)](https://github.com/u-boot/u-boot/blob/master/doc/uImage.FIT/source_file_format.txt)
format since it allows to embed Linux kernel, initramfs and DTB into a single image.
Hence the support of FIT images must be enabled in U-Boot configuration by
option `CONFIG_FIT`.
The [patch series](https://gitlab.apertis.org/pkg/target/u-boot/-/merge_requests/4)
enables verification of FIT image prior to execution of the Linux kernel. Patched U-Boot
do verification of the whole FIT binary prior to extraction kernel and initramfs images,
and this ensures that only verified initial system will be started.
All other format types like zImage, as well as other boot methods are
prohibited on fully secured device when "closed" mode is enabled or emulated.
* Integration of PCKS#11 support in the signing process to support HSM devices
* Automated testing of secure boot if possible
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment