topic Re: CSF Header: RSA Signature in Layerscape

CSF Header: RSA Signature

vsiles — Tue, 10 May 2016 13:10:22 GMT

I'm trying to understand what is hashed/signed by the uni_sign tool. I'm only signing one binary (u-boot-spl.bin) so it takes as input an input file and the .bin file, and outputs a hdr.bin file.

In this header, there is a RSA signature, but I'm not sure of what ?

My goal is to perform secure boot while loading CSF / u-boot from the SD card. Right now the PBL loads everything, but the ISBC fails with error 0x341 (signature missmatch), so u-boot and linux runs in Non secure SEC state.

Best,

Vincent

Re: CSF Header: RSA Signature

yipingwang — Thu, 12 May 2016 06:38:12 GMT

Hello Vincent Siles,

Please refer to the following functionalities of CST tool.

1. Key Generation

a. Generating RSA Public and Private Keys.

b. Generating OTPMK and DRV keys with hamming code inserted.

2. Generating CSF header for an image

3. Signing code using RSA Private Keys.

Please sign image with the private key, store the hash of public key in SFP fuse(SFP_SRKRH shadow registers), and store OTPMK keys to OTPMK registers.

Please refer to the following steps for running a basic secure boot test.

1. Generate a public/private RSA key pair.

2. Sign the image to be validated (U-Boot) using the private key.

3. Create a header containing information regarding the image, keys, signature etc.

4. Load the U-Boot and header image on to memory

5. Store the hash of public key in fuses (SFP)

6. Run out of POR with RCW having SB_EN=1 and location of header programmed in DCFG SCRATCHRW1 register via PBI commands.

7. Boot ROM will read the SCRATCH REGISTER for location of the HEADER and then perform the validation.

Please refer to the following procedure of CST tool.

1. Generate a key pair of size 1024, 2048 or 4096 (1K, 2K or 4K)
2. Copy the image to be copied in CST directory (uboot.bin)
3. Modify the input_file if required (for Image name, image location, Key names etc.)
4. Run the uni_sign tool which will create the header file and also give the Public Key hash.
./uni_sign --file <input_secure_file>

I suspect the input file which you used to sign the image is not correct.

Would you please provide the input file used for signing SD secure u-boot?

Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Re: CSF Header: RSA Signature

vsiles — Thu, 12 May 2016 07:07:30 GMT

Dear yipingwang thank you for this detail information. Here is the input file I am currently using:

/* Copyright (c) 2013 Freescale Semiconductor, Inc.
 * All rights reserved.
 */
---------------------------------------------------
# Specify the platform. [Mandatory]
# Choose Platform - 1010/1040/2041/3041/4080/5020/5040/9131/9132/9164/4240/C290/LS1
PLATFORM=LS1
# ESBC Flag. Specify ESBC=0 to sign u-boot and ESBC=1 to sign ESBC images.(default is 0)
ESBC=0
---------------------------------------------------
# Entry Point/Image start address field in the header.[Mandatory]
# (default=ADDRESS of first file specified in images)
ENTRY_POINT=10000a00
---------------------------------------------------
# Specify the file name of the keys seperated by comma.
# The number of files and key select should lie between 1 and 4 for 1040 and C290.
# For rest of the platforms only one key is required and key select should not be provided.
# USAGE (for 4080/5020/5040/3041/2041/1010/913x): PRI_KEY = <key1.pri>
# USAGE (for 1040/C290/9164/4240/LS1): PRI_KEY = <key1.pri>, <key2.pri>, <key3.pri>, <key4.pri>
# PRI_KEY (Default private key :srk.pri) - [Optional]
PRI_KEY=srk.pri
# PUB_KEY (Default public key :srk.pub) - [Optional]
PUB_KEY=srk.pub
# Please provide KEY_SELECT(between 1 to 4) (Required for 1040/C290/9164/4240/LS1 only) - [Optional]
KEY_SELECT=
---------------------------------------------------
# Specify SG table address, only for (2041/3041/4080/5020/5040) with ESBC=0 - [Optional]
SG_TABLE_ADDR=
---------------------------------------------------
# Specify the target where image will be loaded. (Default is NOR_16B) - [Optional]
# Only required for Non-PBL Devices (1010/1040/9131/9132i/C290)
# Select from - NOR_8B/NOR_16B/NAND_8B_512/NAND_8B_2K/NAND_8B_4K/NAND_16B_512/NAND_16B_2K/NAND_16B_4K/SD/MMC/SPI
IMAGE_TARGET=
---------------------------------------------------
# Specify IMAGE, Max 8 images are possible. DST_ADDR is required only for Non-PBL Platform. [Mandatory]
# USAGE : IMAGE_NO = {IMAGE_NAME, SRC_ADDR, DST_ADDR}
IMAGE_1={u-boot-spl.bin,10000a00,ffffffff}
IMAGE_2={,,}
IMAGE_3={,,}
IMAGE_4={,,}
IMAGE_5={,,}
IMAGE_6={,,}
IMAGE_7={,,}
IMAGE_8={,,}
---------------------------------------------------
# Specify OEM AND FSL ID to be populated in header. [Optional]
# e.g FSL_UID=11111111
FSL_UID=
FSL_UID_1=
OEM_UID=
OEM_UID_1=
---------------------------------------------------
# Specify the file names of csf header and sg table. (Default :hdr.out) [Optional]
OUTPUT_HDR_FILENAME=hdr_uboot-spl.out
# Specify the file names of hash file and sign file.
HASH_FILENAME=img_hash.out
INPUT_SIGN_FILENAME=sign.out
# Specify the signature size.It is mandatory when neither public key nor private key is specified.
# Signature size would be [0x80 for 1k key, 0x100 for 2k key, and 0x200 for 4k key].
SIGN_SIZE=
---------------------------------------------------
# Specify the output file name of sg table. (Default :sg_table.out). [Optional]
# Please note that OUTPUT SG BIN is only required for 2041/3041/4080/5020/5040 when ESBC flag is not set.
OUTPUT_SG_BIN=
---------------------------------------------------
# Following fields are Required for 4240/9164/1040/C290 only
# Specify House keeping Area
# Required for 4240/9164/1040/C290 only when ESBC flag is not set. [Mandatory]
HK_AREA_POINTER=
HK_AREA_SIZE=
---------------------------------------------------
# Following field Required for 4240/9164/1040/C290 only
# Specify Secondary Image Flag. (0 or 1) - [Optional]
# (Default is 0)
SEC_IMAGE=0
# Specify Manufacturing Protection Flag. (0 or 1) - [Optional]
# Required only for LS1(Default is 0)
MP_FLAG=1
---------------------------------------------------
VERBOSE=1

Additional information:

- the board is a ls1021atwr

- I copied u-boot-spl.bin to the CST directory before using the uni_sign command

- srk.pri/pub have been genrated using gen_keys 4096

- I'm attempting a secure boot via SD card, so I created a file with RCW/PBI/CST/u-boot-spl.bin/u-boo.bin flashed onto the SD card.

- The PBL copies the CST/u-boot-spl.bin/u-boot.bin part from SD to OCRAM at address 0x10000000, so u-boot-spl.bin is at 0x10000a00

- OTPMK is burnt on the fuses

- RSA Hash is written in mirror registers using ccs

- Once this isdone, I release core0 and let the secure boot happen.

From this setting, I had some issues. ISBC successfully check the barker word, but returned the error "too may image file (> 8)". Using ccs, I saw that the endianness of the SG table was wrong, so I changed the endianness of the CST but the barker word. Then I got the error "key modulus is 0", so I realized I needed to only changed the endianness of some part of the header. Now I get a "Wrong hash computation".

I think this endianness issue comes from the fact that I am attempting secure boot from SD, so the PBI commands that copy from SD to OCRAM might mess with the endianness. In order to test a scenario known to work, I am attempting booting from the NOR (done yesterday), and I'll try secure boot from the NOR today.

Best,

Vincent

PS: to create the image I flash on the SD card, I do the following commands, extracted from u-boot makefile:

$ # create CSF header

$ uni_sign input_file

$ # append CSF header and SPL

$ cat hdr_uboot-spl.out u-boot-spl.bin > u-boot-spl-with-hdr.bin

$ # append RCW/PBI generated commands to SPL

$ mkimage -n $(UBOOT_SRC)/$(CONFIG_SYS_FSL_PBL_RCW) \

-R $(UBOOT_SRC)/$(CONFIG_SYS_FSL_PBL_PBI) -T pblimage \

-A $(ARCH) -a 0x10000000 -d u-boot-spl-with-hdr.bin u-boot-spl.pbl

$ # padding

$ objcpy -I binary -O binary --pad-to=$(CONFIG_SPL_PAD_TO) \

--gap-fill=0xff u-boot-spl.pbl u-boot-spl.pbl.padded

$ # adding u-bot.img

$ cat u-boot-spl.pbl.padded u-boot.img > signed-u-boot-with-spl.bin

Re: CSF Header: RSA Signature

yipingwang — Thu, 12 May 2016 08:38:26 GMT

Hello Vincent,

The CST tool is compiled for PowerPC ARCH(big endian) by default, please compile CST tool with "make ARCH=arm" for ARM platform.

Please use the latest CST tool from SDK 1.9, if you use the git tree, please use the source commit ID "65f79eb1443211826a58ff225e86b251af5f0e12".

Have a great day,
Yiping

Re: CSF Header: RSA Signature

vsiles — Thu, 12 May 2016 09:01:21 GMT

Thank you for the information I'll try it right away.

However I am very new to Yocto and using NXP SDK 1.9, and I don't know how to tell bitbake (or modify the recipe) to add the ARCH=arm parameter.

Re: CSF Header: RSA Signature

vsiles — Thu, 12 May 2016 09:34:34 GMT

I patched the cst Makefile to change ARCH ?= powerpc to ARCH = arm

With it, the header has indeed changed and looks like the modification of the endianness I was doing. So I tried with the new header (untouched) and it still fails with error 0x341.

Since the change in ARCH, should I regenerate my OPTMK key (I hope not, it's burnt...) and SRK key or did the change only affected uni_sign ?

Re: CSF Header: RSA Signature

vsiles — Thu, 12 May 2016 10:20:50 GMT

My bad, I forgot to fix one of my script.

SecMon.HPSR now shows Trusted \o/

Thank you very much yipingwang !