Hi,
I'm currently developing a secure boot solution for one of our customers using i.MX8DXL
why the SECO API (sc_seco_authenticate() api) inside the authenticate_os_container() api from the NXP Guide is called 3 times?
authenticate_os_container api code:
int authenticate_os_container(ulong addr)
{
struct container_hdr *phdr;
int i, ret = 0;
int err;
sc_rm_mr_t mr;
sc_faddr_t start, end;
u16 length;
struct boot_img_t *img;
unsigned long s, e;
if (addr % 4) {
puts("Error: Image's address is not 4 byte aligned\n");
return -EINVAL;
}
.....
..... err = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER,
SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE);
for (i = 0; i < phdr->num_images; i++) {
img = (struct boot_img_t *)(addr +
sizeof(struct container_hdr) +
i * sizeof(struct boot_img_t));
debug("img %d, dst 0x%x, src 0x%x, size 0x%x\n",
i, (uint32_t) img->dst, img->offset + addr, img->size);
memcpy((void *)img->dst, (const void *)(img->offset + addr),
img->size);
......
.....err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE,
(1 << i));
if (err) {
printf("Authenticate img %d failed, return %d\n",
i, err);
ret = -EIO;
}
exit:
if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0) != SC_ERR_NONE)
printf("Error: release container failed!\n");
return ret;
}
What do the sc_seco_authenticate apis called 3 times authenticate the signed image?
(At each step, which part of the signed image is authenticated?)
- sc_seco_authenticate(ipc, SC_SECO_AUTH_CONTAINER ) : Authenticate whether an image is a container or not?
- sc_seco_authenticate(ipc, SC_SECO_VERIFY_IMAGE) : Hash value authentication of container internal image?
- sc_seco_authenticate(ipc, SC_SECO_REL_CONTAINER) : ?
Regards,
Duncan
