#linux-sunxi on 2023-11-02 — irc logs at oftc.irclog.whitequark.org

2022-12-21 00:44 ChanServ changed the topic of #linux-sunxi to: Allwinner/sunxi development - Did you try looking at our wiki? https://linux-sunxi.org - Don't ask to ask. Just ask and wait for an answer! - This channel is logged at https://oftc.irclog.whitequark.org/linux-sunxi

00:48 utsweetyfish has quit [Remote host closed the connection]

00:49 utsweetyfish has joined #linux-sunxi

01:16 vagrantc has quit [Quit: leaving]

01:24 apritzel has quit [Ping timeout: 480 seconds]

01:27 Daanct12 has joined #linux-sunxi

02:35 palmer_ has left #linux-sunxi [#linux-sunxi]

02:36 palmer has joined #linux-sunxi

02:50 utsweetyfish has quit [Remote host closed the connection]

02:50 utsweetyfish has joined #linux-sunxi

03:07 utsweetyfish has quit [Remote host closed the connection]

03:07 utsweetyfish has joined #linux-sunxi

03:56 vagrantc has joined #linux-sunxi

03:59 Halamix2 has quit [Quit: Gone (and/or ZNC is doing something stupid)]

04:01 Halamix2 has joined #linux-sunxi

04:22 utsweetyfish has quit [Remote host closed the connection]

04:22 utsweetyfish has joined #linux-sunxi

04:23 vagrantc has quit [Quit: leaving]

05:01 hexdump01 has joined #linux-sunxi

05:03 hexdump0815 has quit [Ping timeout: 480 seconds]

05:12 JohnDoe_71Rus has joined #linux-sunxi

05:56 utsweetyfish has quit [Remote host closed the connection]

05:59 utsweetyfish has joined #linux-sunxi

06:13 <gamiee> apritzel: so, it is already ready to use TOC0 for bootloader checking? :o

06:13 <gamiee> (also, does u-boot have some mechanism to check sign of kernel?)

07:24 hexdump01 has quit []

07:24 hexdump0815 has joined #linux-sunxi

07:39 utsweetyfish has quit [Remote host closed the connection]

07:39 utsweetyfish has joined #linux-sunxi

07:49 <daschaos> Yes, u-boot supports the check of signed kernels. The easiest way is to use FIT Images, the whole fit image gets signed, so everything in it including DTBs are also signed.

08:18 bauen1 has quit [Ping timeout: 480 seconds]

08:54 tnovotny has joined #linux-sunxi

09:03 warpme has joined #linux-sunxi

09:16 bauen1 has joined #linux-sunxi

09:22 apritzel has joined #linux-sunxi

09:40 warpme has quit []

09:40 <apritzel> gamiee: what do you mean exactly with "bootloader checking"?

09:40 <apritzel> the main usage for TOC0 is to be able to boot anything at all on boards with the secure boot fuse burnt

09:41 <apritzel> and consistency checks are already in place with eGON, albeit using just a very simple checksum

09:42 <apritzel> and as daschaos said: the rest of the boot chain should be validated by U-Boot then

09:42 <apritzel> IIUC we don't support this in the SPL atm, mainly for code size reasons, although this shouldn't be an issue anymore for SoCs like H6 and newer

09:44 <apritzel> and AFAIK nobody has really tried to burn an actual key hash into the eFUSEs, to enable proper SPL signature checks by the BROM

09:46 <gamiee> apritzel: this is exactly what I would like to do, to burn actual key has into eFUSE, so non-signed u-boot will be not possible to run.

09:46 warpme has joined #linux-sunxi

09:47 <apritzel> I guess smaeul is the person to talk to in this case

09:47 <apritzel> but this would be only the first step: to verify the SPL is legit. The rest of the firmware (U-Boot proper, TF-A, DTB) would need to be checked by the SPL

09:48 <apritzel> I think U-Boot has all the infrastructure to do that (since we use a FIT image for that as well), but you'd have to enable that in the config

09:48 <apritzel> and then fix the compilation problems that you will most likely see, because that's U-Boot

09:52 <gamiee> I am using H3, so only U-boot proper and kernel needs to be verified. (I am using DTB from u-boot)

09:57 <apritzel> "DTB from U-Boot": very good, as you should! With smaeul's recent patches (sent yesterday) we gain SPL FIT support for 32-bit SoCs as well, so this should be the same category then

09:58 <apritzel> gamiee: it would be great if you could explore that: apply and test his patches, then try to enable FIT signature checking in the SPL

09:58 <gamiee> Sweet! Those are really good news.

09:58 <apritzel> the H3 is unfortunately limited to 32KB SPL, so this might become a bit tight

09:58 <gamiee> Yes, I can try that. Also, will this anyhow collide with Crust?

09:58 <gamiee> (I don't know how Crust is "packed into u-boot)

09:59 <apritzel> it should not, crust on H3 mostly requires SPL FIT: the commit messages explicitly mention that

09:59 <gamiee> Sweeeet.

10:00 <apritzel> so the U-Boot FIT would contain U-Boot proper, the DTB, crust, and IIUC this special eGON blob for CPU suspend/wakeup

10:00 <apritzel> and all of this could be checked by the SPL, which itself is checked by the BROM

10:01 <gamiee> Can FIT have also custom boot.cmd? Or rather I should override the default boot cmd in u-boot?

10:01 <gamiee> This sounds really really good.

10:05 <apritzel> haven't tried that, but FIT should allow to load arbitrary data into arbitrary locations, so that should include a boot script to $scriptaddr

10:14 <apritzel> we use something to that effect with sunxi-fel: you upload a U-Boot script file to the right address, and it gets executed

10:16 <gamiee> hmm, good to know. Will see what will work 😁 but this is amazing. Basically, I can get rid of the /boot partition at all lol :D Everything will be in u-boot SPL and FIT image.

10:17 <apritzel> gamiee: just to avoid confusion: depending on your boot flow, there might be *two* separate FIT images at play here:

10:18 <apritzel> one that contains U-Boot, the DTB, crust and will be loaded by the SPL

10:18 <apritzel> and optionally one that contains the kernel, and maybe an initrd, that will be loaded by U-Boot proper

10:19 <apritzel> of course you can just load the kernel and initrd separately from any media accessible to U-Boot, there is no real need to wrap that up, especially if you have a boot script anyway

10:29 <gamiee> Yeah, actually, this sounds as good idea, because I have more advanced boot flow. u-boot checks if button is pressed, if yes, it will load alternate kernel and rootfs (recovery mode), else it will load main kernel and rootfs on partition.

10:29 <gamiee> But if I want to encrypt partition, I guess I will need initrc... hm

10:32 <apritzel> well, you have to load stuff from somewhere. Whether this is a separate /boot partition or another partition, is just an implementation detail

10:33 <apritzel> U-Boot supports multiple filesystems, so you wouldn't be limited to FAT, if that is your concern

10:37 kuba2k2 has joined #linux-sunxi

10:46 <gamiee> Yeah, that should be fine.

11:20 dsimic is now known as Guest5538

11:20 dsimic has joined #linux-sunxi

11:22 Guest5538 has quit [Ping timeout: 480 seconds]

11:41 junari has joined #linux-sunxi

11:52 junari has quit [Ping timeout: 480 seconds]

12:28 bauen1 has quit [Ping timeout: 480 seconds]

13:20 JohnDoe_71Rus has quit []

13:21 Daanct12 has quit [Quit: WeeChat 4.1.1]

13:24 warpme has quit []

13:26 kuba2k2 has quit [Ping timeout: 480 seconds]

13:34 warpme has joined #linux-sunxi

13:51 bauen1 has joined #linux-sunxi

13:57 kuba2k2 has joined #linux-sunxi

14:09 warpme has quit []

14:24 JohnDoe_71Rus has joined #linux-sunxi

14:29 bauen1 has quit [Ping timeout: 480 seconds]

14:34 kuba2k2 has quit [Ping timeout: 480 seconds]

14:39 warpme has joined #linux-sunxi

14:42 utsweetyfish has quit [Remote host closed the connection]

14:43 utsweetyfish has joined #linux-sunxi

14:57 gsz has joined #linux-sunxi

15:18 kuba2k2 has joined #linux-sunxi

15:52 utsweetyfish has quit [Remote host closed the connection]

15:53 utsweetyfish has joined #linux-sunxi

16:09 warpme has quit []

16:58 gsz has quit [Ping timeout: 480 seconds]

17:14 warpme has joined #linux-sunxi

17:20 evgeny_boger has joined #linux-sunxi

17:54 tnovotny has quit [Remote host closed the connection]

17:55 juri__ has joined #linux-sunxi

17:57 juri_ has quit [Ping timeout: 480 seconds]

18:00 juri_ has joined #linux-sunxi

18:04 juri__ has quit [Ping timeout: 480 seconds]

18:11 apritzel has quit [Ping timeout: 480 seconds]

18:31 kuba2k2 has quit [Ping timeout: 480 seconds]

18:32 JohnDoe_71Rus has quit []

18:46 colinsane has quit [Ping timeout: 480 seconds]

19:16 utsweetyfish has quit [Remote host closed the connection]

19:19 utsweetyfish has joined #linux-sunxi

19:57 apritzel has joined #linux-sunxi

20:06 warpme has quit []

20:24 utsweetyfish has quit [Remote host closed the connection]

20:24 utsweetyfish has joined #linux-sunxi

20:32 <smaeul> apritzel: yes, there's a different FEL entry address when in secure mode, because (except for D1 and A523) it has to switch to NBROM where the FEL code is.

20:33 <smaeul> I believe it is 0x64, which loads a magic value in r6, which is then checked at the end of that block

20:33 <smaeul> your wiki update looks good

20:36 <smaeul> I'm somewhat surprised that the mkimage TOC0 code continues to work on A523, though I suppose there's no motivation for AW to change their secure boot code

20:36 <apritzel> smaeul: what did you expect? ;-)

20:38 <smaeul> I hope they've at least fixed the stack smashing bug :/

20:38 <apritzel> and while A76 doesn't support AArch32 in EL3 anymore, A55 does, so as long as they stay big.LITTLE, they can play this game (BROM in AA32) for a while

20:39 <gamiee> smaeul: hi! Please, do you have any tools or info about signing u-boot SPL for BROM? I would like to try to get secure booting working on my H3

20:39 <smaeul> I still haven't tried writing a key hash to the eFuse on any device, because I'm not confident in the endianness

20:41 <apritzel> smaeul: isn't that signature checking code visible in the BROM? So you could check that, or somehow try or emulate?

20:41 <smaeul> yeah, true

20:42 <gamiee> Are there hidden parts of BROM?

20:44 <smaeul> no

20:45 <smaeul> you can only access the secure BROM if the secure fuse is burnt, but that's not really "hiding" it

20:45 <smaeul> to answer your specific question about signing U-Boot SPL, apritzel just documented that on the wiki: https://linux-sunxi.org/TOC0#U-Boot.27s_mkimage

20:46 <apritzel> I think gamiee is after signing the FIT image that the SPL loads ...

20:46 <apritzel> I believe this should be generic U-Boot code, but I have never tried that

20:46 <smaeul> 1) generate a key, 2) build with CONFIG_SPL_IMAGE_TYPE_SUNXI_TOC0=y, 3) optionally, write the SHA-256 hash of the key to the eFuse

20:47 <smaeul> right, CONFIG_SPL_FIT_SIGNATURE

20:48 <apritzel> plus CONFIG_MAKE_EVERTHING_ELSE_REALLY_TINY_AND_HOPE_FOR_THE_BEST, because there is a hard 32K limit on the H3

20:50 <smaeul> yeah, it might be worth trying to use the crypto engine for code size

20:51 <apritzel> I was thinking the same, but that sounds like a serious challenge

20:51 <apritzel> we need Corentin ....

21:06 ftg has joined #linux-sunxi

21:36 colinsane has joined #linux-sunxi

21:50 bauen1 has joined #linux-sunxi

22:10 gnarface__ has joined #linux-sunxi

22:10 gnarface has quit [Read error: Connection reset by peer]

22:10 gnarface__ has quit []

22:11 gnarface has joined #linux-sunxi

22:31 ftg has quit [Ping timeout: 480 seconds]

22:42 ftg has joined #linux-sunxi

23:26 Newbyte has quit [Ping timeout: 480 seconds]

23:26 KNULLNoNeAll[m] has quit [Ping timeout: 480 seconds]

23:26 Tooniis[m] has quit [Ping timeout: 482 seconds]

23:26 cperon has quit [Ping timeout: 480 seconds]

23:26 insep has quit [Ping timeout: 480 seconds]

23:26 chuang[m] has quit [Ping timeout: 482 seconds]

23:26 GrantM11235[m] has quit [Ping timeout: 482 seconds]

23:26 aerospace[m] has quit [Ping timeout: 482 seconds]

23:26 sajattack[m]1 has quit [Ping timeout: 480 seconds]

23:26 exkc has quit [Ping timeout: 480 seconds]

23:26 movedon5b2z4xywybidzannet[m] has quit [Ping timeout: 480 seconds]

23:26 fraolt has quit [Ping timeout: 480 seconds]

23:27 dittid[m] has quit [Ping timeout: 483 seconds]

23:27 obbardc has quit [Ping timeout: 480 seconds]

23:27 error2[m] has quit [Ping timeout: 480 seconds]

23:27 DanielakaCyReVolt[m] has quit [Ping timeout: 480 seconds]

23:27 aperezdc has quit [Ping timeout: 480 seconds]