From 62691cac030c4f0bd350a086e4b182673730d64c Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Fri, 6 Nov 2015 10:59:33 -0800 Subject: cr50: make customized RO work This patch completes introduction of building of proper RO and RW images for cr50. A few small mods were required: - both RO and RW images have to be signed, using the same dedicated signer, but with different keys, dev_key.pem is not needed any more. - the RW image offset is not at the half of available flash, a chip specific value of 16K is used instead. The suggested new image layout is as follows: +----------------------------------------+ | 1KB RO signature header. | +----------------------------------------+ - - | 15KB RO image. | - - +========================================+ | 1KB RW-A signature header. | +----------------------------------------+ - - - - | 239K RW-A image. | - - - - +========================================+ - - | 16 KB NVRAM, shared | - - +========================================+ | 1KB RW-B signature header. | +----------------------------------------+ - - - - | 239K RW-B image. | - - - - +========================================+ BRANCH=none BUG=chrome-os-partner:43025 TEST=The combined image (build/cr50/ec.hex) is successfully loaded and started by the spiflash utility from the latest FPGA tarball. Corrupting a byte in the generated image in the RW section causes failure to verify. Change-Id: I41a05168b0d4e9f88efa1003f261b6dd03972a24 Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/311422 Reviewed-by: Bill Richardson --- Makefile.rules | 14 ++++++-------- board/cr50/dev_key.pem | 27 --------------------------- chip/g/build.mk | 8 +++++--- chip/g/config_chip.h | 7 +++++++ include/config.h | 5 +++-- 5 files changed, 21 insertions(+), 40 deletions(-) delete mode 100644 board/cr50/dev_key.pem diff --git a/Makefile.rules b/Makefile.rules index 32ba66a8ba..23d743fbdb 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -40,7 +40,7 @@ cmd_flat_to_obj = $(CC) -T $(out)/firmware_image.lds -nostdlib $(CPPFLAGS) \ # Allow the .roshared section to overlap other sections (itself) cmd_ec_elf_to_flat ?= $(OBJCOPY) --set-section-flags .roshared=share \ -O binary $< $@ -cmd_elf_to_signed ?= $(out)/util/signer --key=util/signer/rom-testkey-A.pem \ +cmd_elf_to_signed ?= $(out)/util/signer --key=util/signer/$(3).pem \ --input=$< --format=bin --output=$@.signed \ && mv $@.signed $@ cmd_elf_to_dis = $(OBJDUMP) -D $< > $@ @@ -199,20 +199,18 @@ $(out)/%.dis: $(out)/%.elf $(out)/RW/%.hex: $(out)/RW/%.elf $(out)/RW/%.smap $(call quiet,elf_to_hex,OBJCOPY) -ifeq ($(SIGNED_RO_IMAGE),) +ifeq ($(SIGNED_IMAGES),) $(out)/%.flat: $(out)/%.elf $(out)/%.smap $(call quiet,ec_elf_to_flat,OBJCOPY) $(out)/RO/%.hex: $(out)/RO/%.elf $(out)/RO/%.smap $(call quiet,elf_to_hex,OBJCOPY) else -$(out)/RW/ec.RW.flat: $(out)/RW/ec.RW.elf - $(call quiet,ec_elf_to_flat,OBJCOPY) -$(out)/RO/ec.RO.flat.raw: $(out)/RO/ec.RO.elf $(out)/RO/ec.RO.smap - $(call quiet,ec_elf_to_flat,OBJCOPY) +$(out)/RO/%.flat: $(out)/RO/%.elf $(out)/RO/%.smap + $(call quiet,elf_to_signed,RO_SIGN,rom-testkey-A) -$(out)/RO/ec.RO.flat: $(out)/RO/ec.RO.elf $(out)/RO/ec.RO.smap - $(call quiet,elf_to_signed,RO_SIGN) +$(out)/RW/%.flat: $(out)/RW/%.elf $(out)/RW/%.smap + $(call quiet,elf_to_signed,RW_SIGN,loader-testkey-A) $(out)/RO/%.hex: $(out)/RO/%.flat $(call quiet,bin_to_hex,OBJCOPY) diff --git a/board/cr50/dev_key.pem b/board/cr50/dev_key.pem deleted file mode 100644 index 6f15b80652..0000000000 --- a/board/cr50/dev_key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAsaHkxeqOorLS8/Ixp43ZnPnJ+ItBIbX4AkmKFLZyLus9NaFX -j2r+qIM0Daxsaq/qvtlnRNrQ313XH/F5e1xrdTcC4VovR8Q4wXh+hEw4Nhcz2U/c -daZMaBJUZlYEHpi2R9UXcflDS68oE5GNJT5EuGfqdpvStTFMU33Bv7cxgf3lQg2c -fhMoNNjTxzzR+ta0lmaQLZ7kh6IOIb0SoTmANvmtANPdIC4NTHk43KSRTShOTYRs -b7pbOrFq+7bmDWhgfHv7Y34Y2f0LouXlzJEfGnlpXYOX5WA9H9XMbBGwhjKNq5R6 -YHW069FyT6G28VceY+i3SMdgoEgyNPn/GHK02wIDAQABAoIBAAX35JHp0aUR0Ri1 -OInisD8f/XNGaofRb2XURrlvb+K3sLTOmPyOocPTtLoI4xOqmX6UG24q0/3NT18Z -Y/WLI2kq0gP0XcZRh36op8eWMAVRPkK89jFVxxdwFjniBf1pMCa1uDXyJBq05enS -aCWqM/DmPPCDR88iuufLP+lLJHSznt2vDjbONcU+MVtuymrBkYR/APPSl7CPNmF4 -WPhWoVbj5tgOO5XUTU/wFRLgnD2FfPiS0g26AKeriJWTeD2dZHFcmJAoFxs1du18 -1r4yAZveEcT+RgVsXa9L+/OTd+uuPVzlgEBhyP2xSiFN9TMPlpBdsWrDtx4ZFnQV -ajMVeGECgYEA11TbaI6G5xEhCaz+11v8UYIX1V9KXTJz1fuy4qyItduf27O3egAO -KhUu8nxTpj2JTj65ZPWlTahLF5UKuyAbOmyP5OZBSmZHqfATMh8jEz50mfTWgtew -KzswTtslXV8ekaVBta+aNUJrptqtpVK9PpE1yAOjmw42vk3YgbL4pzkCgYEA0y5P -R3u0pS9ZFfI7cFOFBZm2B+e6Md2P/8zmyzJakIQhHVbAWkhc6BIocUe0xSVG0ceq -3n2QPfkmWrZrUSp+5n9ouaC8ixqWrHU7xbGHLklWsq+WpI0PvNTftPS9akVJV4D9 -xD1K8lpPQuakuOmctUco2G4p1LSwbfQqwe48CLMCgYAanR5RGeyKeo9+xqborzHM -USvo71IdmrK+a9F8Op7a+z4SxW+T4JXflaarybn8/fYOeaooVEQOCRLe40jkP9+d -pPVT8TF4pJOO6WE1/Ks1Ia7/qEcq/MWFUldyJ5vCopMApVAtyHpiwsbTZIu5tzQ0 -m3XuNqTt8R/K/YwY26nn4QKBgB3gl2bNoakdIcVxF+e0aUV5kb9ckYMsjYrrOlvV -K+r2RpkYBO7A/iP3LbGZK4IY3AQh85K2wQmDjmGXHWfGU13Y+MAKdaJYiKitjV9S -1oU96v4syWtOacOVenDnj0TRuKagoUZ6RXg0PrKAXx2qL3mWL7kvHMvzJGLqAIKf -ae7xAoGAClWOT/hzzUROAVYIYszYUXrVAtCC896m8b8VRG1kL3GL/pOyKoqvVybi -Mx9V1mi/oFcBA2MGDAaJUJEQ7JYih/go3auzEmL3zQHzeLofaldFjOt2kN1ff6UF -HKyS+l/Ub1NVhHkXoVZpo6spKyMG/iPm4qr+rIvkwwfF1e2OADU= ------END RSA PRIVATE KEY----- diff --git a/chip/g/build.mk b/chip/g/build.mk index 4e9ec7208f..1648389d42 100644 --- a/chip/g/build.mk +++ b/chip/g/build.mk @@ -4,7 +4,7 @@ # found in the LICENSE file. # -SIGNED_RO_IMAGE = 1 +SIGNED_IMAGES = 1 CORE:=cortex-m CFLAGS_CPU+=-march=armv7-m -mcpu=cortex-m3 @@ -46,7 +46,9 @@ custom-ro_objs-y += chip/g/loader/main.o custom-ro_objs-y += chip/g/loader/rom_flash.o custom-ro_objs-y += chip/g/loader/setup.o custom-ro_objs-y += chip/g/loader/verify.o +custom-ro_objs-y += chip/g/pmu.o custom-ro_objs-y += chip/g/system.o +custom-ro_objs-y += chip/g/trng.o custom-ro_objs-y += chip/g/uart.o custom-ro_objs-y += common/printf.o custom-ro_objs-y += common/util.o @@ -55,7 +57,7 @@ custom-ro_objs-y += core/cortex-m/panic.o dirs-y += chip/g/loader endif - $(out)/RO/ec.RO.flat: $(out)/util/signer +$(out)/RW/ec.RW.flat: $(out)/util/signer -$(out)/RO/ec.RO.hex: $(out)/RO/ec.RO.flat +$(out)/%.hex: $(out)/%.flat diff --git a/chip/g/config_chip.h b/chip/g/config_chip.h index 1818fbce60..3978371a26 100644 --- a/chip/g/config_chip.h +++ b/chip/g/config_chip.h @@ -64,4 +64,11 @@ /* Number of IRQ vectors on the NVIC */ #define CONFIG_IRQ_COUNT (GC_INTERRUPTS_COUNT - 16) +#undef CONFIG_RW_MEM_OFF + +/* Leaving 16K for the RO aka loader. */ +#define CONFIG_RW_MEM_OFF 0x4000 + +#define CONFIG_CUSTOMIZED_RO + #endif /* __CROS_EC_CONFIG_CHIP_H */ diff --git a/include/config.h b/include/config.h index 1e8618ca7d..afe8eab5d0 100644 --- a/include/config.h +++ b/include/config.h @@ -1982,10 +1982,11 @@ #undef CONFIG_WP_ALWAYS /* - * If needed to allocate some free space in the base of the RO section of the - * image, define this to be equal the required size of the free space. + * If needed to allocate some free space in the base of the RO or RW section + * of the image, define these to be equal the required size of the free space. */ #undef CONFIG_RO_HEAD_ROOM +#undef CONFIG_RW_HEAD_ROOM /*****************************************************************************/ /* -- cgit v1.2.1