sw_apps :zynqmp_fsbl: Added support for authenticated images to boot as non secure images if RSA_EN is not programmed

b.vikram@xilinx.com · Siva Addepalli · commit 1bfd47e36282 · 2021-05-06T00:55:17.000+05:30
The patch adds support in ZynqMP FSBL to boot load images as non secure
images if RSA_EN is not programmed.

Signed-off-by: Vikram Sreenivasa Batchali &lt;b.vikram@xilinx.com&gt;
Acked-by: Krishna Chaitanya Patakamuri &lt;krishna.chaitanya.patakamuri@xilinx.com&gt;
diff --git a/lib/sw_apps/zynqmp_fsbl/src/xfsbl_initialization.c b/lib/sw_apps/zynqmp_fsbl/src/xfsbl_initialization.c
@@ -46,6 +46,8 @@
 * 8.0   bsv  12/16/20 Update print format in XFsbl_EccInit to correctly print
 *                     64 bit addresses and lengths
 *       bsv  04/01/21 Added TPM support
+*       bsv  04/28/21 Added support to ensure authenticated images boot as
+*                     non-secure when RSA_EN is not programmed
 *
 * </pre>
 *
@@ -1260,7 +1262,7 @@ static u32 XFsbl_ValidateHeader(XFsblPs * FsblInstancePtr)
 	if (((EfuseCtrl & EFUSE_SEC_CTRL_RSA_EN_MASK) != 0U) ||
 	    ((BootHdrAttrb & XIH_BH_IMAGE_ATTRB_RSA_MASK)
 		== XIH_BH_IMAGE_ATTRB_RSA_MASK)) {
-
+		FsblInstancePtr->AuthEnabled = TRUE;
 		XFsbl_Printf(DEBUG_INFO,"Authentication Enabled\r\n");
 #ifdef XFSBL_SECURE
 		 /* Read AC offset from Image header table */
diff --git a/lib/sw_apps/zynqmp_fsbl/src/xfsbl_main.c b/lib/sw_apps/zynqmp_fsbl/src/xfsbl_main.c
@@ -21,6 +21,8 @@
 * 2.0   bv   12/02/16 Made compliance to MISRAC 2012 guidelines
 *                     Added warm restart support
 * 3.0   bv   03/03/21 Print multiboot offset in FSBL banner
+*       bsv  04/28/21 Added support to ensure authenticated images boot as
+*                     non-secure when RSA_EN is not programmed
 *
 * </pre>
 *
@@ -45,7 +47,8 @@ static void XFsbl_FallBack(void);
 static void XFsbl_MarkUsedRPUCores(XFsblPs *FsblInstPtr, u32 PartitionNum);
 
 /************************** Variable Definitions *****************************/
-XFsblPs FsblInstance={0x3U, XFSBL_SUCCESS, 0U, 0U, 0U};
+XFsblPs FsblInstance = {0x3U, XFSBL_SUCCESS, 0U, 0U, 0U, 0U};
+
 /*****************************************************************************/
 /** This is the FSBL main function and is implemented stage wise.
  *
diff --git a/lib/sw_apps/zynqmp_fsbl/src/xfsbl_main.h b/lib/sw_apps/zynqmp_fsbl/src/xfsbl_main.h
@@ -1,5 +1,5 @@
 /******************************************************************************
-* Copyright (c) 2015 - 2020 Xilinx, Inc.  All rights reserved.
+* Copyright (c) 2015 - 2021 Xilinx, Inc.  All rights reserved.
 * SPDX-License-Identifier: MIT
 ******************************************************************************/
 
@@ -19,6 +19,8 @@
 * 1.00  kc   10/21/13 Initial release
 * 2.0   vb   03/24/17 Added macros for LOVEC/HIVEC and USB boot mode,
 *                     Made compliance to MISRAC 2012 guidelines
+* 3.00  bsv  04/28/21 Added support to ensure authenticated images boot as
+*                     non-secure when RSA_EN is not programmed
 *
 * </pre>
 *
@@ -70,6 +72,8 @@ typedef struct {
 	u32 ProcessorID; /**< One of R5-0, R5-LS, A53-0 */
 	u32 A53ExecState; /**< One of A53 64-bit, A53 32-bit */
 	u32 BootHdrAttributes; /**< Boot Header attributes */
+	u32 AuthEnabled;  /**< Check if RSA_EN is programmed or
+				Boot Header authentication is enabled */
 	u32 ImageOffsetAddress; /**< Flash offset address */
 	XFsblPs_ImageHeader ImageHeader; /** Image header */
 	u32 ErrorCode; /**< Error code during FSBL failure */
diff --git a/lib/sw_apps/zynqmp_fsbl/src/xfsbl_partition_load.c b/lib/sw_apps/zynqmp_fsbl/src/xfsbl_partition_load.c
@@ -42,6 +42,8 @@
 *       bsv  28/01/21 Fix build issues in case SECURE and BITSTREAM code are
 *                     excluded
 *       bsv  04/01/21 Added TPM support
+*       bsv  04/28/21 Added support to ensure authenticated images boot as
+*                     non-secure when RSA_EN is not programmed
 *
 * </pre>
 *
@@ -1200,15 +1202,15 @@ static u32 XFsbl_PartitionValidation(XFsblPs * FsblInstancePtr,
 	/**
 	 * check the authentication status
 	 */
-	if (XFsbl_IsRsaSignaturePresent(PartitionHeader) ==
-			XIH_PH_ATTRB_RSA_SIGNATURE )
-	{
+	if ((FsblInstancePtr->AuthEnabled == TRUE) &&
+		(XFsbl_IsRsaSignaturePresent(PartitionHeader) ==
+			XIH_PH_ATTRB_RSA_SIGNATURE)) {
 		IsAuthenticationEnabled = TRUE;
 	}
-	else
-	{
+	else {
 		IsAuthenticationEnabled = FALSE;
 	}
+
 	/* check the checksum status */
 	if (XFsbl_GetChecksumType(PartitionHeader) !=
 			XIH_PH_ATTRB_NOCHECKSUM )

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@`
`21`	`21`	`* 2.0 bv 12/02/16 Made compliance to MISRAC 2012 guidelines`
`22`	`22`	`* Added warm restart support`
`23`	`23`	`* 3.0 bv 03/03/21 Print multiboot offset in FSBL banner`
	`24`	`+* bsv 04/28/21 Added support to ensure authenticated images boot as`
	`25`	`+* non-secure when RSA_EN is not programmed`
`24`	`26`	`*`
`25`	`27`	`* </pre>`
`26`	`28`	`*`
`@@ -45,7 +47,8 @@ static void XFsbl_FallBack(void);`
`45`	`47`	`static void XFsbl_MarkUsedRPUCores(XFsblPs *FsblInstPtr, u32 PartitionNum);`
`46`	`48`
`47`	`49`	`/************************ Variable Definitions ***************************/`
`48`		`-XFsblPs FsblInstance={0x3U, XFSBL_SUCCESS, 0U, 0U, 0U};`
	`50`	`+XFsblPs FsblInstance = {0x3U, XFSBL_SUCCESS, 0U, 0U, 0U, 0U};`
	`51`	`+`
`49`	`52`	`/*****************************************************************************/`
`50`	`53`	`/** This is the FSBL main function and is implemented stage wise.`
`51`	`54`	`*`