Re: [RFC 1/1] fw_base: header for vendor information

Anup Patel

On Tue, Aug 31, 2021 at 10:39 PM Heinrich Schuchardt
<heinrich.schuchardt@...> wrote:

To implement secure boot OpenSBI should provide a well defined header
structure with reserved space in which a vendor can place information
related to a signature that the boot ROM code can check.
I totally agree.

Typically this space will be used to add

* vendor magic
* type of signature
* offset to signature
Better to include few other stuff like size of image including the header.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@...>
Ideally such a header would be standardized. This would allow alternative
firmware to be validated by the same boot ROM.

Could this be a topic for the platform specification?
The platform specification only points to SBI specification and sets
expectations around SBI extensions available to the S-mode software.

A standard OpenSBI image header format is more of an OpenSBI
specific topic.

I suggest the following:
1) We define the OpenSBI image header format in docs/firmware/
2) Update fw_base.S (like this patch) to use the OpenSBI image header
3) Provide a reference C header (i.e. include/sbi/fw_image.h) for the
OpenSBI image format.
4) Provide scripts/tools for vendors to embed vendor specific data in
the OpenSBI image header

Vendors can certainly re-use OpenSBI image header format (and tools)
for their vendor-specific early booting stages as well.

If OpenSBI image header format becomes widely used then we can
even create a dedicated RISC-V project to host this as well.

Best regards

firmware/fw_base.S | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/firmware/fw_base.S b/firmware/fw_base.S
index 1569e60..e2cc5cb 100644
--- a/firmware/fw_base.S
+++ b/firmware/fw_base.S
@@ -13,6 +13,7 @@
#include <sbi/sbi_platform.h>
#include <sbi/sbi_scratch.h>
#include <sbi/sbi_trap.h>
+#include <sbi/sbi_version.h>

@@ -47,6 +48,15 @@
.globl _start
.globl _start_warm
+ j _real_start
+ .align 2
+ .ascii "OpenSBI\0"
I think we should also have:
1) Firmware size in bytes
2) 32bit type field (where type == 0 means no vendor data)

+ /* Space reserved for vendor information, e.g. offset to a signature */
+ .long 0
+ .skip 12
Is 12 longs sufficient ??

/* Find preferred boot HART id */
MOV_3R s0, a0, s1, a1, s2, a2
call fw_boot_hart

Links: You receive all messages sent to this group.
View/Reply Online (#1291):
Mute This Topic:
Group Owner: tech-unixplatformspec+owner@...
Unsubscribe: [anup@...]


Join { to automatically receive all group messages.