[RFC 1/1] fw_base: header for vendor information
To implement secure boot OpenSBI should provide a well defined header
structure with reserved space in which a vendor can place information
related to a signature that the boot ROM code can check.
Typically this space will be used to add
* vendor magic
* type of signature
* offset to signature
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@...>
Ideally such a header would be standardized. This would allow alternative
firmware to be validated by the same boot ROM.
Could this be a topic for the platform specification?
firmware/fw_base.S | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/firmware/fw_base.S b/firmware/fw_base.S
index 1569e60..e2cc5cb 100644
@@ -13,6 +13,7 @@
#define BOOT_STATUS_RELOCATE_DONE 1
#define BOOT_STATUS_BOOT_HART_DONE 2
@@ -47,6 +48,15 @@
+ j _real_start
+ .align 2
+ .ascii "OpenSBI\0"
+ .short OPENSBI_VERSION_MAJOR
+ .short OPENSBI_VERSION_MINOR
+ /* Space reserved for vendor information, e.g. offset to a signature */
+ .long 0
+ .skip 12
/* Find preferred boot HART id */
MOV_3R s0, a0, s1, a1, s2, a2
On Tue, Aug 31, 2021 at 10:39 PM Heinrich Schuchardt
I totally agree.
Better to include few other stuff like size of image including the header.
The platform specification only points to SBI specification and sets
expectations around SBI extensions available to the S-mode software.
A standard OpenSBI image header format is more of an OpenSBI
I suggest the following:
1) We define the OpenSBI image header format in docs/firmware/fw.md
2) Update fw_base.S (like this patch) to use the OpenSBI image header
3) Provide a reference C header (i.e. include/sbi/fw_image.h) for the
OpenSBI image format.
4) Provide scripts/tools for vendors to embed vendor specific data in
the OpenSBI image header
Vendors can certainly re-use OpenSBI image header format (and tools)
for their vendor-specific early booting stages as well.
If OpenSBI image header format becomes widely used then we can
even create a dedicated RISC-V project to host this as well.
I think we should also have:
1) Firmware size in bytes
2) 32bit type field (where type == 0 means no vendor data)
+ /* Space reserved for vendor information, e.g. offset to a signature */Is 12 longs sufficient ??
On 9/3/21 9:09 AM, Anup Patel wrote:
On Tue, Aug 31, 2021 at 10:39 PM Heinrich SchuchardtThe question of file headers goes beyond SBI.
Kumar Sankara suggested that the topic of file headers for secure boot should be taken to the TEE TG.
For adding a pointer to a table placed behind the binary it would be enough. But we should first define requirements in the TEE TG.I think we should also have: