SEC-Solution-Training-doc-uboot-mr-structure

©2011SamsungElectronicsCo,Ltd.Allrightsreserved.u-bootmr1structureWARNINGNopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyanymeans,electricormechanical,byphotocopying,recording,orotherwise,withoutthepriorwrittenconsentofSamsung.Thispublicationisintendedforusebydesignatedrecipientsonly.Thispublicationcontainsconfidentialinformation(includingtradesecrets)ofSamsungprotectedbyCompetitionLaw,TradeSecretsProtectionActandotherrelatedlaws,andthereforemaynotbe,inpartorinwhole,directlyorindirectlypublicized,distributed,photocopiedorused(includinginapostingontheInternetwhereunspecifiedaccessispossible)byanyunauthorizedthirdparty.SamsungreservesitsrighttotakeanyandallmeasuresbothinequityandlawavailabletoitandclaimfulldamagesagainstanypartythatmisappropriatesSamsung’stradesecretsand/orconfidentialinformation.Rev.0.00,Nov.2012TrainingDocumentSAMSUNGConfidentialRev.0.0SamsungConfidential•Overview•BootingFlowChart•FunctionsofISP•FeatureList•ArchitectureofISPSolution•AndroidHAL•H/WDesignGuide•ProcessofTechnicalSupport2/TotalIndexSAMSUNGConfidentialRev.0.0SamsungConfidential3/TotalOverviewSAMSUNGConfidentialRev.0.0SamsungConfidential4/TotaliROMbootingflowchartSAMSUNGConfidentialRev.0.0SamsungConfidentialBL1bootingflowchart5/TotalSAMSUNGConfidentialRev.0.0SamsungConfidentialBL2bootingflowchart6/TotalSAMSUNGConfidentialRev.0.0SamsungConfidential7Definition•SecureBoot?–Purpose•Preventthebootloader/kernel/androidimagefrombeingchangedwithanimagewhichcanbeusedformaliciouspurpose–How•Encrypt/Decrypttheimageusingpublic/privatekey–RSA(Rivest-Shamir-Adleman)Public-KeyEncryptionAlgorithm–AES(AdvancedEncryptionStandard)BlockEncryptionAlgorithmSAMSUNGConfidentialRev.0.0SamsungConfidential8BootSequence:Normal•NormalBootSequencePowerONRuntheiROMCodeiROMloadstheBL1binarywhichwasstoredinthebootdeviceintotheiRAMJumpintothestartaddressofBL2BL2loadsthebootloaderwhichwasstoredinthebootdeviceintotheDRAMJumpintothestartaddressofBL1BL1loadstheBL2binarywhichwasstoredinthebootdeviceintotheiRAMSAMSUNGConfidentialRev.0.0SamsungConfidential9BootSequence:SecurityFeatured•SecurityFeaturedBootSequenceBootFailurePowerONRuntheiROMCodeiROMloadstheBL1binarywhichwasstoredinthebootdeviceintotheiRAMiROMverifytheintegrityofBL1binaryiROMdecrypttheBL1binaryJumpintothestartaddressofBL2BL2loadsthebootloaderwhichwasstoredinthebootdeviceintotheDRAMJumpintothestartaddressofBL1BL1loadstheBL2binarywhichwasstoredinthebootdeviceintotheiRAMBL1checkstheintegrityofBL2binaryBL2checkstheintegrityofbootloaderSAMSUNGConfidentialRev.0.0SamsungConfidential10BL1•SignedBL1BinaryStructureEncryptedBL1BinarySignatureHeaderBL1_SASecureBootContextInformation▪Customer’sPublicKey2▪Signature▪Samsung’sPublicKey1BL1HeaderInformation▪Numberofsector(BL1Size)▪ChecksumvalueSBL1_SZHDR_SZEBL1_SZSIG_SZBL1StartAddress(BL1_SA)HeaderSize(HDR_SZ)EncryptedBL1Size(EBL1_SZ)SignatureSize(SIG_SZ)SignedBL1Size(SBL1_SZ)uboot02021400h16Byte7152Byte1024Byte8KBuboot_mr102021400h16Byte14336Byte1024Byte15KBSAMSUNGConfidentialRev.0.0SamsungConfidential11BL2•SignedBL2BinaryStructureBL2BinarySignatureBL2_SASBL2_SZChecksumBL2_SA+BL2_SZPaddingBL2_SA+BL2_SZ+CKS_SZBL2_SZCKS_SZSIG_SZBL2StartAddress(BL1_SA)BL2Size(HDR_SZ)CheckSumSize(CKS_SZ)SignatureSize(SIG_SZ)SignedBL2Size(SBL2_SZ)uboot02023400h14332Byte4Byte256Byte16KBuboot_mr102025000h14332Byte4Byte256Byte16KBSAMSUNGConfidentialRev.0.0SamsungConfidential12InternalMemoryMap•Exynos4412BL1Region–7168BCore1_jump,ProductID,FunctionPointerBL2Region–14336BBL1signature(stage1key)-1024BBL2signature(stage2key)–2048B02027400h02026C00h02023400h02023000h02020000h02021400h8KB16KB5KBBL1Region–14336BCore1_jump,ProductID,FunctionPointerBL2Region–14336BBL1signature(stage1key)-1024BBL2signature(stage2key)–2048B02029000h02028800h02025000h02024C00h02020000h02021400h15KB16KB5KB•Exynos4412PrimeSAMSUNGConfidentialRev.0.0SamsungConfidentialBootloaderConclusion[1]CodeSigner_V21-v2.1Exynos4412-STAGE2_KEYGEN-Exynos4412_V21.prv+Exynos4412_V21.spk[2]BL1:RealsebinarycodebyHQ[sbl1]publickey+rawBL1binary-encryptedbinaryfile8K15K[3]BL2:1)split-b14336u-boot.binbl2(14336=14K)2)1-wordChecksum:$(tc4_uboot)/sdfuse_q/chksum.c3)Signature:useExynos4412_V21.prv(+256B)4)Addpaddingto16384=16K13SAMSUNGConfidentialRev.0.0SamsungConfidentialBootloaderConclusion[4]uboot.binAddpaddinguboot.bin335872=328K[5]TrustZone=92K156KBL1(15K)+BL2(16K)+uboot.bin(328K)+TZ(156K)=u-boot-mr-exynos4412-evt2-efused-tz.bin(515K)14TZSW(156K)SAMSUNGConfidentialRev.0.0SamsungConfidentialNewSBL1&TZSWFeature•15KSBL1fixtheLPAbug(HQ,SSCR没有重现过)support156KTZSW•156KTZSWsupport2GDRAM寄存器的访问策略Kernel15SAMSUNGConfidentialRev.0.0SamsungConfidential1616u-bootBootSequenceSAMSUNGConfidentialRev.0.0SamsungConfidentialuboot_mr1•u-bootversion2010.032010.12代码结构不变(函数的名称,接口)17SAMSUNGConfidentialRev.0.0SamsungConfidentialuboot_mr1•文件目录结构上的主要改变:把处理器架构体系相关的内容合并,移到arch目录下.lib_xxx/arch/xxx/lib/cpu/xxx/arch/xxx/cpu/include/asm-xxx/arch/xxx/include/lib_[arch]通用lib/•移植工作主要在arch/xxx和board目录(以前是cpu/xxx/和board)18SAM