[U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs

[Madan Srinivas <madans@ti.com>]

From: Vitaly Andrianov <vitalya@ti.com>

This commit implements the board_fit_image_post_process() function for
the keystone architecture. Unlike OMAP class devices, security
functions in keystone are not handled in the ROM.
The interface to the secure functions is TI proprietary and depending
on the keystone platform, the security functions like encryption,
decryption and authentication might even be offloaded to other secure
processing elements in the SoC.
The boot monitor acts as the gateway to these secure functions and the
boot monitor for secure devices is available as part of the SECDEV
package for KS2. For more details refer doc/README.ti-secure

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Madan Srinivas <madans@ti.com>

Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Dan Murphy <dmurphy@ti.com>
---

Changes in v2:
- The following changes are  made to mon.c based on review comments
	Adds NULL pointer check before calling authentication interface
	Removes an unnecessary printf
	Updates size of signed FIT blob after post processing removes header

 arch/arm/mach-keystone/mon.c | 55 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
index 256f630..6b79077 100644
--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -12,10 +12,31 @@
 #include <mach/mon.h>
 asm(".arch_extension sec\n\t");
 
+#ifdef CONFIG_TI_SECURE_DEVICE
+#define KS2_HS_AUTH_FN_OFFSET	8
+#define KS2_HS_SEC_HEADER_LEN	0x60
+#define KS2_AUTH_CMD		"2"
+/**
+ * (*fn_auth)() - Invokes security functions using a
+ * proprietary TI interface. This binary and source for
+ * this is available in the secure development package or
+ * SECDEV. For details on how to access this please refer
+ * doc/README.ti-secure
+ *
+ * @first param:	no. of parameters
+ * @second param:	parameter list
+ * @return non-zero value on success, zero on error
+ */
+static unsigned int (*fn_auth)(int, char * const []);
+#endif
+
 int mon_install(u32 addr, u32 dpsc, u32 freq)
 {
 	int result;
 
+#ifdef CONFIG_TI_SECURE_DEVICE
+	fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET);
+#endif
 	__asm__ __volatile__ (
 		"stmfd r13!, {lr}\n"
 		"mov r0, %1\n"
@@ -61,3 +82,37 @@ int mon_power_off(int core_id)
 		: "cc", "r0", "r1", "memory");
 	return  result;
 }
+
+#ifdef CONFIG_TI_SECURE_DEVICE
+static void k2_hs_auth(void *addr)
+{
+	char *argv1 = KS2_AUTH_CMD;
+	char argv2[32];
+	char *argv[3] = {NULL, argv1, argv2};
+	int ret = 0;
+
+	sprintf(argv2, "0x%08x", (u32)addr);
+
+	if (fn_auth)
+		ret = fn_auth(3, argv);
+
+	if (ret == 0)
+		hang();
+}
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+	void *dst = *p_image;
+	void *src = dst + KS2_HS_SEC_HEADER_LEN;
+
+	k2_hs_auth(*p_image);
+
+	/*
+	* Overwrite the image headers  after authentication
+	* and decryption. Update size to relect removal
+	* of header.
+	*/
+	*p_size -= KS2_HS_SEC_HEADER_LEN;
+	memcpy(dst, src, *p_size);
+}
+#endif
-- 
2.7.4