From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C4F13C433EF for ; Fri, 15 Jul 2022 16:34:59 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4E30583445; Fri, 15 Jul 2022 18:34:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="CzDM4i/u"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 57DB483660; Fri, 15 Jul 2022 18:34:43 +0200 (CEST) Received: from lelv0143.ext.ti.com (lelv0143.ext.ti.com [198.47.23.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 952738210C for ; Fri, 15 Jul 2022 18:34:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=afd@ti.com Received: from lelv0265.itg.ti.com ([10.180.67.224]) by lelv0143.ext.ti.com (8.15.2/8.15.2) with ESMTP id 26FGYbTA058812; Fri, 15 Jul 2022 11:34:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1657902877; bh=epNNbWq05x9JfIoI6UZT1Y9Slu748hbbXNlp7zpPORM=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=CzDM4i/u7ARp5pRaIzpwXpxHrvUGb/MsNmC/xezjtycnQuleylyQYFch1wlI3Cwhs I6iWziyaxLfvOm0hS9dQudD3dFRIM4UNVWjTA6TTSlQhB0cU2uaki3JDChL+5l9T20 gDNmxLaKnJVnpSYq6eWcAyKLZkEYYxypHAWjNXGA= Received: from DFLE113.ent.ti.com (dfle113.ent.ti.com [10.64.6.34]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 26FGYbhw016932 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 15 Jul 2022 11:34:37 -0500 Received: from DFLE107.ent.ti.com (10.64.6.28) by DFLE113.ent.ti.com (10.64.6.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14; Fri, 15 Jul 2022 11:34:37 -0500 Received: from lelv0327.itg.ti.com (10.180.67.183) by DFLE107.ent.ti.com (10.64.6.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14 via Frontend Transport; Fri, 15 Jul 2022 11:34:36 -0500 Received: from ula0226330.dal.design.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by lelv0327.itg.ti.com (8.15.2/8.15.2) with ESMTP id 26FGYZe8103933; Fri, 15 Jul 2022 11:34:36 -0500 From: Andrew Davis To: Simon Glass , Tom Rini , CC: Andrew Davis Subject: [PATCH 3/4] arm: mach-k3: security: Bypass image signing at runtime for GP devices Date: Fri, 15 Jul 2022 11:34:34 -0500 Message-ID: <20220715163435.1725-3-afd@ti.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220715163435.1725-1-afd@ti.com> References: <20220715163435.1725-1-afd@ti.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean We can skip the image authentication check at runtime if the device is GP. This reduces the delta between GP and HS U-Boot builds. End goal is to re-unify the two build types into one build that can run on all device types. Signed-off-by: Andrew Davis --- arch/arm/mach-k3/Makefile | 3 +-- arch/arm/mach-k3/common.c | 2 -- arch/arm/mach-k3/security.c | 3 +++ 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile index 8459bef93b..1c4a328af7 100644 --- a/arch/arm/mach-k3/Makefile +++ b/arch/arm/mach-k3/Makefile @@ -10,9 +10,8 @@ obj-$(CONFIG_SOC_K3_AM642) += am642_init.o obj-$(CONFIG_SOC_K3_AM625) += am625_init.o am62x/ obj-$(CONFIG_ARM64) += arm64-mmu.o obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o -obj-$(CONFIG_TI_SECURE_DEVICE) += security.o obj-$(CONFIG_ARM64) += cache.o ifeq ($(CONFIG_SPL_BUILD),y) obj-$(CONFIG_K3_LOAD_SYSFW) += sysfw-loader.o endif -obj-y += common.o +obj-y += common.o security.o diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c index ac14975694..3962f2800f 100644 --- a/arch/arm/mach-k3/common.c +++ b/arch/arm/mach-k3/common.c @@ -290,9 +290,7 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image, } #endif -#if IS_ENABLED(CONFIG_TI_SECURE_DEVICE) ti_secure_image_post_process(p_image, p_size); -#endif } #endif diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c index 5bfcecd44d..add7f413a4 100644 --- a/arch/arm/mach-k3/security.c +++ b/arch/arm/mach-k3/security.c @@ -41,6 +41,9 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size) image_addr = (uintptr_t)*p_image; image_size = *p_size; + if (!image_size || get_device_type() == K3_DEVICE_TYPE_GP) + return; + if (get_device_type() != K3_DEVICE_TYPE_HS_SE && !ti_secure_cert_detected(*p_image)) { printf("Warning: Did not detect image signing certificate. " -- 2.36.1