From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Murphy Date: Mon, 29 Aug 2016 11:22:36 -0500 Subject: [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs In-Reply-To: <1472193016-77388-4-git-send-email-madans@ti.com> References: <1472193016-77388-1-git-send-email-madans@ti.com> <1472193016-77388-4-git-send-email-madans@ti.com> Message-ID: <57C4614C.2020001@ti.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 08/26/2016 01:30 AM, Madan Srinivas wrote: > From: Vitaly Andrianov > > This commit implements the board_fit_image_post_process() function for > the keystone architecture. Unlike OMAP class devices, security > functions in keystone are not handled in the ROM. > The interface to the secure functions is TI proprietary and depending > on the keystone platform, the security functions like encryption, > decryption and authentication might even be offloaded to other secure > processing elements in the SoC. > The boot monitor acts as the gateway to these secure functions and the > boot monitor for secure devices is available as part of the SECDEV > package for KS2. For more details refer doc/README.ti-secure > > Signed-off-by: Vitaly Andrianov > Signed-off-by: Madan Srinivas > --- > > arch/arm/mach-keystone/mon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 53 insertions(+) > > diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c > index 256f630..b4a6f1c 100644 > --- a/arch/arm/mach-keystone/mon.c > +++ b/arch/arm/mach-keystone/mon.c > @@ -12,10 +12,31 @@ > #include > asm(".arch_extension sec\n\t"); > > +#ifdef CONFIG_TI_SECURE_DEVICE > +#define KS2_HS_AUTH_FN_OFFSET 8 > +#define KS2_HS_SEC_HEADER_LEN 0x60 > +#define KS2_AUTH_CMD "2" > +/** > + * (*fn_auth)() - Invokes security functions using a > + * proprietary TI interface. This binary and source for > + * this is available in the secure development package or > + * SECDEV. For details on how to access this please refer > + * doc/README.ti-secure > + * > + * @first param: no. of parameters > + * @second param: parameter list > + * @return non-zero value on success, zero on error > + */ > +static unsigned int (*fn_auth)(int, char * const []); > +#endif > + > int mon_install(u32 addr, u32 dpsc, u32 freq) > { > int result; > > +#ifdef CONFIG_TI_SECURE_DEVICE > + fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET); > +#endif > __asm__ __volatile__ ( > "stmfd r13!, {lr}\n" > "mov r0, %1\n" > @@ -61,3 +82,35 @@ int mon_power_off(int core_id) > : "cc", "r0", "r1", "memory"); > return result; > } > + > +#ifdef CONFIG_TI_SECURE_DEVICE > +static void k2_hs_auth(void *addr) > +{ > + char *argv1 = KS2_AUTH_CMD; > + char argv2[32]; > + char *argv[3] = {NULL, argv1, argv2}; > + int ret; > + > + sprintf(argv2, "0x%08x", (u32)addr); > + ret = fn_auth(3, argv); > + > + if (ret == 0) { Can this be if (!ret)? > + printf("FAIL!!!\n"); /* remove form production code */ Wouldn't this be production code? If this print is intended to stay the s/form/from Dan > + hang(); > + } > +} > + > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + void *dst = *p_image; > + void *src = dst + KS2_HS_SEC_HEADER_LEN; > + > + k2_hs_auth(*p_image); > + > + /* > + * Overwrite the image headers after authentication > + * and decryption. Move the image to its run address > + */ > + memcpy(dst, src, *p_size - KS2_HS_SEC_HEADER_LEN); > +} > +#endif -- ------------------ Dan Murphy