diff mbox

[U-Boot,RESEND,2/9] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs

Message ID 20170224125946.7500-3-afd@ti.com
State Superseded
Delegated to: Tom Rini
Headers show

Commit Message

Andrew Davis Feb. 24, 2017, 12:59 p.m. UTC 
From: Vitaly Andrianov <vitalya@ti.com>

This commit implements the board_fit_image_post_process() function for
the keystone architecture. This function calls into the secure boot
monitor for secure authentication/decryption of the image. All needed
work is handled by the boot monitor and, depending on the keystone
platform, the security functions may be offloaded to other secure
processing elements in the SoC.

The boot monitor acts as the gateway to these secure functions and the
boot monitor for secure devices is available as part of the SECDEV
package for KS2. For more details refer doc/README.ti-secure

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Madan Srinivas <madans@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/mach-keystone/mon.c | 73 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

Comments

Tom Rini Feb. 27, 2017, 3:18 p.m. UTC | #1 
On Fri, Feb 24, 2017 at 06:59:39AM -0600, Andrew F. Davis wrote:

> From: Vitaly Andrianov <vitalya@ti.com>
> 
> This commit implements the board_fit_image_post_process() function for
> the keystone architecture. This function calls into the secure boot
> monitor for secure authentication/decryption of the image. All needed
> work is handled by the boot monitor and, depending on the keystone
> platform, the security functions may be offloaded to other secure
> processing elements in the SoC.
> 
> The boot monitor acts as the gateway to these secure functions and the
> boot monitor for secure devices is available as part of the SECDEV
> package for KS2. For more details refer doc/README.ti-secure
> 
> Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
> Signed-off-by: Madan Srinivas <madans@ti.com>
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>
diff mbox

Patch

diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
index 256f6300ed..81009848d0 100644
--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -10,6 +10,7 @@ 
 #include <common.h>
 #include <command.h>
 #include <mach/mon.h>
+#include <spl.h>
 asm(".arch_extension sec\n\t");
 
 int mon_install(u32 addr, u32 dpsc, u32 freq)
@@ -61,3 +62,75 @@  int mon_power_off(int core_id)
 		: "cc", "r0", "r1", "memory");
 	return  result;
 }
+
+#ifdef CONFIG_TI_SECURE_DEVICE
+#define KS2_HS_SEC_HEADER_LEN	0x60
+#define KS2_HS_SEC_TAG_OFFSET	0x34
+#define KS2_AUTH_CMD		130
+
+/**
+ * k2_hs_bm_auth() - Invokes security functions using a
+ * proprietary TI interface. This binary and source for
+ * this is available in the secure development package or
+ * SECDEV. For details on how to access this please refer
+ * doc/README.ti-secure
+ *
+ * @cmd: Secure monitor command
+ * @arg1: Argument for command
+ *
+ * returns non-zero value on success, zero on error
+ */
+static int k2_hs_bm_auth(int cmd, void *arg1)
+{
+	int result;
+
+	asm volatile (
+		"stmfd  r13!, {r4-r12, lr}\n"
+		"mov r0, %1\n"
+		"mov r1, %2\n"
+		"smc #2\n"
+		"ldmfd r13!, {r4-r12, lr}\n"
+		: "=&r" (result)
+		: "r" (cmd), "r" (arg1)
+		: "cc", "r0", "r1", "memory");
+
+	return  result;
+}
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+	int result = 0;
+	void *image = *p_image;
+
+	if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) {
+		printf("No signature found in image!\n");
+		hang();
+	}
+
+	result = k2_hs_bm_auth(KS2_AUTH_CMD, image);
+	if (result == 0) {
+		printf("Authentication failed!\n");
+		hang();
+	}
+
+	/*
+	* Overwrite the image headers after authentication
+	* and decryption. Update size to reflect removal
+	* of header.
+	*/
+	memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size);
+	*p_size -= KS2_HS_SEC_HEADER_LEN;
+
+	/*
+	 * Output notification of successful authentication to re-assure the
+	 * user that the secure code is being processed as expected. However
+	 * suppress any such log output in case of building for SPL and booting
+	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
+	 * protocol transactions.
+	 */
+	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
+	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
+	      spl_boot_device() == BOOT_DEVICE_UART))
+		printf("Authentication passed\n");
+}
+#endif