From patchwork Mon Jul 17 17:59:15 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrew Davis <afd@ti.com>
X-Patchwork-Id: 789651
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3xBB2F3LwSz9sRg
	for <incoming@patchwork.ozlabs.org>;
	Tue, 18 Jul 2017 04:01:56 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ti.com header.i=@ti.com header.b="jtqFeJco";
	dkim-atps=neutral
Received: by lists.denx.de (Postfix, from userid 105)
	id 6B41FC21EA7; Mon, 17 Jul 2017 18:00:19 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id AE48DC21E54;
	Mon, 17 Jul 2017 17:59:23 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id AAEF6C21BE5; Mon, 17 Jul 2017 17:59:19 +0000 (UTC)
Received: from lelnx193.ext.ti.com (lelnx193.ext.ti.com [198.47.27.77])
	by lists.denx.de (Postfix) with ESMTPS id B44BCC21C2D
	for <u-boot@lists.denx.de>; Mon, 17 Jul 2017 17:59:18 +0000 (UTC)
Received: from dlelxv90.itg.ti.com ([172.17.2.17])
	by lelnx193.ext.ti.com (8.15.1/8.15.1) with ESMTP id v6HHxHQ7018190;
	Mon, 17 Jul 2017 12:59:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ti.com;
	s=ti-com-17Q1; t=1500314357;
	bh=RuRyA4SJA9m5OMV2DiMCVwyz3NnkLpCBq0ceRQpjoY0=;
	h=From:To:CC:Subject:Date:In-Reply-To:References;
	b=jtqFeJcoAayONUYHWf9fPEB4xpnC9TPSS7XOHdHaetPCyKiCtoR/vYMa5Ivk+gL+o
	lpaE0FqfJzK9L81/j9ICjTfq0LEDSsH5AcsS3L5bNwW9cUwCLVWe9CJKP7i/sw+A35
	GaXUDx1aR9/mTTSWDJ8JO1sv6IQlQ6lWGONDZhHo=
Received: from DLEE71.ent.ti.com (dlee71.ent.ti.com [157.170.170.114])
	by dlelxv90.itg.ti.com (8.14.3/8.13.8) with ESMTP id v6HHxHOJ020990;
	Mon, 17 Jul 2017 12:59:17 -0500
Received: from dflp33.itg.ti.com (10.64.6.16) by DLEE71.ent.ti.com
	(157.170.170.114) with Microsoft SMTP Server id 14.3.294.0;
	Mon, 17 Jul 2017 12:59:16 -0500
Received: from legion.dal.design.ti.com (legion.dal.design.ti.com
	[128.247.22.53])	by dflp33.itg.ti.com (8.14.3/8.13.8) with ESMTP id
	v6HHxGH3014318;	Mon, 17 Jul 2017 12:59:16 -0500
Received: from localhost (uda0226330.dhcp.ti.com [128.247.58.236])	by
	legion.dal.design.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id
	v6HHxG323546; Mon, 17 Jul 2017 12:59:16 -0500 (CDT)
From: "Andrew F. Davis" <afd@ti.com>
To: Tom Rini <trini@konsulko.com>, Lokesh Vutla <lokeshvutla@ti.com>
Date: Mon, 17 Jul 2017 12:59:15 -0500
Message-ID: <20170717175915.12898-5-afd@ti.com>
X-Mailer: git-send-email 2.13.0
In-Reply-To: <20170717175915.12898-1-afd@ti.com>
References: <20170717175915.12898-1-afd@ti.com>
MIME-Version: 1.0
Cc: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 4/4] arm: mach-keystone: Updates mon_install for
	K2G HS
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

From: Madan Srinivas <madans@ti.com>

On early K2 devices (eg. K2HK) the secure ROM code does not support
loading secure code to firewall protected memory, before decrypting,
authenticating and executing it.

To load the boot monitor on these devices, it is necessary to first
authenticate and run a copy loop from non-secure memory that copies
the boot monitor behind firewall protected memory, before decrypting
and executing it.

On K2G, the secure ROM does not allow secure code executing from
unprotected memory. Further, ROM first copies the signed and encrypted
image into firewall protected memory, then decrypts, authenticates
and executes it.

As a result of this, we cannot use the copy loop for K2G. The
mon_install has to be modified to pass the address the signed and
encrypted secure boot monitor image to the authentication API.

For backward compatibility with other K2 devices and K2G GP,
the mon_install API still supports a single argument. In this case
the second argument is set to 0 by u-boot and is ignored by ROM

Signed-off-by: Thanh Tran <thanh-tran@ti.com>
Signed-off-by: Madan Srinivas <madans@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
---
 arch/arm/mach-keystone/cmd_mon.c          | 8 ++++++--
 arch/arm/mach-keystone/include/mach/mon.h | 2 +-
 arch/arm/mach-keystone/mon.c              | 7 ++++---
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/arch/arm/mach-keystone/cmd_mon.c b/arch/arm/mach-keystone/cmd_mon.c
index 591e75826b..c2525bd756 100644
--- a/arch/arm/mach-keystone/cmd_mon.c
+++ b/arch/arm/mach-keystone/cmd_mon.c
@@ -19,6 +19,7 @@ static int do_mon_install(cmd_tbl_t *cmdtp, int flag, int argc,
 	u32 addr, dpsc_base = 0x1E80000, freq, load_addr, size;
 	int     rcode = 0;
 	struct image_header *header;
+	u32 ecrypt_bm_addr = 0;
 
 	if (argc < 2)
 		return CMD_RET_USAGE;
@@ -39,14 +40,17 @@ static int do_mon_install(cmd_tbl_t *cmdtp, int flag, int argc,
 	memcpy((void *)load_addr, (void *)(addr + sizeof(struct image_header)),
 	       size);
 
-	rcode = mon_install(load_addr, dpsc_base, freq);
+	if (argc >=  3)
+		ecrypt_bm_addr = simple_strtoul(argv[2], NULL, 16);
+
+	rcode = mon_install(load_addr, dpsc_base, freq, ecrypt_bm_addr);
 	printf("## installed monitor @ 0x%x, freq [%d], status %d\n",
 	       load_addr, freq, rcode);
 
 	return 0;
 }
 
-U_BOOT_CMD(mon_install, 2, 0, do_mon_install,
+U_BOOT_CMD(mon_install, 3, 0, do_mon_install,
 	   "Install boot kernel at 'addr'",
 	   ""
 );
diff --git a/arch/arm/mach-keystone/include/mach/mon.h b/arch/arm/mach-keystone/include/mach/mon.h
index eb7aa938af..30c57e0f8f 100644
--- a/arch/arm/mach-keystone/include/mach/mon.h
+++ b/arch/arm/mach-keystone/include/mach/mon.h
@@ -10,7 +10,7 @@
 #ifndef _MACH_MON_H_
 #define _MACH_MON_H_
 
-int mon_install(u32 addr, u32 dpsc, u32 freq);
+int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr);
 int mon_power_on(int core_id, void *ep);
 int mon_power_off(int core_id);
 
diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
index ebfb483a1b..7076a2a67b 100644
--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -13,7 +13,7 @@
 #include <spl.h>
 asm(".arch_extension sec\n\t");
 
-int mon_install(u32 addr, u32 dpsc, u32 freq)
+int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr)
 {
 	int result;
 
@@ -22,11 +22,12 @@ int mon_install(u32 addr, u32 dpsc, u32 freq)
 		"mov r0, %1\n"
 		"mov r1, %2\n"
 		"mov r2, %3\n"
+		"mov r3, %4\n"
 		"blx r0\n"
 		"ldmfd r13!, {lr}\n"
 		: "=&r" (result)
-		: "r" (addr), "r" (dpsc), "r" (freq)
-		: "cc", "r0", "r1", "r2", "memory");
+		: "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr)
+		: "cc", "r0", "r1", "r2", "r3", "memory");
 	return result;
 }