From patchwork Mon Jan 23 09:16:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Peng Fan (OSS)" X-Patchwork-Id: 1730342 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-NXP1-onmicrosoft-com header.b=hhTWFeY1; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P0k333dk9z23gM for ; Mon, 23 Jan 2023 19:36:15 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 04FC585797; Mon, 23 Jan 2023 09:33:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=oss.nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com header.b="hhTWFeY1"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5F65785725; Mon, 23 Jan 2023 09:31:32 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2082.outbound.protection.outlook.com [40.107.15.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8B3CB8576E for ; Mon, 23 Jan 2023 09:30:35 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=oss.nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=peng.fan@oss.nxp.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bi6kT0amDfKY91s8QOlQhuA63KaJSnvKWHJo550Pwnd19k7a2vWCh3ipWmVVBJW8OfMDawu4eAy31FiC8PvDFjCKzVSeSZ2axH/ZK9xe08duGxThFA9ACmoJz41epOwU1rGfZbyma/ZBsnHW3zU4LGpfnnw6jVSxS+MmhZ0ir5369jHVQ7frY7tlbKkLGGoCF1NlvZ2+vpwundOCSfdOOES/EEFYINcIIiXKQtlIpLmE+u6ghW2tkgCZ7uLkMenzdHipsClKJif1NipHOroLqow2PAUGHSiINjh4nTAzLJxS9E6DKIyHjkXHUxAwyIi2g+C6Dpw880wrX6Iqct9i8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MsUKbD0EdvXCnlx/Autsv2Ytsh7lSEU8Du+iPh/pRwg=; b=SbCVrWeFV9ylQBjbnNppwJNFQMb4c+K4hPAq7I4MtZF5S4JprULxH7pWCemML5Ha2kGi+86lKxgOdrrb2D/UplMlIkqYfZGkd7QqUiXIJj3Rfu9i6Rwq0dNg+/w8ip/X+YbdobWQp4MdWLgcnCOy5auqOPJb6xVia4HbeliC0C3+f8xPp39J4m4KmFxHWGJliP9noi+toGI07kyOO0uEIJBCJwY411BKL2eI09/FoqSj72bo6aJAm90ICUkQMikL4LeCRSI4E3VUovYoLZe2F4TzXDM1WTraA5x+Lfn8PlYXdEmLA75UTrb98PX4f+od+MRFdbCo6B+ctQUHrUJyUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oss.nxp.com; dmarc=pass action=none header.from=oss.nxp.com; dkim=pass header.d=oss.nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NXP1.onmicrosoft.com; s=selector2-NXP1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MsUKbD0EdvXCnlx/Autsv2Ytsh7lSEU8Du+iPh/pRwg=; b=hhTWFeY1ZphVnz3KgPTcc92hHZzoM0QLcag992o7aTkBAuFw8LX7PmO8dm8ivI2c8GBmIPbsjv2cMpY7KyMWUSBerdIoYmW+c0c7PbIoZr15LuePjSWgbi3om0XUEjUva7PGSP6ZYn8ypTpNAljLlz5rpMWZaxr75PN4Y56GdAU= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=oss.nxp.com; Received: from DU0PR04MB9417.eurprd04.prod.outlook.com (2603:10a6:10:358::11) by VI1PR04MB6861.eurprd04.prod.outlook.com (2603:10a6:803:13c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Mon, 23 Jan 2023 08:30:31 +0000 Received: from DU0PR04MB9417.eurprd04.prod.outlook.com ([fe80::e203:47be:36e4:c0c3]) by DU0PR04MB9417.eurprd04.prod.outlook.com ([fe80::e203:47be:36e4:c0c3%9]) with mapi id 15.20.6002.033; Mon, 23 Jan 2023 08:30:31 +0000 From: "Peng Fan (OSS)" To: sbabic@denx.de, festevam@gmail.com, "NXP i.MX U-Boot Team" Cc: u-boot@lists.denx.de, Ye Li Subject: [PATCH 39/41] imx8: ahab: use common code Date: Mon, 23 Jan 2023 17:16:58 +0800 Message-Id: <20230123091702.7472-40-peng.fan@oss.nxp.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20230123091702.7472-1-peng.fan@oss.nxp.com> References: <20230123091702.7472-1-peng.fan@oss.nxp.com> X-ClientProxiedBy: SI2PR01CA0047.apcprd01.prod.exchangelabs.com (2603:1096:4:193::10) To DU0PR04MB9417.eurprd04.prod.outlook.com (2603:10a6:10:358::11) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR04MB9417:EE_|VI1PR04MB6861:EE_ X-MS-Office365-Filtering-Correlation-Id: 039e9926-0639-4f60-0e88-08dafd1c1715 X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2BeaZu9bQmGtm0JZrRSDW2SNFBdnMtZ3OmZ1V+D0IT44KzHRUNpPXVnopYEFOJMtndU1jUxtY5YQZ30sSmqy2Pd/6O6jyhhg7Mfaw11FXfIjmZJ63fZ+hRwVARbPRgJZS6027FswXh+tfcV/6Y5gQud8MEPPHvCTIZBlSiKjKqGx6rO8TCMpT4JRtLqJqA3TzoP9PnjPtlbdiZXDG6gfr2TbEm5bPr2l9soTbfWnwb2A2a8mEwU9JTHnAD+1LfNrdNxjSe2MZh8e/uA4ZuLxzBBi+nZbgiqu1i3dvMror0cZc1YZQp2aPOpKSrp7yK3TbBxXTv9oW/mWyhsSzxgAXMUDtXeV1NpJxDlCJEMG+SVyyN/BxIgtS/HkVM41NFpTxmhN/uKhx5HUYwc0UnSAynPh3r86Uw9XV03/E5GAKh0eVAKyt1R3MER+oj75Q5gk9Jq2ZsRt1429XQpcVG2k2afV81c5ZHlmwDzDDmpvC0mS59QArF0VbuIoLseGhk54CDJe3SZbuALm2xMAbJM1W6bQzwvPV26kpJ8cf5VKrXCtwWLeHCAMZmvEF6P8XQOHZqiEe9Je5MgaExYW9FqLm6AatJk6ZPJXpYZJw7qAeQ13GFGUxn0+7UIZp+5Ci7AvpkmosZfjOtZfkiELREKjU1EPeP36z0AypPT+Hjcik9MK8dU8FdLP9VsDnFlWSfT1OS0nCCxAcotQf/7SwqpE6w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR04MB9417.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(376002)(396003)(39850400004)(136003)(346002)(451199015)(1076003)(66946007)(4326008)(6486002)(8676002)(66556008)(66476007)(52116002)(2616005)(6512007)(6666004)(83380400001)(6862004)(5660300002)(8936002)(26005)(41300700001)(186003)(2906002)(6506007)(38100700002)(38350700002)(316002)(478600001)(86362001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +/gDe2j38w1pG2qFeMtdIp6DFzv3uMSUPREw4oenEJQAkIXT/WYCe4fV5aCT+2HPJ7QdUF8yWjmNq3nMCpvWUzFHPHsDoN/CrvaBo5a3X3PvtXJgz0kxXr9aLw2LR2xCqMR/bxwMCnDArhSzKpw/LZLi8+iZCbSeHMeTdLVFvydpu+aaT9wqBoNvQm4YJdi2Nu+wSqCmHxzqf1aubCOl2eb5t99XFPH86V3Bz3hX+4YIxVjIsTz5mZpA+SetTiRmDYQufq2mCKB+Epjvpj8Nxv18ls1jmiMlHl6MolCGSMS/yGt6iLfj6bh1JQEm2g3Pqs3KvACkW6maY6uqikYFHy2UWLVyytay3kinnJwbM9cZHukQE1/P1RqVSk9PZD5ICbJReQRtaszPLWBb8XNpsQUP4zM+qeqwRQLBrnPrlwda4wQGxe7hXA9sQklRKZ8e2g2fXmOv2LZr+XjP8VOKsY8Ur4SIdppL9yTMNCT686feQo8l360By79UnSOixWtcIeDStHFZ9Mil7F4PX1LTbY9yU+Kl8TDf3iXZu0r36pFEYylLVA3xbQs56V7DcqyivQgJ/nna9leDIxWVie8VfYrbKyOHwF/Fi4Wd76rLdOdAZzU0BXSDdc1c92HFdDp/+jxYjkHgptB0jDwjg89efGt6RhBQHIdt4k2hBcwbwiIPx6iK6WecO6IE9dfKqwjHJ2/Ji1dov3Bq2C+ovWsyTqgfPBja2u0bjhwoLWB1jhcLzPxSrnj1hIoT9J4nsjUV7051EEmPV8JQ58y75ustwY4OpZ39gIx06ADUF1WFTHCP+tE3ScaoCGAx/cK2wq3eKsEu25pioNkHE+BtioPcvApX18Ti/QhOkSrDbui4SN/9MtMYtvhqj4BSK+cl/VgSeWCQmJ+lmK2boeaIjNIDEIeC6eAPiHrAKDaGy1vJGA6sjsBTCOi+/UHslLNhXAavNkbC43HmtgEm1enphOtJP2BlHPP0Q7qkBDDPEkhnPccF80tgQ2mWmUzi1zM7vugVfjMBaJDU9SMiUltmKvnjSaIVBBfDAMgf+tUuZr4DTYkhbS43SO+VJu4Eu2JU1vbu1OP3Vw9XjWfSce/WqZu2lQ/7RXqAyRsrd9DFN+nVqykwe6jLpDdg+dwdAB1f1RbpJ9MsL53eCJdiTSsNHDrpAT0SUwGgt6ezjG//AZTLFZ1vx4jo1MTP3Sx5v0H/qdxBt5c5wztMTlO1ierq+JhCHr1i5KlgWr9nwx7jWto3Z/bsZ87roLUQ3MJ6txWAhkZ2AualI6DhyqLdcukKT+Cwx6+duutxwjjwQ8Qll25/VExHNIWKKDdEEHRfH3mOXb7qKvfog//Njsg/FetwX8HkzHXfFbViYdvlpnY4mmfBcUhFsAsiIP/2SwqVIQU1Qv8WGZH4c8V1WMgKw0s4RNkOlkRbBVUmsM8iNtGbnzD1SzYUvWX4GBTu5Garm/KuANOQPH9SRuBYbRWhSaQ7LS3xtpeweEPnnIo1HZn0WRSo/Vd8IOe4AOaZNvO2nEgc/F2I2BhyzNiUqcTQQL3a/21rle/zYRbGTf9zFbJvSqVrcx86VsehOT5+4cvGR7TNIJ0N X-OriginatorOrg: oss.nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 039e9926-0639-4f60-0e88-08dafd1c1715 X-MS-Exchange-CrossTenant-AuthSource: DU0PR04MB9417.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2023 08:30:31.7944 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vdZ5CjUpj/6Mm5YqwT9XQqSaE3hsH0e5C17sA0GiZNk8aUudn8xy2Uxcz6u/dDvS/jVbKas3v/GglusMovuDuw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB6861 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean From: Ye Li Use common interfaces for AHAB authentication operations. Because i.MX8/8ULP/93 could share some common codes for AHAB and SPL container authentication Signed-off-by: Ye Li Signed-off-by: Peng Fan --- arch/arm/mach-imx/imx8/ahab.c | 129 ++++++++++++++++++---------- arch/arm/mach-imx/parse-container.c | 83 ++---------------- 2 files changed, 89 insertions(+), 123 deletions(-) diff --git a/arch/arm/mach-imx/imx8/ahab.c b/arch/arm/mach-imx/imx8/ahab.c index 1ca7b7f2182..f4fbd2b47cc 100644 --- a/arch/arm/mach-imx/imx8/ahab.c +++ b/arch/arm/mach-imx/imx8/ahab.c @@ -16,6 +16,7 @@ #include #include #include +#include DECLARE_GLOBAL_DATA_PTR; @@ -25,6 +26,84 @@ DECLARE_GLOBAL_DATA_PTR; #define SECO_PT 2U +int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length) +{ + int err; + + memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); + + err = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, + SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); + + if (err) + printf("Authenticate container hdr failed, return %d\n", err); + + return err; +} + +int ahab_auth_release(void) +{ + int err; + + err = sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0); + if (err) + printf("Error: release container failed!\n"); + + return err; +} + +int ahab_verify_cntr_image(struct boot_img_t *img, int image_index) +{ + sc_faddr_t start, end; + sc_rm_mr_t mr; + int err; + int ret = 0; + + debug("img %d, dst 0x%llx, src 0x%x, size 0x%x\n", + image_index, img->dst, img->offset, img->size); + + /* Find the memreg and set permission for seco pt */ + err = sc_rm_find_memreg(-1, &mr, + img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), + ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1); + + if (err) { + printf("Not find memreg for image load address 0x%llx, error %d\n", img->dst, err); + return -ENOMEM; + } + + err = sc_rm_get_memreg_info(-1, mr, &start, &end); + if (!err) + debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); + + err = sc_rm_set_memreg_permissions(-1, mr, + SECO_PT, SC_RM_PERM_FULL); + if (err) { + printf("Set permission failed for img %d, error %d\n", + image_index, err); + return -EPERM; + } + + err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, + 1 << image_index); + if (err) { + printf("Authenticate img %d failed, return %d\n", + image_index, err); + ret = -EIO; + } + + err = sc_rm_set_memreg_permissions(-1, mr, + SECO_PT, SC_RM_PERM_NONE); + if (err) { + printf("Remove permission failed for img %d, error %d\n", + image_index, err); + ret = -EPERM; + } + + return ret; +} + static inline bool check_in_dram(ulong addr) { int i; @@ -46,8 +125,6 @@ int authenticate_os_container(ulong addr) struct container_hdr *phdr; int i, ret = 0; int err; - sc_rm_mr_t mr; - sc_faddr_t start, end; u16 length; struct boot_img_t *img; unsigned long s, e; @@ -76,14 +153,9 @@ int authenticate_os_container(ulong addr) length = phdr->length_lsb + (phdr->length_msb << 8); debug("container length %u\n", length); - memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)addr, - ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); - err = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, - SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); + err = ahab_auth_cntr_hdr(phdr, length); if (err) { - printf("Authenticate container hdr failed, return %d\n", - err); ret = -EIO; goto exit; } @@ -105,50 +177,13 @@ int authenticate_os_container(ulong addr) flush_dcache_range(s, e); - /* Find the memreg and set permission for seco pt */ - err = sc_rm_find_memreg(-1, &mr, s, e - 1); - if (err) { - printf("Error: can't find memreg for image load address 0x%llx, error %d\n", img->dst, err); - ret = -ENOMEM; - goto exit; - } - - err = sc_rm_get_memreg_info(-1, mr, &start, &end); - if (!err) - debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); - - err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, - SC_RM_PERM_FULL); - if (err) { - printf("Set permission failed for img %d, error %d\n", - i, err); - ret = -EPERM; - goto exit; - } - - err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, - (1 << i)); - if (err) { - printf("Authenticate img %d failed, return %d\n", - i, err); - ret = -EIO; - } - - err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, - SC_RM_PERM_NONE); - if (err) { - printf("Remove permission failed for img %d, err %d\n", - i, err); - ret = -EPERM; - } - + ret = ahab_verify_cntr_image(img, i); if (ret) goto exit; } exit: - if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0) != SC_ERR_NONE) - printf("Error: release container failed!\n"); + ahab_auth_release(); return ret; } diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c index a4214d53768..5f87b6c202c 100644 --- a/arch/arm/mach-imx/parse-container.c +++ b/arch/arm/mach-imx/parse-container.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018-2019 NXP + * Copyright 2018-2021 NXP */ #include @@ -9,67 +9,7 @@ #include #include #ifdef CONFIG_AHAB_BOOT -#include -#endif - -#define SEC_SECURE_RAM_BASE 0x31800000UL -#define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) -#define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE 0x60000000UL - -#define SECO_PT 2U - -#ifdef CONFIG_AHAB_BOOT -static int authenticate_image(struct boot_img_t *img, int image_index) -{ - sc_faddr_t start, end; - sc_rm_mr_t mr; - int err; - int ret = 0; - - debug("img %d, dst 0x%x, src 0x%x, size 0x%x\n", - image_index, (uint32_t)img->dst, img->offset, img->size); - - /* Find the memreg and set permission for seco pt */ - err = sc_rm_find_memreg(-1, &mr, - img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), - ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1); - - if (err) { - printf("can't find memreg for image %d load address 0x%x, error %d\n", - image_index, img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), err); - return -ENOMEM; - } - - err = sc_rm_get_memreg_info(-1, mr, &start, &end); - if (!err) - debug("memreg %u 0x%x -- 0x%x\n", mr, start, end); - - err = sc_rm_set_memreg_permissions(-1, mr, - SECO_PT, SC_RM_PERM_FULL); - if (err) { - printf("set permission failed for img %d, error %d\n", - image_index, err); - return -EPERM; - } - - err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, - 1 << image_index); - if (err) { - printf("authenticate img %d failed, return %d\n", - image_index, err); - ret = -EIO; - } - - err = sc_rm_set_memreg_permissions(-1, mr, - SECO_PT, SC_RM_PERM_NONE); - if (err) { - printf("remove permission failed for img %d, error %d\n", - image_index, err); - ret = -EPERM; - } - - return ret; -} +#include #endif static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, @@ -110,10 +50,8 @@ static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, } #ifdef CONFIG_AHAB_BOOT - if (authenticate_image(&images[image_index], image_index)) { - printf("Failed to authenticate image %d\n", image_index); + if (ahab_verify_cntr_image(&images[image_index], image_index)) return NULL; - } #endif return &images[image_index]; @@ -168,15 +106,9 @@ static int read_auth_container(struct spl_image_info *spl_image, } #ifdef CONFIG_AHAB_BOOT - memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, - ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); - - ret = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, - SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); - if (ret) { - printf("authenticate container hdr failed, return %d\n", ret); - return ret; - } + ret = ahab_auth_cntr_hdr(container, length); + if (ret) + goto end_auth; #endif for (i = 0; i < container->num_images; i++) { @@ -197,8 +129,7 @@ static int read_auth_container(struct spl_image_info *spl_image, end_auth: #ifdef CONFIG_AHAB_BOOT - if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0)) - printf("Error: release container failed!\n"); + ahab_auth_release(); #endif return ret; }