From patchwork Thu Feb 21 22:35:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046487 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="tpxelpgF"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458TR5hdjz9s6w for ; Fri, 22 Feb 2019 09:36:27 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 7461BC21E4F; Thu, 21 Feb 2019 22:36:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 75FB2C21E6C; Thu, 21 Feb 2019 22:35:23 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A9AACC21E02; Thu, 21 Feb 2019 22:35:20 +0000 (UTC) Received: from fllv0016.ext.ti.com (fllv0016.ext.ti.com [198.47.19.142]) by lists.denx.de (Postfix) with ESMTPS id 65ED5C21C4A for ; Thu, 21 Feb 2019 22:35:19 +0000 (UTC) Received: from fllv0035.itg.ti.com ([10.64.41.0]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZFwJ084189; Thu, 21 Feb 2019 16:35:15 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788515; bh=d02RsfGUOECSMaNx+z35BTi4fKrpSgell8ixbZjPgeY=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=tpxelpgFKGsjJd7KPzb6XoR69o2a5nm8sGHBHMJVrc70Xq7Yw84AKP4RDU9AFsfDl QfBylub1n9LJIEjgAF0Ba7ycqeO6PXc+iGNU4N4SzFL3VWA06tfrvSFQiTM82pa3FV QKUOvGqtgI3o9q7QF8W4f6MMmSKtth+6L5Bhh6j8= Received: from DFLE106.ent.ti.com (dfle106.ent.ti.com [10.64.6.27]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZFPN032293 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:15 -0600 Received: from DFLE100.ent.ti.com (10.64.6.21) by DFLE106.ent.ti.com (10.64.6.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:15 -0600 Received: from dflp33.itg.ti.com (10.64.6.16) by DFLE100.ent.ti.com (10.64.6.21) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:15 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dflp33.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZF9i027221; Thu, 21 Feb 2019 16:35:15 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZEU08561; Thu, 21 Feb 2019 16:35:14 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:06 -0600 Message-ID: <20190221223512.8310-2-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it. Signed-off-by: Andrew F. Davis Reviewed-by: Andreas Dannenberg Reviewed-by: Lokesh Vutla Reviewed-by: Tom Rini --- arch/arm/mach-k3/am6_init.c | 13 ++++++++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..2301061848 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,16 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); } +/* + * This uninitialized global variable would normal end up in the .bss section, + * but the .bss is cleared between writing and reading this variable, so move + * it to the .data section. + */ +u32 bootindex __attribute__((section(".data"))); + static void store_boot_index_from_rom(void) { - u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL; - - *boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX); + bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX); } void board_init_f(ulong dummy) @@ -94,7 +99,6 @@ u32 spl_boot_mode(const u32 boot_device) { #if defined(CONFIG_SUPPORT_EMMC_BOOT) u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT); - u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL); u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >> CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT; @@ -170,7 +174,6 @@ static u32 __get_primary_bootmedia(u32 devstat) u32 spl_boot_device(void) { u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT); - u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL); if (bootindex == K3_PRIMARY_BOOTMODE) return __get_primary_bootmedia(devstat); diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h index b5244609af..3343233aa3 100644 --- a/arch/arm/mach-k3/include/mach/am6_hardware.h +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h @@ -44,7 +44,4 @@ #define CTRLMMR_LOCK_KICK1 0x0100c #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a -/* MCU SCRATCHPAD usage */ -#define K3_BOOT_PARAM_TABLE_INDEX_VAL CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE - #endif /* __ASM_ARCH_AM6_HARDWARE_H */ From patchwork Thu Feb 21 22:35:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046486 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="zU38eklG"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458Sj4wRxz9s6w for ; Fri, 22 Feb 2019 09:35:49 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 5164AC21EDC; Thu, 21 Feb 2019 22:35:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 1AE1FC21DED; Thu, 21 Feb 2019 22:35:20 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id F1599C21C4A; Thu, 21 Feb 2019 22:35:18 +0000 (UTC) Received: from lelv0142.ext.ti.com (lelv0142.ext.ti.com [198.47.23.249]) by lists.denx.de (Postfix) with ESMTPS id 37C06C21BE5 for ; Thu, 21 Feb 2019 22:35:18 +0000 (UTC) Received: from fllv0034.itg.ti.com ([10.64.40.246]) by lelv0142.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZGsw106007; Thu, 21 Feb 2019 16:35:16 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788516; bh=QtuVV3qm7uqWm53KK/Q0dQfNdGnPnZhxKmmtzazPFsA=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=zU38eklGinbBUGTqNlNTzkaFSHRGhOJdE9/PPBFKnXEgqJsW+rWGbFrCnkLQ11zRJ 3ecWEETKK1aXGgeBefoFQkMVXcyU16Dxk3jTvqrr1aMfVAk70E8mf/GQj5p4kiFF84 8/W1C4WaDmwqNPkeAGRFWrdUh9yvmAOgY+3ueXpI= Received: from DLEE115.ent.ti.com (dlee115.ent.ti.com [157.170.170.26]) by fllv0034.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZGwO010021 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:16 -0600 Received: from DLEE110.ent.ti.com (157.170.170.21) by DLEE115.ent.ti.com (157.170.170.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:16 -0600 Received: from dlep32.itg.ti.com (157.170.170.100) by DLEE110.ent.ti.com (157.170.170.21) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:15 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dlep32.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZF1F019237; Thu, 21 Feb 2019 16:35:15 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZFU08565; Thu, 21 Feb 2019 16:35:15 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:07 -0600 Message-ID: <20190221223512.8310-3-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 2/7] firmware: ti_sci: Add support for firewall management X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" TI-SCI message protocol provides support for controlling the firewall configurations available in SoC. Introduce support for the set of TI-SCI message protocol APIs that provide us with this capability of controlling firewalls. Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- drivers/firmware/ti_sci.c | 177 +++++++++++++++++++++++++ drivers/firmware/ti_sci.h | 121 +++++++++++++++++ include/linux/soc/ti/ti_sci_protocol.h | 64 +++++++++ 3 files changed, 362 insertions(+) diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c index 9148126041..534a1e6497 100644 --- a/drivers/firmware/ti_sci.c +++ b/drivers/firmware/ti_sci.c @@ -1803,6 +1803,178 @@ static int ti_sci_cmd_get_proc_boot_status(const struct ti_sci_handle *handle, return ret; } +/** + * ti_sci_cmd_set_fwl_region() - Request for configuring a firewall region + * @handle: pointer to TI SCI handle + * @region: region configuration parameters + * + * Return: 0 if all went well, else returns appropriate error value. + */ +static int ti_sci_cmd_set_fwl_region(const struct ti_sci_handle *handle, + const struct ti_sci_msg_fwl_region *region) +{ + struct ti_sci_msg_fwl_set_firewall_region_req req; + struct ti_sci_msg_hdr *resp; + struct ti_sci_info *info; + struct ti_sci_xfer *xfer; + int ret = 0; + + if (IS_ERR(handle)) + return PTR_ERR(handle); + if (!handle) + return -EINVAL; + + info = handle_to_ti_sci_info(handle); + + xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_SET, + TI_SCI_FLAG_REQ_ACK_ON_PROCESSED, + (u32 *)&req, sizeof(req), sizeof(*resp)); + if (IS_ERR(xfer)) { + ret = PTR_ERR(xfer); + dev_err(info->dev, "Message alloc failed(%d)\n", ret); + return ret; + } + + req.fwl_id = region->fwl_id; + req.region = region->region; + req.n_permission_regs = region->n_permission_regs; + req.control = region->control; + req.permissions[0] = region->permissions[0]; + req.permissions[1] = region->permissions[1]; + req.permissions[2] = region->permissions[2]; + req.start_address = region->start_address; + req.end_address = region->end_address; + + ret = ti_sci_do_xfer(info, xfer); + if (ret) { + dev_err(info->dev, "Mbox send fail %d\n", ret); + return ret; + } + + resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf; + + if (!ti_sci_is_response_ack(resp)) + return -ENODEV; + + return 0; +} + +/** + * ti_sci_cmd_get_fwl_region() - Request for getting a firewall region + * @handle: pointer to TI SCI handle + * @region: region configuration parameters + * + * Return: 0 if all went well, else returns appropriate error value. + */ +static int ti_sci_cmd_get_fwl_region(const struct ti_sci_handle *handle, + struct ti_sci_msg_fwl_region *region) +{ + struct ti_sci_msg_fwl_get_firewall_region_req req; + struct ti_sci_msg_fwl_get_firewall_region_resp *resp; + struct ti_sci_info *info; + struct ti_sci_xfer *xfer; + int ret = 0; + + if (IS_ERR(handle)) + return PTR_ERR(handle); + if (!handle) + return -EINVAL; + + info = handle_to_ti_sci_info(handle); + + xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET, + TI_SCI_FLAG_REQ_ACK_ON_PROCESSED, + (u32 *)&req, sizeof(req), sizeof(*resp)); + if (IS_ERR(xfer)) { + ret = PTR_ERR(xfer); + dev_err(info->dev, "Message alloc failed(%d)\n", ret); + return ret; + } + + req.fwl_id = region->fwl_id; + req.region = region->region; + req.n_permission_regs = region->n_permission_regs; + + ret = ti_sci_do_xfer(info, xfer); + if (ret) { + dev_err(info->dev, "Mbox send fail %d\n", ret); + return ret; + } + + resp = (struct ti_sci_msg_fwl_get_firewall_region_resp *)xfer->tx_message.buf; + + if (!ti_sci_is_response_ack(resp)) + return -ENODEV; + + region->fwl_id = resp->fwl_id; + region->region = resp->region; + region->n_permission_regs = resp->n_permission_regs; + region->control = resp->control; + region->permissions[0] = resp->permissions[0]; + region->permissions[1] = resp->permissions[1]; + region->permissions[2] = resp->permissions[2]; + region->start_address = resp->start_address; + region->end_address = resp->end_address; + + return 0; +} + +/** + * ti_sci_cmd_change_fwl_owner() - Request for changing a firewall owner + * @handle: pointer to TI SCI handle + * @region: region configuration parameters + * + * Return: 0 if all went well, else returns appropriate error value. + */ +static int ti_sci_cmd_change_fwl_owner(const struct ti_sci_handle *handle, + struct ti_sci_msg_fwl_owner *owner) +{ + struct ti_sci_msg_fwl_change_owner_info_req req; + struct ti_sci_msg_fwl_change_owner_info_resp *resp; + struct ti_sci_info *info; + struct ti_sci_xfer *xfer; + int ret = 0; + + if (IS_ERR(handle)) + return PTR_ERR(handle); + if (!handle) + return -EINVAL; + + info = handle_to_ti_sci_info(handle); + + xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET, + TISCI_MSG_FWL_CHANGE_OWNER, + (u32 *)&req, sizeof(req), sizeof(*resp)); + if (IS_ERR(xfer)) { + ret = PTR_ERR(xfer); + dev_err(info->dev, "Message alloc failed(%d)\n", ret); + return ret; + } + + req.fwl_id = owner->fwl_id; + req.region = owner->region; + req.owner_index = owner->owner_index; + + ret = ti_sci_do_xfer(info, xfer); + if (ret) { + dev_err(info->dev, "Mbox send fail %d\n", ret); + return ret; + } + + resp = (struct ti_sci_msg_fwl_change_owner_info_resp *)xfer->tx_message.buf; + + if (!ti_sci_is_response_ack(resp)) + return -ENODEV; + + owner->fwl_id = resp->fwl_id; + owner->region = resp->region; + owner->owner_index = resp->owner_index; + owner->owner_privid = resp->owner_privid; + owner->owner_permission_bits = resp->owner_permission_bits; + + return ret; +} + /* * ti_sci_setup_ops() - Setup the operations structures * @info: pointer to TISCI pointer @@ -1815,6 +1987,7 @@ static void ti_sci_setup_ops(struct ti_sci_info *info) struct ti_sci_clk_ops *cops = &ops->clk_ops; struct ti_sci_core_ops *core_ops = &ops->core_ops; struct ti_sci_proc_ops *pops = &ops->proc_ops; + struct ti_sci_fwl_ops *fwl_ops = &ops->fwl_ops; bops->board_config = ti_sci_cmd_set_board_config; bops->board_config_rm = ti_sci_cmd_set_board_config_rm; @@ -1857,6 +2030,10 @@ static void ti_sci_setup_ops(struct ti_sci_info *info) pops->set_proc_boot_ctrl = ti_sci_cmd_set_proc_boot_ctrl; pops->proc_auth_boot_image = ti_sci_cmd_proc_auth_boot_image; pops->get_proc_boot_status = ti_sci_cmd_get_proc_boot_status; + + fwl_ops->set_fwl_region = ti_sci_cmd_set_fwl_region; + fwl_ops->get_fwl_region = ti_sci_cmd_get_fwl_region; + fwl_ops->change_fwl_owner = ti_sci_cmd_change_fwl_owner; } /** diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h index 81591fb0c7..3b1f637f04 100644 --- a/drivers/firmware/ti_sci.h +++ b/drivers/firmware/ti_sci.h @@ -50,6 +50,10 @@ #define TISCI_MSG_PROC_AUTH_BOOT_IMIAGE 0xc120 #define TISCI_MSG_GET_PROC_BOOT_STATUS 0xc400 +#define TISCI_MSG_FWL_SET 0x9000 +#define TISCI_MSG_FWL_GET 0x9001 +#define TISCI_MSG_FWL_CHANGE_OWNER 0x9002 + /** * struct ti_sci_msg_hdr - Generic Message Header for All messages and responses * @type: Type of messages: One of TI_SCI_MSG* values @@ -677,4 +681,121 @@ struct ti_sci_msg_resp_get_proc_boot_status { u32 status_flags; } __packed; +#define FWL_MAX_PRIVID_SLOTS 3U + +/** + * struct ti_sci_msg_fwl_set_firewall_region_req - Request for configuring the firewall permissions. + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question. (index starting from 0) In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0) + * @n_permission_regs: Number of permission registers to set + * @control: Contents of the firewall CONTROL register to set + * @permissions: Contents of the firewall PERMISSION register to set + * @start_address: Contents of the firewall START_ADDRESS register to set + * @end_address: Contents of the firewall END_ADDRESS register to set + */ + +struct ti_sci_msg_fwl_set_firewall_region_req { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u32 n_permission_regs; + u32 control; + u32 permissions[FWL_MAX_PRIVID_SLOTS]; + u64 start_address; + u64 end_address; +} __packed; + +/** + * struct ti_sci_msg_fwl_get_firewall_region_req - Request for retrieving the firewall permissions + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to get config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question (index starting from 0). In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0). + * @n_permission_regs: Number of permission registers to retrieve + */ +struct ti_sci_msg_fwl_get_firewall_region_req { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u32 n_permission_regs; +} __packed; + +/** + * struct ti_sci_msg_fwl_get_firewall_region_resp - Response for retrieving the firewall permissions + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info This field is + * unused in case of a simple firewall and must be initialized to zero. In + * case of a region based firewall, this field indicates the region in + * question. (index starting from 0) In case of a channel based firewall, this + * field indicates the channel in question (index starting from 0) + * @n_permission_regs: Number of permission registers retrieved + * @control: Contents of the firewall CONTROL register + * @permissions: Contents of the firewall PERMISSION registers + * @start_address: Contents of the firewall START_ADDRESS register This is not applicable for channelized firewalls. + * @end_address: Contents of the firewall END_ADDRESS register This is not applicable for channelized firewalls. + */ +struct ti_sci_msg_fwl_get_firewall_region_resp { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u32 n_permission_regs; + u32 control; + u32 permissions[FWL_MAX_PRIVID_SLOTS]; + u64 start_address; + u64 end_address; +} __packed; + +/** + * struct ti_sci_msg_fwl_change_owner_info_req - Request for a firewall owner change + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number if applicable + * @owner_index: New owner index to transfer ownership to + */ +struct ti_sci_msg_fwl_change_owner_info_req { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u8 owner_index; +} __packed; + +/** + * struct ti_sci_msg_fwl_change_owner_info_resp - Response for a firewall owner change + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID specified in request + * @region: Region or channel number specified in request + * @owner_index: Owner index specified in request + * @owner_privid: New owner priv-ID returned by DMSC. + * @owner_permission_bits: New owner permission bits returned by DMSC. + */ +struct ti_sci_msg_fwl_change_owner_info_resp { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u8 owner_index; + u8 owner_privid; + u16 owner_permission_bits; +} __packed; + #endif /* __TI_SCI_H */ diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h index 90d5053636..f3c5b72860 100644 --- a/include/linux/soc/ti/ti_sci_protocol.h +++ b/include/linux/soc/ti/ti_sci_protocol.h @@ -257,6 +257,68 @@ struct ti_sci_proc_ops { u32 *sts_flags); }; +/** + * struct ti_sci_msg_fwl_region_cfg - Request and Response for firewalls settings + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question. (index starting from 0) In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0) + * @n_permission_regs: Number of permission registers to set + * @control: Contents of the firewall CONTROL register to set + * @permissions: Contents of the firewall PERMISSION register to set + * @start_address: Contents of the firewall START_ADDRESS register to set + * @end_address: Contents of the firewall END_ADDRESS register to set + */ +struct ti_sci_msg_fwl_region { + u16 fwl_id; + u16 region; + u32 n_permission_regs; + u32 control; + u32 permissions[3]; + u64 start_address; + u64 end_address; +} __packed; + +/** + * \brief Request and Response for firewall owner change + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question. (index starting from 0) In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0) + * @n_permission_regs: Number of permission registers <= 3 + * @control: Control register value for this region + * @owner_index: New owner index to change to. Owner indexes are setup in DMSC firmware boot configuration data + * @owner_privid: New owner priv-id, used to lookup owner_index is not known, must be set to zero otherwise + * @owner_permission_bits: New owner permission bits + */ +struct ti_sci_msg_fwl_owner { + u16 fwl_id; + u16 region; + u8 owner_index; + u8 owner_privid; + u16 owner_permission_bits; +} __packed; + +/** + * struct ti_sci_fwl_ops - Firewall specific operations + * @set_fwl_region: Request for configuring the firewall permissions. + * @get_fwl_region: Request for retrieving the firewall permissions. + * @change_fwl_owner: Request for a change of firewall owner. + */ +struct ti_sci_fwl_ops { + int (*set_fwl_region)(const struct ti_sci_handle *handle, const struct ti_sci_msg_fwl_region *region); + int (*get_fwl_region)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_region *region); + int (*change_fwl_owner)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_owner *owner); +}; + /** * struct ti_sci_ops - Function support for TI SCI * @board_ops: Miscellaneous operations @@ -264,6 +326,7 @@ struct ti_sci_proc_ops { * @clk_ops: Clock specific operations * @core_ops: Core specific operations * @proc_ops: Processor specific operations + * @fw_ops: Firewall specific operations */ struct ti_sci_ops { struct ti_sci_board_ops board_ops; @@ -271,6 +334,7 @@ struct ti_sci_ops { struct ti_sci_clk_ops clk_ops; struct ti_sci_core_ops core_ops; struct ti_sci_proc_ops proc_ops; + struct ti_sci_fwl_ops fwl_ops; }; /** From patchwork Thu Feb 21 22:35:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046489 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="HeCk5aGw"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458VZ0Vrfz9s6w for ; Fri, 22 Feb 2019 09:37:25 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id A7FF5C21EBB; Thu, 21 Feb 2019 22:36:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 7E778C21BE5; Thu, 21 Feb 2019 22:35:24 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 09867C21C4A; Thu, 21 Feb 2019 22:35:20 +0000 (UTC) Received: from fllv0016.ext.ti.com (fllv0016.ext.ti.com [198.47.19.142]) by lists.denx.de (Postfix) with ESMTPS id 65846C21BE5 for ; Thu, 21 Feb 2019 22:35:19 +0000 (UTC) Received: from lelv0265.itg.ti.com ([10.180.67.224]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZHwd084210; Thu, 21 Feb 2019 16:35:17 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788517; bh=daFRg9BCifQRSZzwGVDbg5lDNNpTyhiyo70+MW8pDjc=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=HeCk5aGw/Je4x72IFIKn/Ffn+g7EAc0R1453Frtn14NbswQjUUtTw9fgdJ6hbxMjm whhk4SG6ea6IWEYreI6oFd1lu8t5KBzTH/Ogf0J6m/AACVmnAyYwuLgHh1oAQ999gh lYViv0mHfgacC9eGoSvuYtQjqqPD57g6kbFgXU/U= Received: from DLEE106.ent.ti.com (dlee106.ent.ti.com [157.170.170.36]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZHRs126416 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:17 -0600 Received: from DLEE107.ent.ti.com (157.170.170.37) by DLEE106.ent.ti.com (157.170.170.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:16 -0600 Received: from dflp33.itg.ti.com (10.64.6.16) by DLEE107.ent.ti.com (157.170.170.37) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:16 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dflp33.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZGUH027247; Thu, 21 Feb 2019 16:35:16 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZGU08569; Thu, 21 Feb 2019 16:35:16 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:08 -0600 Message-ID: <20190221223512.8310-4-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 3/7] firmware: ti_sci: Modify auth_boot TI-SCI API to match new version X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" SYSFW version 2019.01 introduces a slightly modified version of this API, add support for it here. Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- drivers/firmware/ti_sci.c | 25 ++++++++++++++++--------- drivers/firmware/ti_sci.h | 9 +++++++-- include/linux/soc/ti/ti_sci_protocol.h | 4 ++-- 3 files changed, 25 insertions(+), 13 deletions(-) diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c index 534a1e6497..406b2306a9 100644 --- a/drivers/firmware/ti_sci.c +++ b/drivers/firmware/ti_sci.c @@ -1700,16 +1700,19 @@ static int ti_sci_cmd_set_proc_boot_ctrl(const struct ti_sci_handle *handle, * ti_sci_cmd_proc_auth_boot_image() - Command to authenticate and load the * image and then set the processor configuration flags. * @handle: Pointer to TI SCI handle - * @proc_id: Processor ID this request is for - * @cert_addr: Memory address at which payload image certificate is located. + * @image_addr: Memory address at which payload image and certificate is + * located in memory, this is updated if the image data is + * moved during authentication. + * @image_size: This is updated with the final size of the image after + * authentication. * * Return: 0 if all went well, else returns appropriate error value. */ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle, - u8 proc_id, u64 cert_addr) + u64 *image_addr, u32 *image_size) { struct ti_sci_msg_req_proc_auth_boot_image req; - struct ti_sci_msg_hdr *resp; + struct ti_sci_msg_resp_proc_auth_boot_image *resp; struct ti_sci_info *info; struct ti_sci_xfer *xfer; int ret = 0; @@ -1729,9 +1732,8 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle, dev_err(info->dev, "Message alloc failed(%d)\n", ret); return ret; } - req.processor_id = proc_id; - req.cert_addr_low = cert_addr & TISCI_ADDR_LOW_MASK; - req.cert_addr_high = (cert_addr & TISCI_ADDR_HIGH_MASK) >> + req.cert_addr_low = *image_addr & TISCI_ADDR_LOW_MASK; + req.cert_addr_high = (*image_addr & TISCI_ADDR_HIGH_MASK) >> TISCI_ADDR_HIGH_SHIFT; ret = ti_sci_do_xfer(info, xfer); @@ -1740,10 +1742,15 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle, return ret; } - resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf; + resp = (struct ti_sci_msg_resp_proc_auth_boot_image *)xfer->tx_message.buf; if (!ti_sci_is_response_ack(resp)) - ret = -ENODEV; + return -ENODEV; + + *image_addr = (resp->image_addr_low & TISCI_ADDR_LOW_MASK) | + (((u64)resp->image_addr_high << + TISCI_ADDR_HIGH_SHIFT) & TISCI_ADDR_HIGH_MASK); + *image_size = resp->image_size; return ret; } diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h index 3b1f637f04..24b97d5f2c 100644 --- a/drivers/firmware/ti_sci.h +++ b/drivers/firmware/ti_sci.h @@ -622,7 +622,6 @@ struct ti_sci_msg_req_set_proc_boot_ctrl { /** * struct ti_sci_msg_req_proc_auth_start_image - Authenticate and start image * @hdr: Generic Header - * @processor_id: ID of processor * @cert_addr_low: Lower 32bit (Little Endian) of certificate * @cert_addr_high: Higher 32bit (Little Endian) of certificate * @@ -631,11 +630,17 @@ struct ti_sci_msg_req_set_proc_boot_ctrl { */ struct ti_sci_msg_req_proc_auth_boot_image { struct ti_sci_msg_hdr hdr; - u8 processor_id; u32 cert_addr_low; u32 cert_addr_high; } __packed; +struct ti_sci_msg_resp_proc_auth_boot_image { + struct ti_sci_msg_hdr hdr; + u32 image_addr_low; + u32 image_addr_high; + u32 image_size; +} __packed; + /** * struct ti_sci_msg_req_get_proc_boot_status - Get processor boot status * @hdr: Generic Header diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h index f3c5b72860..c3bfa57253 100644 --- a/include/linux/soc/ti/ti_sci_protocol.h +++ b/include/linux/soc/ti/ti_sci_protocol.h @@ -250,8 +250,8 @@ struct ti_sci_proc_ops { u64 bv, u32 cfg_set, u32 cfg_clr); int (*set_proc_boot_ctrl)(const struct ti_sci_handle *handle, u8 pid, u32 ctrl_set, u32 ctrl_clr); - int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, u8 pid, - u64 caddr); + int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, + u64 *image_addr, u32 *image_size); int (*get_proc_boot_status)(const struct ti_sci_handle *handle, u8 pid, u64 *bv, u32 *cfg_flags, u32 *ctrl_flags, u32 *sts_flags); From patchwork Thu Feb 21 22:35:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046488 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="PZGYiACh"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458Tt0wTPz9s6w for ; Fri, 22 Feb 2019 09:36:50 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id A09C4C21E02; Thu, 21 Feb 2019 22:36:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id F23ABC21EC5; Thu, 21 Feb 2019 22:35:23 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B4042C21C4A; Thu, 21 Feb 2019 22:35:20 +0000 (UTC) Received: from lelv0143.ext.ti.com (lelv0143.ext.ti.com [198.47.23.248]) by lists.denx.de (Postfix) with ESMTPS id 70D23C21C6A for ; Thu, 21 Feb 2019 22:35:19 +0000 (UTC) Received: from lelv0265.itg.ti.com ([10.180.67.224]) by lelv0143.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZIOU032957; Thu, 21 Feb 2019 16:35:18 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788518; bh=RlqHYNd9VJPq7qxbXtlroupE2DBVpXwNl3DDveB/nEc=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=PZGYiAChwg2UuaGneH5FuiHy4fl2T9J8IKbZRgRaHzuL+jfL+SgLA/lXbBB6NcBOK 8NOPT/sUMZvE7rNkqSJnuYGRia47IY0wBhdwApqZKa4/dAJihvbYeBkCGzxsIplLrI KLLMpCPRlIfwj+EFMM3Ol1jEacoOK/CKYUnKJrEs= Received: from DFLE113.ent.ti.com (dfle113.ent.ti.com [10.64.6.34]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZHBt126430 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:18 -0600 Received: from DFLE105.ent.ti.com (10.64.6.26) by DFLE113.ent.ti.com (10.64.6.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:17 -0600 Received: from dflp32.itg.ti.com (10.64.6.15) by DFLE105.ent.ti.com (10.64.6.26) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:17 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dflp32.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZHkE015572; Thu, 21 Feb 2019 16:35:17 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZGU08573; Thu, 21 Feb 2019 16:35:16 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:09 -0600 Message-ID: <20190221223512.8310-5-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 4/7] arm: mach-k3: Add secure device support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- MAINTAINERS | 1 + arch/arm/Kconfig | 2 +- arch/arm/mach-k3/Makefile | 1 + arch/arm/mach-k3/security.c | 63 +++++++++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 arch/arm/mach-k3/security.c diff --git a/MAINTAINERS b/MAINTAINERS index f1f8818d6b..5dd69562e0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -716,6 +716,7 @@ S: Supported F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk +F: arch/arm/mach-k3/security.c F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 455f06cfee..da397097e5 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1417,7 +1417,7 @@ endchoice config TI_SECURE_DEVICE bool "HS Device Type Support" - depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS + depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3 help If a high secure (HS) device type is being used, this config must be set. This option impacts various aspects of the diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile index bd4ab361b2..0c3a4f7db1 100644 --- a/arch/arm/mach-k3/Makefile +++ b/arch/arm/mach-k3/Makefile @@ -6,4 +6,5 @@ obj-$(CONFIG_SOC_K3_AM6) += am6_init.o obj-$(CONFIG_ARM64) += arm64-mmu.o obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o +obj-$(CONFIG_TI_SECURE_DEVICE) += security.o obj-y += common.o diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c new file mode 100644 index 0000000000..52f49bf01f --- /dev/null +++ b/arch/arm/mach-k3/security.c @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * K3: Security functions + * + * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/ + * Andrew F. Davis + */ + +#include +#include +#include +#include +#include + +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + struct udevice *dev; + struct ti_sci_handle *ti_sci; + struct ti_sci_proc_ops *proc_ops; + u64 image_addr; + u32 image_size; + int ret; + + /* Get handle to Device Management and Security Controller (SYSFW) */ + ret = uclass_get_device_by_name(UCLASS_FIRMWARE, "dmsc", &dev); + if (ret) { + printf("Failed to get handle to SYSFW (%d)\n", ret); + hang(); + } + ti_sci = (struct ti_sci_handle *)(ti_sci_get_handle_from_sysfw(dev)); + proc_ops = &ti_sci->ops.proc_ops; + + image_addr = (uintptr_t)*p_image; + + debug("Authenticating image at address 0x%016llx\n", image_addr); + + /* Authenticate image */ + ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size); + if (ret) { + printf("Authentication failed!\n"); + hang(); + } + + /* + * The image_size returned may be 0 when the authentication process has + * moved the image. When this happens no further processing on the + * image is needed or often even possible as it may have also been + * placed behind a firewall when moved. + */ + *p_size = image_size; + + /* + * Output notification of successful authentication to re-assure the + * user that the secure code is being processed as expected. However + * suppress any such log output in case of building for SPL and booting + * via YMODEM. This is done to avoid disturbing the YMODEM serial + * protocol transactions. + */ + if (!(IS_ENABLED(CONFIG_SPL_BUILD) && + IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && + spl_boot_device() == BOOT_DEVICE_UART)) + printf("Authentication passed\n"); +} From patchwork Thu Feb 21 22:35:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046490 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="tYHbpZCF"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458WZ1xQsz9s8m for ; Fri, 22 Feb 2019 09:38:18 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id D0B99C21E2C; Thu, 21 Feb 2019 22:36:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 190D4C21E73; Thu, 21 Feb 2019 22:35:36 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id BADC9C21F3C; Thu, 21 Feb 2019 22:35:27 +0000 (UTC) Received: from fllv0015.ext.ti.com (fllv0015.ext.ti.com [198.47.19.141]) by lists.denx.de (Postfix) with ESMTPS id 3D0EAC21E73 for ; Thu, 21 Feb 2019 22:35:23 +0000 (UTC) Received: from lelv0266.itg.ti.com ([10.180.67.225]) by fllv0015.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZLAj058230; Thu, 21 Feb 2019 16:35:21 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788521; bh=SkrI9+ELMb4pgmqIQbQN7ygCYYKbLss6X7at7aV1dwQ=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=tYHbpZCF7hBmsG8vpUrOLJbMDIlfvXpwsA2SjZ+i+/scyyk6hlGFcXQLtdnUJear9 0PyB1QPB08EPyfJ1sXa0zLTYWgYzkxrED51XW/5cLSe253ZpH3CPQAqlMMNNBki9Bd 6K0zgthcqVWKLG5pynVO+C0y8W3i/17gVvwcHVN4= Received: from DLEE115.ent.ti.com (dlee115.ent.ti.com [157.170.170.26]) by lelv0266.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZLeJ109232 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:21 -0600 Received: from DLEE100.ent.ti.com (157.170.170.30) by DLEE115.ent.ti.com (157.170.170.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:21 -0600 Received: from dflp33.itg.ti.com (10.64.6.16) by DLEE100.ent.ti.com (157.170.170.30) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:20 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dflp33.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZKum027349; Thu, 21 Feb 2019 16:35:20 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZKU08643; Thu, 21 Feb 2019 16:35:20 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:10 -0600 Message-ID: <20190221223512.8310-6-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 5/7] arm: mach-k3: Add secure device build support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build. Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk diff --git a/MAINTAINERS b/MAINTAINERS index 5dd69562e0..bddfaf50c8 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE + IS_HS=1 \ + $(srctree)/tools/k3_fit_atf.sh \ + $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@ + +ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE ALL-y += tispl.bin endif +endif + +else +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif + +include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis + +quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ + $< $@ \ + $(if $(KBUILD_VERBOSE:1=), >/dev/null) +else +cmd_k3secureimg = echo "WARNING:" \ + "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ + "$@ was NOT secured!"; cp $< $@ +endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ + "variable must be defined for TI secure devices." \ + "$@ was NOT secured!"; cp $< $@ +endif + +%.dtb_HS: %.dtb FORCE + $(call if_changed,k3secureimg) + +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE + $(call if_changed,k3secureimg) + +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE + $(call if_changed,mkfitimage) + +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ + -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \ + -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \ + $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST))) + +OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST))) +$(OF_LIST_TARGETS): dtbs + +u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE + $(call if_changed,k3secureimg) + +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE + $(call if_changed,mkimage) diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh index 430b5ca616..4e9f69c087 100755 --- a/tools/k3_fit_atf.sh +++ b/tools/k3_fit_atf.sh @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then TEE=/dev/null fi +if [ ! -z "$IS_HS" ]; then + HS_APPEND=_HS +fi + cat << __HEADER_EOF /dts-v1/; @@ -51,7 +55,7 @@ cat << __HEADER_EOF }; spl { description = "SPL (64-bit)"; - data = /incbin/("spl/u-boot-spl-nodtb.bin"); + data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND"); type = "standalone"; os = "U-Boot"; arch = "arm64"; @@ -66,7 +70,7 @@ do cat << __FDT_IMAGE_EOF $(basename $dtname) { description = "$(basename $dtname .dtb)"; - data = /incbin/("$dtname"); + data = /incbin/("$dtname$HS_APPEND"); type = "flat_dt"; arch = "arm"; compression = "none"; From patchwork Thu Feb 21 22:35:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046491 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="O2ReoC92"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458Wp3l6yz9s6w for ; Fri, 22 Feb 2019 09:38:30 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 25306C21E36; Thu, 21 Feb 2019 22:37:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=T_DKIM_INVALID, UPPERCASE_50_75 autolearn=no autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 4FA34C21F0C; Thu, 21 Feb 2019 22:35:58 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id D923EC21E0F; Thu, 21 Feb 2019 22:35:36 +0000 (UTC) Received: from lelv0143.ext.ti.com (lelv0143.ext.ti.com [198.47.23.248]) by lists.denx.de (Postfix) with ESMTPS id A64B0C21E38 for ; Thu, 21 Feb 2019 22:35:30 +0000 (UTC) Received: from lelv0265.itg.ti.com ([10.180.67.224]) by lelv0143.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZTaF033058; Thu, 21 Feb 2019 16:35:29 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788529; bh=Z43QYIFCea/6ukfl1Z2mQnheNWX7GmNekRmLRokwlOo=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=O2ReoC92JUIZcD5/UXQ/h9QSpik7xxcuLnF2qXx1H+t3c4OrDj5J0Oh7dQOaSiv7m d6W3aetmBw0lr/lQkmZFvgF3WqVCk3akZ9phaFdaGZlru3tYOVOktygSgAosmWZYP7 hQwv91jTekXFBz+Sm9vTteLXciifTn/qSbpsXs48= Received: from DLEE114.ent.ti.com (dlee114.ent.ti.com [157.170.170.25]) by lelv0265.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZT41126611 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:29 -0600 Received: from DLEE105.ent.ti.com (157.170.170.35) by DLEE114.ent.ti.com (157.170.170.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:28 -0600 Received: from dlep33.itg.ti.com (157.170.170.75) by DLEE105.ent.ti.com (157.170.170.35) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:28 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dlep33.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZSgd029073; Thu, 21 Feb 2019 16:35:28 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZRU08779; Thu, 21 Feb 2019 16:35:27 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:11 -0600 Message-ID: <20190221223512.8310-7-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 6/7] configs: Add a config for AM65x High Security EVM X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add new defconfig files for the AM65x High Security EVM. This defconfigs are the same as for the non-secure part, except for: CONFIG_TI_SECURE_DEVICE option set to 'y' CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y' Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- MAINTAINERS | 2 + configs/am65x_hs_evm_a53_defconfig | 74 ++++++++++++++++++++++++ configs/am65x_hs_evm_r5_defconfig | 90 ++++++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100644 configs/am65x_hs_evm_a53_defconfig create mode 100644 configs/am65x_hs_evm_r5_defconfig diff --git a/MAINTAINERS b/MAINTAINERS index bddfaf50c8..4c0be61f28 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -729,6 +729,8 @@ F: configs/k2hk_hs_evm_defconfig F: configs/k2e_hs_evm_defconfig F: configs/k2g_hs_evm_defconfig F: configs/k2l_hs_evm_defconfig +F: configs/am65x_hs_evm_r5_defconfig +F: configs/am65x_hs_evm_a53_defconfig TQ GROUP #M: Martin Krause diff --git a/configs/am65x_hs_evm_a53_defconfig b/configs/am65x_hs_evm_a53_defconfig new file mode 100644 index 0000000000..b9b5a921af --- /dev/null +++ b/configs/am65x_hs_evm_a53_defconfig @@ -0,0 +1,74 @@ +CONFIG_ARM=y +CONFIG_ARCH_K3=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_SPL_LIBCOMMON_SUPPORT=y +CONFIG_SPL_LIBGENERIC_SUPPORT=y +CONFIG_SYS_MALLOC_F_LEN=0x2000 +CONFIG_SOC_K3_AM6=y +CONFIG_TARGET_AM654_A53_EVM=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_STACK_R_ADDR=0x82000000 +CONFIG_SPL_FS_FAT=y +CONFIG_SPL_LIBDISK_SUPPORT=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_NR_DRAM_BANKS=2 +# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run get_kern_${boot}; run get_fdt_${boot}; run run_kern" +# CONFIG_DISPLAY_CPUINFO is not set +CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_I2C_SUPPORT=y +CONFIG_SPL_DM_MAILBOX=y +CONFIG_SPL_DM_RESET=y +CONFIG_SPL_POWER_DOMAIN=y +CONFIG_SPL_REMOTEPROC=y +CONFIG_SPL_YMODEM_SUPPORT=y +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_MMC=y +CONFIG_CMD_REMOTEPROC=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_TIME=y +# CONFIG_ISO_PARTITION is not set +# CONFIG_EFI_PARTITION is not set +CONFIG_OF_CONTROL=y +CONFIG_SPL_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board" +CONFIG_SPL_MULTI_DTB_FIT=y +CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y +CONFIG_ENV_IS_IN_FAT=y +CONFIG_ENV_FAT_INTERFACE="mmc" +CONFIG_ENV_FAT_DEVICE_AND_PART="1:1" +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPL_DM_SEQ_ALIAS=y +CONFIG_CLK=y +CONFIG_SPL_CLK=y +CONFIG_CLK_TI_SCI=y +CONFIG_TI_SCI_PROTOCOL=y +CONFIG_DM_MAILBOX=y +CONFIG_K3_SEC_PROXY=y +CONFIG_MISC=y +CONFIG_DM_MMC=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_K3_ARASAN=y +CONFIG_PINCTRL=y +# CONFIG_PINCTRL_GENERIC is not set +CONFIG_SPL_PINCTRL=y +# CONFIG_SPL_PINCTRL_GENERIC is not set +CONFIG_PINCTRL_SINGLE=y +CONFIG_POWER_DOMAIN=y +CONFIG_TI_SCI_POWER_DOMAIN=y +CONFIG_K3_SYSTEM_CONTROLLER=y +CONFIG_REMOTEPROC_K3=y +CONFIG_DM_RESET=y +CONFIG_RESET_TI_SCI=y +CONFIG_DM_SERIAL=y +CONFIG_SYSRESET=y +CONFIG_SYSRESET_TI_SCI=y diff --git a/configs/am65x_hs_evm_r5_defconfig b/configs/am65x_hs_evm_r5_defconfig new file mode 100644 index 0000000000..1b9c138c03 --- /dev/null +++ b/configs/am65x_hs_evm_r5_defconfig @@ -0,0 +1,90 @@ +CONFIG_ARM=y +CONFIG_ARCH_K3=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_SPL_GPIO_SUPPORT=y +CONFIG_SPL_LIBCOMMON_SUPPORT=y +CONFIG_SPL_LIBGENERIC_SUPPORT=y +CONFIG_SYS_MALLOC_F_LEN=0x2000 +CONFIG_SOC_K3_AM6=y +CONFIG_TARGET_AM654_R5_EVM=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_STACK_R_ADDR=0x82000000 +CONFIG_SPL_FS_FAT=y +CONFIG_SPL_LIBDISK_SUPPORT=y +CONFIG_NR_DRAM_BANKS=2 +# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_USE_BOOTCOMMAND=y +# CONFIG_DISPLAY_CPUINFO is not set +CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_I2C_SUPPORT=y +CONFIG_SPL_DM_MAILBOX=y +CONFIG_SPL_DM_RESET=y +CONFIG_SPL_POWER_SUPPORT=y +CONFIG_SPL_POWER_DOMAIN=y +CONFIG_SPL_RAM_SUPPORT=y +CONFIG_SPL_RAM_DEVICE=y +CONFIG_SPL_REMOTEPROC=y +CONFIG_SPL_YMODEM_SUPPORT=y +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_REMOTEPROC=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_TIME=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_SPL_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="k3-am654-r5-base-board" +CONFIG_SPL_MULTI_DTB_FIT=y +CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y +CONFIG_ENV_IS_IN_FAT=y +CONFIG_ENV_FAT_INTERFACE="mmc" +CONFIG_ENV_FAT_DEVICE_AND_PART="1:1" +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPL_DM_SEQ_ALIAS=y +CONFIG_SPL_OF_TRANSLATE=y +CONFIG_CLK=y +CONFIG_SPL_CLK=y +CONFIG_CLK_TI_SCI=y +CONFIG_TI_SCI_PROTOCOL=y +CONFIG_DM_GPIO=y +CONFIG_DA8XX_GPIO=y +CONFIG_DM_MAILBOX=y +CONFIG_K3_SEC_PROXY=y +CONFIG_MISC=y +CONFIG_DM_MMC=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_K3_ARASAN=y +CONFIG_PINCTRL=y +# CONFIG_PINCTRL_GENERIC is not set +CONFIG_SPL_PINCTRL=y +# CONFIG_SPL_PINCTRL_GENERIC is not set +CONFIG_PINCTRL_SINGLE=y +CONFIG_POWER_DOMAIN=y +CONFIG_TI_SCI_POWER_DOMAIN=y +CONFIG_DM_REGULATOR=y +CONFIG_SPL_DM_REGULATOR=y +CONFIG_DM_REGULATOR_GPIO=y +CONFIG_SPL_DM_REGULATOR_GPIO=y +CONFIG_RAM=y +CONFIG_SPL_RAM=y +CONFIG_K3_SYSTEM_CONTROLLER=y +CONFIG_REMOTEPROC_K3=y +CONFIG_DM_RESET=y +CONFIG_RESET_TI_SCI=y +CONFIG_DM_SERIAL=y +CONFIG_SYSRESET=y +CONFIG_SYSRESET_TI_SCI=y +CONFIG_TIMER=y +CONFIG_SPL_TIMER=y +CONFIG_OMAP_TIMER=y From patchwork Thu Feb 21 22:35:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Davis X-Patchwork-Id: 1046492 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="H3RUDFDW"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4458X46QnWz9s6w for ; Fri, 22 Feb 2019 09:38:44 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 8FC1AC21E07; Thu, 21 Feb 2019 22:37:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C5020C21EE7; Thu, 21 Feb 2019 22:35:53 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3B384C21E49; Thu, 21 Feb 2019 22:35:39 +0000 (UTC) Received: from lelv0142.ext.ti.com (lelv0142.ext.ti.com [198.47.23.249]) by lists.denx.de (Postfix) with ESMTPS id EFAC8C21F1D for ; Thu, 21 Feb 2019 22:35:32 +0000 (UTC) Received: from fllv0034.itg.ti.com ([10.64.40.246]) by lelv0142.ext.ti.com (8.15.2/8.15.2) with ESMTP id x1LMZVTn106142; Thu, 21 Feb 2019 16:35:31 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1550788531; bh=hGD2KOSQUGzte2FwsvDXkjTMklBViUP8kkV5dHY1fec=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=H3RUDFDW6jAcUhzpwIhiFx3vE2C7m7a2FWSNSB1/g8ttW94qYNc/H9VvzR8PS9ClS iNq05InOLsWk/UsbOrqpeCYz/gka57QRltnv0p+SP+QhikH9krt5soHYhp3n/Y4dF1 yva9fk7Y0QAWmiduwom7tTZVufgiInr9ttrWM7Vs= Received: from DFLE111.ent.ti.com (dfle111.ent.ti.com [10.64.6.32]) by fllv0034.itg.ti.com (8.15.2/8.15.2) with ESMTPS id x1LMZVNo010271 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 21 Feb 2019 16:35:31 -0600 Received: from DFLE108.ent.ti.com (10.64.6.29) by DFLE111.ent.ti.com (10.64.6.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 21 Feb 2019 16:35:31 -0600 Received: from dflp32.itg.ti.com (10.64.6.15) by DFLE108.ent.ti.com (10.64.6.29) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1591.10 via Frontend Transport; Thu, 21 Feb 2019 16:35:31 -0600 Received: from legion.dal.desgin.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dflp32.itg.ti.com (8.14.3/8.13.8) with ESMTP id x1LMZUGB015819; Thu, 21 Feb 2019 16:35:30 -0600 Received: from localhost (uda0226330.dhcp.ti.com [172.22.111.174]) by legion.dal.desgin.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id x1LMZUU08826; Thu, 21 Feb 2019 16:35:30 -0600 (CST) From: "Andrew F. Davis" To: Tom Rini , Lokesh Vutla , Andreas Dannenberg Date: Thu, 21 Feb 2019 16:35:12 -0600 Message-ID: <20190221223512.8310-8-afd@ti.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190221223512.8310-1-afd@ti.com> References: <20190221223512.8310-1-afd@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2 7/7] doc: Update info on using K3 secure devices X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- doc/README.ti-secure | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 76950253ac..27c0eaa77f 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -138,7 +138,7 @@ Booting of U-Boot SPL Invoking the script for Keystone2 Secure Devices - ============================================= + ================================================ create-boot-image.sh \ @@ -157,6 +157,18 @@ Booting of U-Boot SPL boot from all media. Secure boot from SPI NOR flash is not currently supported. + Invoking the script for K3 Secure Devices + ========================================= + + The signing steps required to produce a bootable SPL image on secure + K3 TI devices are the same as those performed on non-secure devices. + The only difference is the key is not checked on non-secure devices so + a dummy key is used when building U-Boot for those devices. For secure + K3 TI devices simply use the real hardware key for your device. This + real key can be set with the Kconfig option "K3_KEY". The environment + variable TI_SECURE_DEV_PKG is also searched for real keys when the + build targets secure devices. + Booting of Primary U-Boot (u-boot.img) ====================================== @@ -181,10 +193,8 @@ Booting of Primary U-Boot (u-boot.img) is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which must be enabled for the secure boot scheme to work. In order to allow verifying proper operation of the secure boot chain in case of successful - authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are - output by the SPL to the console for each blob that got extracted from the - FIT image. Note that the last part of this log message is the (truncated) - name of the signing certificate embedded into the blob that got processed. + authentication messages like "Authentication passed" are output by the + SPL to the console for each blob that got extracted from the FIT image. The exact details of the how the images are secured is handled by the SECDEV package. Within the SECDEV package exists a script to process