[U-Boot] [PATCH RESEND v3 2/7] arm: mach-keystone: Implements FIT post-processing, call for keystone SoCs

Srinivas, Madan madans at ti.com
Fri Sep 9 04:59:58 CEST 2016


This commit implements the board_fit_image_post_process() function for
the keystone architecture. Unlike OMAP class devices, security
functions in keystone are not handled in the ROM.
The interface to the secure functions is TI proprietary and depending
on the keystone platform, the security functions like encryption,
decryption and authentication might even be offloaded to other secure
processing elements in the SoC.
The boot monitor acts as the gateway to these secure functions and the
boot monitor for secure devices is available as part of the SECDEV
package for KS2. For more details refer doc/README.ti-secure

Signed-off-by: Vitaly Andrianov <vitalya at ti.com>
Signed-off-by: Madan Srinivas <madans at ti.com>

Cc: Lokesh Vutla <lokeshvutla at ti.com>
Cc: Dan Murphy <dmurphy at ti.com>
---

Changes in v3: None
Changes in v2:
- The following changes are  made to mon.c based on review comments
	Adds NULL pointer check before calling authentication interface
	Removes an unnecessary printf
	Updates size of signed FIT blob after post processing removes header

  arch/arm/mach-keystone/mon.c | 55
++++++++++++++++++++++++++++++++++++++++++++
  1 file changed, 55 insertions(+)

diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
index 256f630..a952ed2 100644
--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -12,10 +12,31 @@
  #include <mach/mon.h>
  asm(".arch_extension sec\n\t");

+#ifdef CONFIG_TI_SECURE_DEVICE
+#define KS2_HS_AUTH_FN_OFFSET	8
+#define KS2_HS_SEC_HEADER_LEN	0x60
+#define KS2_AUTH_CMD		"2"
+/**
+ * (*fn_auth)() - Invokes security functions using a
+ * proprietary TI interface. This binary and source for
+ * this is available in the secure development package or
+ * SECDEV. For details on how to access this please refer
+ * doc/README.ti-secure
+ *
+ * @first param:	no. of parameters
+ * @second param:	parameter list
+ * @return non-zero value on success, zero on error
+ */
+static unsigned int (*fn_auth)(int, char * const []);
+#endif
+
  int mon_install(u32 addr, u32 dpsc, u32 freq)
  {
  	int result;

+#ifdef CONFIG_TI_SECURE_DEVICE
+	fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET);
+#endif
  	__asm__ __volatile__ (
  		"stmfd r13!, {lr}\n"
  		"mov r0, %1\n"
@@ -61,3 +82,37 @@ int mon_power_off(int core_id)
  		: "cc", "r0", "r1", "memory");
  	return  result;
  }
+
+#ifdef CONFIG_TI_SECURE_DEVICE
+static void k2_hs_auth(void *addr)
+{
+	char *argv1 = KS2_AUTH_CMD;
+	char argv2[32];
+	char *argv[3] = {NULL, argv1, argv2};
+	int ret = 0;
+
+	sprintf(argv2, "0x%08x", (u32)addr);
+
+	if (fn_auth)
+		ret = fn_auth(3, argv);
+
+	if (ret == 0)
+		hang();
+}
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+	void *dst = *p_image;
+	void *src = dst + KS2_HS_SEC_HEADER_LEN;
+
+	k2_hs_auth(*p_image);
+
+	/*
+	* Overwrite the image headers  after authentication
+	* and decryption. Update size to relect removal
+	* of header.
+	*/
+	*p_size -= KS2_HS_SEC_HEADER_LEN;
+	memcpy(dst, src, *p_size);
+}
+#endif
-- 
2.7.4





More information about the U-Boot mailing list