[U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs
Dan Murphy
dmurphy at ti.com
Mon Aug 29 18:22:36 CEST 2016
On 08/26/2016 01:30 AM, Madan Srinivas wrote:
> From: Vitaly Andrianov <vitalya at ti.com>
>
> This commit implements the board_fit_image_post_process() function for
> the keystone architecture. Unlike OMAP class devices, security
> functions in keystone are not handled in the ROM.
> The interface to the secure functions is TI proprietary and depending
> on the keystone platform, the security functions like encryption,
> decryption and authentication might even be offloaded to other secure
> processing elements in the SoC.
> The boot monitor acts as the gateway to these secure functions and the
> boot monitor for secure devices is available as part of the SECDEV
> package for KS2. For more details refer doc/README.ti-secure
>
> Signed-off-by: Vitaly Andrianov <vitalya at ti.com>
> Signed-off-by: Madan Srinivas <madans at ti.com>
> ---
>
> arch/arm/mach-keystone/mon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 53 insertions(+)
>
> diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
> index 256f630..b4a6f1c 100644
> --- a/arch/arm/mach-keystone/mon.c
> +++ b/arch/arm/mach-keystone/mon.c
> @@ -12,10 +12,31 @@
> #include <mach/mon.h>
> asm(".arch_extension sec\n\t");
>
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +#define KS2_HS_AUTH_FN_OFFSET 8
> +#define KS2_HS_SEC_HEADER_LEN 0x60
> +#define KS2_AUTH_CMD "2"
> +/**
> + * (*fn_auth)() - Invokes security functions using a
> + * proprietary TI interface. This binary and source for
> + * this is available in the secure development package or
> + * SECDEV. For details on how to access this please refer
> + * doc/README.ti-secure
> + *
> + * @first param: no. of parameters
> + * @second param: parameter list
> + * @return non-zero value on success, zero on error
> + */
> +static unsigned int (*fn_auth)(int, char * const []);
> +#endif
> +
> int mon_install(u32 addr, u32 dpsc, u32 freq)
> {
> int result;
>
> +#ifdef CONFIG_TI_SECURE_DEVICE
> + fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET);
> +#endif
> __asm__ __volatile__ (
> "stmfd r13!, {lr}\n"
> "mov r0, %1\n"
> @@ -61,3 +82,35 @@ int mon_power_off(int core_id)
> : "cc", "r0", "r1", "memory");
> return result;
> }
> +
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +static void k2_hs_auth(void *addr)
> +{
> + char *argv1 = KS2_AUTH_CMD;
> + char argv2[32];
> + char *argv[3] = {NULL, argv1, argv2};
> + int ret;
> +
> + sprintf(argv2, "0x%08x", (u32)addr);
> + ret = fn_auth(3, argv);
> +
> + if (ret == 0) {
Can this be if (!ret)?
> + printf("FAIL!!!\n"); /* remove form production code */
Wouldn't this be production code?
If this print is intended to stay the s/form/from
Dan
> + hang();
> + }
> +}
> +
> +void board_fit_image_post_process(void **p_image, size_t *p_size)
> +{
> + void *dst = *p_image;
> + void *src = dst + KS2_HS_SEC_HEADER_LEN;
> +
> + k2_hs_auth(*p_image);
> +
> + /*
> + * Overwrite the image headers after authentication
> + * and decryption. Move the image to its run address
> + */
> + memcpy(dst, src, *p_size - KS2_HS_SEC_HEADER_LEN);
> +}
> +#endif
--
------------------
Dan Murphy
More information about the U-Boot
mailing list