[U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs

Tue Aug 30 11:03:24 CEST 2016

On Friday 26 August 2016 12:00 PM, Madan Srinivas wrote:
> From: Vitaly Andrianov <vitalya at ti.com>
> 
> This commit implements the board_fit_image_post_process() function for
> the keystone architecture. Unlike OMAP class devices, security
> functions in keystone are not handled in the ROM.
> The interface to the secure functions is TI proprietary and depending
> on the keystone platform, the security functions like encryption,
> decryption and authentication might even be offloaded to other secure
> processing elements in the SoC.
> The boot monitor acts as the gateway to these secure functions and the
> boot monitor for secure devices is available as part of the SECDEV
> package for KS2. For more details refer doc/README.ti-secure
> 
> Signed-off-by: Vitaly Andrianov <vitalya at ti.com>
> Signed-off-by: Madan Srinivas <madans at ti.com>
> ---
> 
>  arch/arm/mach-keystone/mon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 53 insertions(+)
> 
> diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
> index 256f630..b4a6f1c 100644
> --- a/arch/arm/mach-keystone/mon.c
> +++ b/arch/arm/mach-keystone/mon.c
> @@ -12,10 +12,31 @@
>  #include <mach/mon.h>
>  asm(".arch_extension sec\n\t");
>  
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +#define KS2_HS_AUTH_FN_OFFSET	8
> +#define KS2_HS_SEC_HEADER_LEN	0x60
> +#define KS2_AUTH_CMD		"2"
> +/**
> + * (*fn_auth)() - Invokes security functions using a
> + * proprietary TI interface. This binary and source for
> + * this is available in the secure development package or
> + * SECDEV. For details on how to access this please refer
> + * doc/README.ti-secure
> + *
> + * @first param:	no. of parameters
> + * @second param:	parameter list
> + * @return non-zero value on success, zero on error
> + */
> +static unsigned int (*fn_auth)(int, char * const []);
> +#endif
> +
>  int mon_install(u32 addr, u32 dpsc, u32 freq)
>  {
>  	int result;
>  
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +	fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET);
> +#endif
>  	__asm__ __volatile__ (
>  		"stmfd r13!, {lr}\n"
>  		"mov r0, %1\n"
> @@ -61,3 +82,35 @@ int mon_power_off(int core_id)
>  		: "cc", "r0", "r1", "memory");
>  	return  result;
>  }
> +
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +static void k2_hs_auth(void *addr)
> +{
> +	char *argv1 = KS2_AUTH_CMD;
> +	char argv2[32];
> +	char *argv[3] = {NULL, argv1, argv2};
> +	int ret;
> +
> +	sprintf(argv2, "0x%08x", (u32)addr);
> +	ret = fn_auth(3, argv);

Can fn_auth be checked before calling it? Just to make sure monitor is
installed before processing any image.

> +
> +	if (ret == 0) {
> +		printf("FAIL!!!\n"); /* remove form production code */
> +		hang();
> +	}
> +}
> +
> +void board_fit_image_post_process(void **p_image, size_t *p_size)
> +{
> +	void *dst = *p_image;
> +	void *src = dst + KS2_HS_SEC_HEADER_LEN;
> +
> +	k2_hs_auth(*p_image);
> +
> +	/*
> +	* Overwrite the image headers  after authentication
> +	* and decryption. Move the image to its run address
> +	*/
> +	memcpy(dst, src, *p_size - KS2_HS_SEC_HEADER_LEN);

Technically image is not being moved to its run address. This is just
updating FIT image after post processing. Also, *p_size should be
updated to remove header size.

Thanks and regards,
Lokesh

> +}
> +#endif
> 