[U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs
Madan Srinivas
madans at ti.com
Thu Sep 1 07:04:37 CEST 2016
From: Vitaly Andrianov <vitalya at ti.com>
This commit implements the board_fit_image_post_process() function for
the keystone architecture. Unlike OMAP class devices, security
functions in keystone are not handled in the ROM.
The interface to the secure functions is TI proprietary and depending
on the keystone platform, the security functions like encryption,
decryption and authentication might even be offloaded to other secure
processing elements in the SoC.
The boot monitor acts as the gateway to these secure functions and the
boot monitor for secure devices is available as part of the SECDEV
package for KS2. For more details refer doc/README.ti-secure
Signed-off-by: Vitaly Andrianov <vitalya at ti.com>
Signed-off-by: Madan Srinivas <madans at ti.com>
Cc: Lokesh Vutla <lokeshvutla at ti.com>
Cc: Dan Murphy <dmurphy at ti.com>
---
Changes in v2:
- The following changes are made to mon.c based on review comments
Adds NULL pointer check before calling authentication interface
Removes an unnecessary printf
Updates size of signed FIT blob after post processing removes header
arch/arm/mach-keystone/mon.c | 55 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
index 256f630..6b79077 100644
--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -12,10 +12,31 @@
#include <mach/mon.h>
asm(".arch_extension sec\n\t");
+#ifdef CONFIG_TI_SECURE_DEVICE
+#define KS2_HS_AUTH_FN_OFFSET 8
+#define KS2_HS_SEC_HEADER_LEN 0x60
+#define KS2_AUTH_CMD "2"
+/**
+ * (*fn_auth)() - Invokes security functions using a
+ * proprietary TI interface. This binary and source for
+ * this is available in the secure development package or
+ * SECDEV. For details on how to access this please refer
+ * doc/README.ti-secure
+ *
+ * @first param: no. of parameters
+ * @second param: parameter list
+ * @return non-zero value on success, zero on error
+ */
+static unsigned int (*fn_auth)(int, char * const []);
+#endif
+
int mon_install(u32 addr, u32 dpsc, u32 freq)
{
int result;
+#ifdef CONFIG_TI_SECURE_DEVICE
+ fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET);
+#endif
__asm__ __volatile__ (
"stmfd r13!, {lr}\n"
"mov r0, %1\n"
@@ -61,3 +82,37 @@ int mon_power_off(int core_id)
: "cc", "r0", "r1", "memory");
return result;
}
+
+#ifdef CONFIG_TI_SECURE_DEVICE
+static void k2_hs_auth(void *addr)
+{
+ char *argv1 = KS2_AUTH_CMD;
+ char argv2[32];
+ char *argv[3] = {NULL, argv1, argv2};
+ int ret = 0;
+
+ sprintf(argv2, "0x%08x", (u32)addr);
+
+ if (fn_auth)
+ ret = fn_auth(3, argv);
+
+ if (ret == 0)
+ hang();
+}
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+ void *dst = *p_image;
+ void *src = dst + KS2_HS_SEC_HEADER_LEN;
+
+ k2_hs_auth(*p_image);
+
+ /*
+ * Overwrite the image headers after authentication
+ * and decryption. Update size to relect removal
+ * of header.
+ */
+ *p_size -= KS2_HS_SEC_HEADER_LEN;
+ memcpy(dst, src, *p_size);
+}
+#endif
--
2.7.4
More information about the U-Boot
mailing list