[U-Boot] [PATCH 1/3] fsl: PPA: add support PPA image validation from NAND and SD
Sumit Garg
sumit.garg at nxp.com
Fri Apr 7 23:08:54 UTC 2017
Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal at nxp.com>
Tested-by: Vinitha Pillai <vinitha.pillai at nxp.com>
---
arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 67 ++++++++++++++++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
index 7f87bb8..d8f1d36 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
@@ -39,6 +39,10 @@ int ppa_init(void)
#ifdef CONFIG_CHAIN_OF_TRUST
uintptr_t ppa_esbc_hdr = CONFIG_SYS_LS_PPA_ESBC_ADDR;
uintptr_t ppa_img_addr = 0;
+#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \
+ defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
+ void *ppa_hdr_ddr;
+#endif
#endif
#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
@@ -53,7 +57,7 @@ int ppa_init(void)
int dev = CONFIG_SYS_MMC_ENV_DEV;
struct fdt_header *fitp;
u32 cnt;
- u32 blk = CONFIG_SYS_LS_PPA_FW_ADDR / 512;
+ u32 blk;
debug("%s: PPA image load from eMMC/SD\n", __func__);
@@ -81,6 +85,7 @@ int ppa_init(void)
return -ENOMEM;
}
+ blk = CONFIG_SYS_LS_PPA_FW_ADDR / 512;
cnt = DIV_ROUND_UP(fdt_header_len, 512);
debug("%s: MMC read PPA FIT header: dev # %u, block # %u, count %u\n",
__func__, dev, blk, cnt);
@@ -102,6 +107,29 @@ int ppa_init(void)
return ret;
}
+#ifdef CONFIG_CHAIN_OF_TRUST
+ ppa_hdr_ddr = malloc(CONFIG_LS_PPA_ESBC_HDR_SIZE);
+ if (!ppa_hdr_ddr) {
+ printf("PPA: malloc failed for PPA header\n");
+ return -ENOMEM;
+ }
+
+ blk = CONFIG_SYS_LS_PPA_ESBC_ADDR >> 9;
+ cnt = DIV_ROUND_UP(CONFIG_LS_PPA_ESBC_HDR_SIZE, 512);
+ ret = mmc->block_dev.block_read(&mmc->block_dev, blk, cnt, ppa_hdr_ddr);
+ if (ret != cnt) {
+ free(ppa_hdr_ddr);
+ printf("MMC/SD read of PPA header failed\n");
+ return -EIO;
+ }
+ debug("Read PPA header to 0x%p\n", ppa_hdr_ddr);
+
+ /* flush cache after read */
+ flush_cache((ulong)ppa_hdr_ddr, cnt * 512);
+
+ ppa_esbc_hdr = (uintptr_t)ppa_hdr_ddr;
+#endif
+
fw_length = fdt_totalsize(fitp);
free(fitp);
@@ -113,6 +141,7 @@ int ppa_init(void)
return -ENOMEM;
}
+ blk = CONFIG_SYS_LS_PPA_FW_ADDR / 512;
cnt = DIV_ROUND_UP(fw_length, 512);
debug("%s: MMC read PPA FIT image: dev # %u, block # %u, count %u\n",
__func__, dev, blk, cnt);
@@ -148,6 +177,31 @@ int ppa_init(void)
return ret;
}
+#ifdef CONFIG_CHAIN_OF_TRUST
+ ppa_hdr_ddr = malloc(CONFIG_LS_PPA_ESBC_HDR_SIZE);
+ if (!ppa_hdr_ddr) {
+ printf("PPA: malloc failed for PPA header\n");
+ return -ENOMEM;
+ }
+
+ fw_length = CONFIG_LS_PPA_ESBC_HDR_SIZE;
+
+ ret = nand_read(nand_info[0], (loff_t)CONFIG_SYS_LS_PPA_ESBC_ADDR,
+ &fw_length, (u_char *)ppa_hdr_ddr);
+ if (ret == -EUCLEAN) {
+ free(ppa_hdr_ddr);
+ printf("NAND read of PPA firmware at offset 0x%x failed\n",
+ CONFIG_SYS_LS_PPA_FW_ADDR);
+ return -EIO;
+ }
+ debug("Read PPA header to 0x%p\n", ppa_hdr_ddr);
+
+ /* flush cache after read */
+ flush_cache((ulong)ppa_hdr_ddr, fw_length);
+
+ ppa_esbc_hdr = (uintptr_t)ppa_hdr_ddr;
+#endif
+
fw_length = fdt_totalsize(&fit);
ppa_fit_addr = malloc(fw_length);
@@ -177,6 +231,13 @@ int ppa_init(void)
#ifdef CONFIG_CHAIN_OF_TRUST
ppa_img_addr = (uintptr_t)ppa_fit_addr;
if (fsl_check_boot_mode_secure() != 0) {
+ /*
+ * In case of failure in validation, fsl_secboot_validate
+ * would not return back in case of Production environment
+ * with ITS=1. In Development environment (ITS=0 and
+ * SB_EN=1), the function may return back in case of
+ * non-fatal failures.
+ */
ret = fsl_secboot_validate(ppa_esbc_hdr,
PPA_KEY_HASH,
&ppa_img_addr);
@@ -185,6 +246,10 @@ int ppa_init(void)
else
printf("PPA validation Successful\n");
}
+#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \
+ defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
+ free(ppa_hdr_ddr);
+#endif
#endif
#ifdef CONFIG_FSL_LSCH3
--
1.9.1
More information about the U-Boot
mailing list