[U-Boot] [PATCH] arm: mach-k3: security: Clean image out of cache before authentication

Lokesh Vutla lokeshvutla at ti.com
Wed Jan 8 05:11:59 CET 2020



On 08/01/20 4:52 AM, Andrew F. Davis wrote:
> On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
> A53 or A72). The large ARMs are coherent with the DMA controllers and
> the SYSFW that perform authentication. And previously the R5 core did
> not enable caches. Now that R5 does enable caching we need to be sure
> to clean out any of the image that may still only be in cache before we
> read it using external DMA for authentication.
> 
> Although not expected to happen, it may be possible that the data was
> read back into cache after the flush but before the external operation,
> in this case we must invalidate our stale local cached version.
> 
> Signed-off-by: Andrew F. Davis <afd at ti.com>

Reviewed-by: Lokesh Vutla <lokeshvutla at ti.com>

Thanks and regards,
Lokesh

> ---
>  arch/arm/mach-k3/security.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
> index 4e011ee10e..83b037f189 100644
> --- a/arch/arm/mach-k3/security.c
> +++ b/arch/arm/mach-k3/security.c
> @@ -7,6 +7,7 @@
>   */
>  
>  #include <common.h>
> +#include <cpu_func.h>
>  #include <dm.h>
>  #include <linux/soc/ti/ti_sci_protocol.h>
>  #include <mach/spl.h>
> @@ -22,8 +23,14 @@ void board_fit_image_post_process(void **p_image, size_t *p_size)
>  	int ret;
>  
>  	image_addr = (uintptr_t)*p_image;
> +	image_size = *p_size;
>  
>  	debug("Authenticating image at address 0x%016llx\n", image_addr);
> +	debug("Authenticating image of size %d bytes\n", image_size);
> +
> +	flush_dcache_range((unsigned long)image_addr,
> +			   ALIGN((unsigned long)image_addr + image_size,
> +				 ARCH_DMA_MINALIGN));
>  
>  	/* Authenticate image */
>  	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
> @@ -32,6 +39,11 @@ void board_fit_image_post_process(void **p_image, size_t *p_size)
>  		hang();
>  	}
>  
> +	if (image_size)
> +		invalidate_dcache_range((unsigned long)image_addr,
> +					ALIGN((unsigned long)image_addr +
> +					      image_size, ARCH_DMA_MINALIGN));
> +
>  	/*
>  	 * The image_size returned may be 0 when the authentication process has
>  	 * moved the image. When this happens no further processing on the
> 


More information about the U-Boot mailing list