[U-Boot] [PATCH] arm: mach-k3: security: Clean image out of cache before authentication
Lokesh Vutla
lokeshvutla at ti.com
Wed Jan 8 05:11:59 CET 2020
On 08/01/20 4:52 AM, Andrew F. Davis wrote:
> On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
> A53 or A72). The large ARMs are coherent with the DMA controllers and
> the SYSFW that perform authentication. And previously the R5 core did
> not enable caches. Now that R5 does enable caching we need to be sure
> to clean out any of the image that may still only be in cache before we
> read it using external DMA for authentication.
>
> Although not expected to happen, it may be possible that the data was
> read back into cache after the flush but before the external operation,
> in this case we must invalidate our stale local cached version.
>
> Signed-off-by: Andrew F. Davis <afd at ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla at ti.com>
Thanks and regards,
Lokesh
> ---
> arch/arm/mach-k3/security.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
> index 4e011ee10e..83b037f189 100644
> --- a/arch/arm/mach-k3/security.c
> +++ b/arch/arm/mach-k3/security.c
> @@ -7,6 +7,7 @@
> */
>
> #include <common.h>
> +#include <cpu_func.h>
> #include <dm.h>
> #include <linux/soc/ti/ti_sci_protocol.h>
> #include <mach/spl.h>
> @@ -22,8 +23,14 @@ void board_fit_image_post_process(void **p_image, size_t *p_size)
> int ret;
>
> image_addr = (uintptr_t)*p_image;
> + image_size = *p_size;
>
> debug("Authenticating image at address 0x%016llx\n", image_addr);
> + debug("Authenticating image of size %d bytes\n", image_size);
> +
> + flush_dcache_range((unsigned long)image_addr,
> + ALIGN((unsigned long)image_addr + image_size,
> + ARCH_DMA_MINALIGN));
>
> /* Authenticate image */
> ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
> @@ -32,6 +39,11 @@ void board_fit_image_post_process(void **p_image, size_t *p_size)
> hang();
> }
>
> + if (image_size)
> + invalidate_dcache_range((unsigned long)image_addr,
> + ALIGN((unsigned long)image_addr +
> + image_size, ARCH_DMA_MINALIGN));
> +
> /*
> * The image_size returned may be 0 when the authentication process has
> * moved the image. When this happens no further processing on the
>
More information about the U-Boot
mailing list