[PATCH 10/10] arm: mach-k3: common: re-locate authentication for atf/optee

Manorit Chawdhry m-chawdhry at ti.com
Thu Apr 13 12:29:54 CEST 2023 

Hi,

On 13:58-20230412, Manorit Chawdhry wrote:
> For setting up the master firewalls present in the K3 SoCs, the arm64
> clusters need to be powered on.
> 
> Re-locates the code for atf/optee authentication.
> 
> Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
> ---
>  arch/arm/mach-k3/common.c | 23 +++++++++++++++++++++--
>  1 file changed, 21 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
> index a2adb791f6c0..6e04cc7a24aa 100644
> --- a/arch/arm/mach-k3/common.c
> +++ b/arch/arm/mach-k3/common.c
> @@ -227,6 +227,21 @@ void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
>  	if (ret)
>  		panic("%s: ATF failed to load on rproc (%d)\n", __func__, ret);
>  
> +	if (IS_ENABLED(CONFIG_FIT_IMAGE_POST_PROCESS) &&
> +	    IS_ENABLED(CONFIG_SYS_K3_SPL_ATF)) {

This caused some build failures so will update this to #if which fixes
it along with changing CONFIG_FIT_IMAGE_POST_PROCESS to
CONFIG_SPL_FIT_IMAGE_POST_PROCESS.

> +		for (int i = IMAGE_ID_ATF; i < IMAGE_ID_SPL; i++) {

will explicitely make the calls for authentication of atf and optee to avoid
the problems if enums change in future

> +			void *image_addr =
> +				(void *)fit_image_info[i].image_start;
> +
> +			debug("%s: Authenticating image: addr=%x, size=%d, os=%s\n",
> +			      __func__, fit_image_info[i].image_start,
> +			      fit_image_info[i].image_len, image_os_match[i]);
> +
> +			ti_secure_image_post_process(&image_addr,
> +						     &fit_image_info[i].image_len);
> +		}
> +	}
> +
>  	if (!fit_image_info[IMAGE_ID_DM_FW].image_len &&
>  	    !(size > 0 && valid_elf_image(loadaddr))) {
>  		shut_cpu = 1;
> @@ -288,9 +303,13 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image,
>  			break;
>  		}
>  	}
> +	/*
> +	 * Only DM and the DTBs are being authenticated here,
> +	 * rest will be authenticated when A72 cluster is up
> +	 */
> +	if (i >= IMAGE_ID_SPL)

Instead of using this way will change to check specifically for atf and
optee so that it remains unaffected incase the enums change.

>  #endif
> -
> -	ti_secure_image_post_process(p_image, p_size);
> +		ti_secure_image_post_process(p_image, p_size);
>  }
>  #endif
>  
> 
> -- 
> 2.34.1
> 

Regards,
Manorit

More information about the U-Boot mailing list