[PATCH 1/4] imx9: bootaux: Support authenticate signed Mcore container image

ye.li at oss.nxp.com ye.li at oss.nxp.com
Wed Jun 17 16:14:43 CEST 2026


From: Ye Li <ye.li at nxp.com>

Add new command bootaux_cntr to replace bootaux in secure boot
(CONFIG_AHAB_BOOT=y) to authenticate signed M33 core image.
The M33 image must be packed in container format and signed.
bootaux_cntr supports Mcore image loaded to TCM or run as
FlexSPI NOR XIP.

Signed-off-by: Ye Li <ye.li at nxp.com>
---
 arch/arm/include/asm/arch-imx9/imx-regs.h |  12 ++
 arch/arm/mach-imx/imx9/imx_bootaux.c      | 216 ++++++++++++++++++++++
 2 files changed, 228 insertions(+)

diff --git a/arch/arm/include/asm/arch-imx9/imx-regs.h b/arch/arm/include/asm/arch-imx9/imx-regs.h
index fbf2e6a2b01..47d6ae9b559 100644
--- a/arch/arm/include/asm/arch-imx9/imx-regs.h
+++ b/arch/arm/include/asm/arch-imx9/imx-regs.h
@@ -47,6 +47,18 @@
 #define SRC_MEDIA_RBASE		(SRC_IPS_BASE_ADDR + 0x2400)
 #define SRC_M33P_RBASE		(SRC_IPS_BASE_ADDR + 0x2800)
 
+#define TCML_BASE_ADDR              (0x201E0000UL)
+#define TCML_BASE_MCORE_SEC_ADDR    (0x1FFE0000UL)
+#define TCML_BASE_MCORE_NSEC_ADDR   (0x0FFE0000UL)
+#define TCML_SIZE                   (0x20000U)
+#define TCMU_BASE_ADDR              (0x20200000UL)
+#define TCMU_BASE_MCORE_SEC_ADDR    (0x30000000UL)
+#define TCMU_BASE_MCORE_NSEC_ADDR   (0x20000000UL)
+#define TCMU_SIZE                   (0x20000U)
+
+#define FLEXSPI_AHB_ADDR            (0x28000000UL)
+#define FLEXSPI_AHB_SIZE            (0x8000000UL)
+
 #define SRC_MIX_SLICE_FUNC_STAT_PSW_STAT BIT(0)
 #define SRC_MIX_SLICE_FUNC_STAT_RST_STAT BIT(2)
 #define SRC_MIX_SLICE_FUNC_STAT_ISO_STAT BIT(4)
diff --git a/arch/arm/mach-imx/imx9/imx_bootaux.c b/arch/arm/mach-imx/imx9/imx_bootaux.c
index 73f2e72263d..d3494a9baa9 100644
--- a/arch/arm/mach-imx/imx9/imx_bootaux.c
+++ b/arch/arm/mach-imx/imx9/imx_bootaux.c
@@ -9,6 +9,12 @@
 #include <vsprintf.h>
 #include <linux/arm-smccc.h>
 #include <linux/errno.h>
+#include <asm/mach-imx/ahab.h>
+#include <asm/arch/imx-regs.h>
+#include <cpu_func.h>
+#include <asm/global_data.h>
+
+DECLARE_GLOBAL_DATA_PTR;
 
 int arch_auxiliary_core_check_up(u32 core_id)
 {
@@ -47,6 +53,198 @@ int arch_auxiliary_core_up(u32 core_id, ulong addr)
 	return 0;
 }
 
+static inline bool check_in_ddr(ulong addr)
+{
+	int i;
+	struct bd_info *bd = gd->bd;
+
+	for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
+		if (bd->bi_dram[i].size) {
+			if (addr >= bd->bi_dram[i].start &&
+			    addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
+				return true;
+		}
+	}
+
+	return false;
+}
+
+static inline bool check_in_tcm(ulong addr, bool mcore_view)
+{
+	if (mcore_view) {
+		if ((addr >= TCML_BASE_MCORE_SEC_ADDR &&
+		     addr < TCML_BASE_MCORE_SEC_ADDR + TCML_SIZE) ||
+		    (addr >= TCMU_BASE_MCORE_SEC_ADDR &&
+		     addr < TCMU_BASE_MCORE_SEC_ADDR + TCMU_SIZE))
+			return true;
+
+		if ((addr >= TCML_BASE_MCORE_NSEC_ADDR &&
+		     addr < TCML_BASE_MCORE_NSEC_ADDR + TCML_SIZE) ||
+		    (addr >= TCMU_BASE_MCORE_NSEC_ADDR &&
+		     addr < TCMU_BASE_MCORE_NSEC_ADDR + TCMU_SIZE))
+			return true;
+	} else {
+		if ((addr >= TCML_BASE_ADDR &&
+		     addr < TCML_BASE_ADDR + TCML_SIZE) ||
+		    (addr >= TCMU_BASE_ADDR &&
+		     addr < TCMU_BASE_ADDR + TCMU_SIZE))
+			return true;
+	}
+	return false;
+}
+
+static inline bool check_in_flexspi(ulong addr)
+{
+	if (addr >= FLEXSPI_AHB_ADDR && addr < FLEXSPI_AHB_ADDR + FLEXSPI_AHB_SIZE)
+		return true;
+
+	return false;
+}
+
+#if IS_ENABLED(CONFIG_AHAB_BOOT)
+static int authenticate_auxcore_container(ulong addr, ulong *entry)
+{
+	struct container_hdr *phdr;
+	int i, ret = 0;
+	u16 length;
+	struct boot_img_t *img;
+	unsigned long s, e;
+
+	if (addr % 4) {
+		printf("Error: Image's address is not 4 byte aligned\n");
+		return -EINVAL;
+	}
+
+	if (!check_in_ddr(addr) && !check_in_tcm(addr, false) && !check_in_flexspi(addr)) {
+		printf("Error: Container's address is invalid\n");
+		return -EINVAL;
+	}
+
+	phdr = (struct container_hdr *)addr;
+	if (!valid_container_hdr(phdr)) {
+		printf("Error: Wrong container header\n");
+		return -EFAULT;
+	}
+
+	if (!phdr->num_images) {
+		printf("Error: Wrong container, no image found\n");
+		return -EFAULT;
+	}
+
+	length = phdr->length_lsb + (phdr->length_msb << 8);
+
+	debug("container length %u\n", length);
+
+	phdr = ahab_auth_cntr_hdr(phdr, length);
+	if (!phdr) {
+		ret = -EIO;
+		goto exit;
+	}
+
+	/* Copy images to dest address */
+	for (i = 0; i < phdr->num_images; i++) {
+		img = (struct boot_img_t *)((ulong)phdr +
+					    sizeof(struct container_hdr) +
+					    i * sizeof(struct boot_img_t));
+
+		/* Check Core ID of M core */
+		if ((img->meta & 0xff) != 0) {
+			printf("Error: Wrong Image core ID, meta = 0x%x\n", img->meta);
+			ret = -EFAULT;
+			break;
+		}
+
+		debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
+		      i, (uint32_t)img->dst, img->offset + addr, img->size);
+
+		if (check_in_flexspi(img->dst)) {
+			if (img->dst != img->offset + addr) {
+				printf("Error: Wrong Image[%u] load address 0x%llx\n", i, img->dst);
+				ret = -EFAULT;
+				break;
+			}
+		} else {
+			if (!check_in_ddr(img->dst) && !check_in_tcm(img->dst, false)) {
+				printf("Error: Invalid Image[%u] load address 0x%llx\n",
+				       i, img->dst);
+				ret = -EFAULT;
+				break;
+			}
+
+			memcpy((void *)img->dst, (const void *)(img->offset + addr), img->size);
+
+			s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
+			e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
+
+			flush_dcache_range(s, e);
+		}
+
+		ret = ahab_verify_cntr_image(img, i);
+		if (ret)
+			goto exit;
+
+		/*  If the image is type of  executable, set entry */
+		if (entry && (img->hab_flags & 0xf) == 0x3)
+			*entry = img->entry;
+	}
+
+exit:
+	debug("ahab_auth_release, 0x%x\n", ret);
+	ahab_auth_release();
+
+	return ret;
+}
+
+static int do_bootaux_cntr(struct cmd_tbl *cmdtp, int flag, int argc,
+			   char *const argv[])
+{
+	ulong addr, entry;
+	int ret, up;
+	u32 core = 0;
+	u32 stop = 0;
+
+	if (argc < 2)
+		return CMD_RET_USAGE;
+
+	if (argc > 2)
+		core = simple_strtoul(argv[2], NULL, 10);
+
+	if (argc > 3)
+		stop = simple_strtoul(argv[3], NULL, 10);
+
+	up = arch_auxiliary_core_check_up(core);
+	if (up) {
+		printf("## Auxiliary core is already up\n");
+		return CMD_RET_SUCCESS;
+	}
+
+	addr = simple_strtoul(argv[1], NULL, 16);
+
+	if (!addr)
+		return CMD_RET_FAILURE;
+
+	printf("Authenticate auxcore container at 0x%lx\n", addr);
+
+	ret = authenticate_auxcore_container(addr, &entry);
+	if (ret) {
+		printf("Authenticate container failed %d\n", ret);
+		return CMD_RET_FAILURE;
+	}
+
+	if (!check_in_ddr(entry) && !check_in_tcm(entry, true) &&
+	    !check_in_flexspi(entry)) {
+		printf("Error: Image's entry 0x%lx is invalid\n", entry);
+		return CMD_RET_FAILURE;
+	}
+
+	ret = arch_auxiliary_core_up(core, entry);
+	if (ret)
+		return CMD_RET_FAILURE;
+
+	return CMD_RET_SUCCESS;
+}
+#else
+
 /*
  * To i.MX6SX and i.MX7D, the image supported by bootaux needs
  * the reset vector at the head for the image, with SP and PC
@@ -88,12 +286,20 @@ static int do_bootaux(struct cmd_tbl *cmdtp, int flag, int argc,
 	if (!addr)
 		return CMD_RET_FAILURE;
 
+	if (!check_in_ddr(addr) && !check_in_tcm(addr, true) && !check_in_flexspi(addr)) {
+		printf("Error: Image's address 0x%lx is invalid\n", addr);
+		printf("     Address should be memory from M core view,\n"
+			   "     For example: 0x1ffe0000 for TCML in secure\n");
+		return CMD_RET_FAILURE;
+	}
+
 	ret = arch_auxiliary_core_up(core, addr);
 	if (ret)
 		return CMD_RET_FAILURE;
 
 	return CMD_RET_SUCCESS;
 }
+#endif
 
 static int do_stopaux(struct cmd_tbl *cmdtp, int flag, int argc,
 		      char *const argv[])
@@ -121,6 +327,15 @@ U_BOOT_CMD(
 	"     at address <address>\n"
 );
 
+#if IS_ENABLED(CONFIG_AHAB_BOOT)
+U_BOOT_CMD(
+	bootaux_cntr, CONFIG_SYS_MAXARGS, 1,	do_bootaux_cntr,
+	"Start auxiliary core",
+	"<container_address> [<core>]\n"
+	"   - start auxiliary core [<core>] (default 0),\n"
+	"     with signed container image at address <address> in A core view\n"
+);
+#else
 U_BOOT_CMD(
 	bootaux, CONFIG_SYS_MAXARGS, 1,	do_bootaux,
 	"Start auxiliary core",
@@ -128,3 +343,4 @@ U_BOOT_CMD(
 	"   - start auxiliary core [<core>] (default 0),\n"
 	"     at address <address> of auxiliary core view\n"
 );
+#endif
-- 
2.34.1



More information about the U-Boot mailing list