u-boot/arch/arm/mach-k3/security.c

// SPDX-License-Identifier: GPL-2.0
/*
 * K3: Security functions
 *
 * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
 *	Andrew F. Davis <afd@ti.com>
 */

#include <common.h>
#include <cpu_func.h>
#include <dm.h>
#include <hang.h>
#include <image.h>
#include <log.h>
#include <asm/cache.h>
#include <linux/soc/ti/ti_sci_protocol.h>
#include <mach/spl.h>
#include <spl.h>
#include <asm/arch/sys_proto.h>

void board_fit_image_post_process(void **p_image, size_t *p_size)
{
	struct ti_sci_handle *ti_sci = get_ti_sci_handle();
	struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
	u64 image_addr;
	u32 image_size;
	int ret;

	image_addr = (uintptr_t)*p_image;
	image_size = *p_size;

	debug("Authenticating image at address 0x%016llx\n", image_addr);
	debug("Authenticating image of size %d bytes\n", image_size);

	flush_dcache_range((unsigned long)image_addr,
			   ALIGN((unsigned long)image_addr + image_size,
				 ARCH_DMA_MINALIGN));

	/* Authenticate image */
	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
	if (ret) {
		printf("Authentication failed!\n");
		hang();
	}

	if (image_size)
		invalidate_dcache_range((unsigned long)image_addr,
					ALIGN((unsigned long)image_addr +
					      image_size, ARCH_DMA_MINALIGN));

	/*
	 * The image_size returned may be 0 when the authentication process has
	 * moved the image. When this happens no further processing on the
	 * image is needed or often even possible as it may have also been
	 * placed behind a firewall when moved.
	 */
	*p_size = image_size;

	/*
	 * Output notification of successful authentication to re-assure the
	 * user that the secure code is being processed as expected. However
	 * suppress any such log output in case of building for SPL and booting
	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
	 * protocol transactions.
	 */
	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
	      spl_boot_device() == BOOT_DEVICE_UART))
		printf("Authentication passed\n");
}
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00			`// SPDX-License-Identifier: GPL-2.0`
			`/*`
			`* K3: Security functions`
			`*`
			`* Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/`
			`* Andrew F. Davis <afd@ti.com>`
			`*/`

			`#include <common.h>`
arm: mach-k3: security: Clean image out of cache before authentication On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually A53 or A72). The large ARMs are coherent with the DMA controllers and the SYSFW that perform authentication. And previously the R5 core did not enable caches. Now that R5 does enable caching we need to be sure to clean out any of the image that may still only be in cache before we read it using external DMA for authentication. Although not expected to happen, it may be possible that the data was read back into cache after the flush but before the external operation, in this case we must invalidate our stale local cached version. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 2020-01-07 23:22:29 +00:00			`#include <cpu_func.h>`
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00			`#include <dm.h>`
common: Move hang() to the same header as panic() At present panic() is in the vsprintf.h header file. That does not seem like an obvious choice for hang(), even though it relates to panic(). So let's put hang() in its own header. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Migrate a few more files] Signed-off-by: Tom Rini <trini@konsulko.com> 2019-12-28 17:45:07 +00:00			`#include <hang.h>`
common: Drop image.h from common header Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 2020-05-10 17:40:01 +00:00			`#include <image.h>`
common: Drop log.h from common header Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 2020-05-10 17:40:05 +00:00			`#include <log.h>`
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> 2020-05-10 17:39:56 +00:00			`#include <asm/cache.h>`
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00			`#include <linux/soc/ti/ti_sci_protocol.h>`
			`#include <mach/spl.h>`
			`#include <spl.h>`
arm: k3: Use get_ti_sci_handle() where ever possible Instead of calling uclass apis everywhere, use get_ti_sci_handle() when ever ti_sci is needed. Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 2019-09-09 07:17:38 +00:00			`#include <asm/arch/sys_proto.h>`
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00
			`void board_fit_image_post_process(void *p_image, size_t p_size)`
			`{`
arm: k3: Use get_ti_sci_handle() where ever possible Instead of calling uclass apis everywhere, use get_ti_sci_handle() when ever ti_sci is needed. Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 2019-09-09 07:17:38 +00:00			`struct ti_sci_handle *ti_sci = get_ti_sci_handle();`
			`struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;`
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00			`u64 image_addr;`
			`u32 image_size;`
			`int ret;`

			`image_addr = (uintptr_t)*p_image;`
arm: mach-k3: security: Clean image out of cache before authentication On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually A53 or A72). The large ARMs are coherent with the DMA controllers and the SYSFW that perform authentication. And previously the R5 core did not enable caches. Now that R5 does enable caching we need to be sure to clean out any of the image that may still only be in cache before we read it using external DMA for authentication. Although not expected to happen, it may be possible that the data was read back into cache after the flush but before the external operation, in this case we must invalidate our stale local cached version. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 2020-01-07 23:22:29 +00:00			`image_size = *p_size;`
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00
			`debug("Authenticating image at address 0x%016llx\n", image_addr);`
arm: mach-k3: security: Clean image out of cache before authentication On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually A53 or A72). The large ARMs are coherent with the DMA controllers and the SYSFW that perform authentication. And previously the R5 core did not enable caches. Now that R5 does enable caching we need to be sure to clean out any of the image that may still only be in cache before we read it using external DMA for authentication. Although not expected to happen, it may be possible that the data was read back into cache after the flush but before the external operation, in this case we must invalidate our stale local cached version. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 2020-01-07 23:22:29 +00:00			`debug("Authenticating image of size %d bytes\n", image_size);`

			`flush_dcache_range((unsigned long)image_addr,`
			`ALIGN((unsigned long)image_addr + image_size,`
			`ARCH_DMA_MINALIGN));`
arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00
			`/* Authenticate image */`
			`ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);`
			`if (ret) {`
			`printf("Authentication failed!\n");`
			`hang();`
			`}`

arm: mach-k3: security: Clean image out of cache before authentication On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually A53 or A72). The large ARMs are coherent with the DMA controllers and the SYSFW that perform authentication. And previously the R5 core did not enable caches. Now that R5 does enable caching we need to be sure to clean out any of the image that may still only be in cache before we read it using external DMA for authentication. Although not expected to happen, it may be possible that the data was read back into cache after the flush but before the external operation, in this case we must invalidate our stale local cached version. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 2020-01-07 23:22:29 +00:00			`if (image_size)`
			`invalidate_dcache_range((unsigned long)image_addr,`
			`ALIGN((unsigned long)image_addr +`
			`image_size, ARCH_DMA_MINALIGN));`

arm: mach-k3: Add secure device support K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Andreas Dannenberg <dannenberg@ti.com> 2019-04-12 16:54:45 +00:00			`/*`
			`* The image_size returned may be 0 when the authentication process has`
			`* moved the image. When this happens no further processing on the`
			`* image is needed or often even possible as it may have also been`
			`* placed behind a firewall when moved.`
			`*/`
			`*p_size = image_size;`

			`/*`
			`* Output notification of successful authentication to re-assure the`
			`* user that the secure code is being processed as expected. However`
			`* suppress any such log output in case of building for SPL and booting`
			`* via YMODEM. This is done to avoid disturbing the YMODEM serial`
			`* protocol transactions.`
			`*/`
			`if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&`
			`IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&`
			`spl_boot_device() == BOOT_DEVICE_UART))`
			`printf("Authentication passed\n");`
			`}`