u-boot/board/xilinx/zynqmp/cmds.c

// SPDX-License-Identifier: GPL-2.0
/*
 * (C) Copyright 2018 Xilinx, Inc.
 * Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
 */

#include <common.h>
#include <malloc.h>
#include <asm/arch/sys_proto.h>
#include <asm/io.h>

static int zynqmp_verify_secure(u8 *key_ptr, u8 *src_ptr, u32 len)
{
	int ret;
	u32 src_lo, src_hi;
	u32 key_lo = 0;
	u32 key_hi = 0;
	u32 ret_payload[PAYLOAD_ARG_CNT];
	u64 addr;

	if ((ulong)src_ptr != ALIGN((ulong)src_ptr,
				    CONFIG_SYS_CACHELINE_SIZE)) {
		printf("Failed: source address not aligned:%p\n", src_ptr);
		return -EINVAL;
	}

	src_lo = lower_32_bits((ulong)src_ptr);
	src_hi = upper_32_bits((ulong)src_ptr);
	flush_dcache_range((ulong)src_ptr, (ulong)(src_ptr + len));

	if (key_ptr) {
		key_lo = lower_32_bits((ulong)key_ptr);
		key_hi = upper_32_bits((ulong)key_ptr);
		flush_dcache_range((ulong)key_ptr,
				   (ulong)(key_ptr + KEY_PTR_LEN));
	}

	ret = invoke_smc(ZYNQMP_SIP_SVC_PM_SECURE_IMG_LOAD, src_lo, src_hi,
			 key_lo, key_hi, ret_payload);
	if (ret) {
		printf("Failed: secure op status:0x%x\n", ret);
	} else {
		addr = (u64)ret_payload[1] << 32 | ret_payload[2];
		printf("Verified image at 0x%llx\n", addr);
		env_set_hex("zynqmp_verified_img_addr", addr);
	}

	return ret;
}

/**
 * do_zynqmp - Handle the "zynqmp" command-line command
 * @cmdtp:	Command data struct pointer
 * @flag:	Command flag
 * @argc:	Command-line argument count
 * @argv:	Array of command-line arguments
 *
 * Processes the zynqmp specific commands
 *
 * Return: return 0 on success and CMD_RET_USAGE incase of misuse and error
 */
static int do_zynqmp(cmd_tbl_t *cmdtp, int flag, int argc,
		     char *const argv[])
{
	u64 src_addr;
	u32 len;
	u8 *key_ptr = NULL;
	u8 *src_ptr;
	int ret;

	if (argc > 5 || argc < 4 || strncmp(argv[1], "secure", 6))
		return CMD_RET_USAGE;

	src_addr = simple_strtoull(argv[2], NULL, 16);

	len = simple_strtoul(argv[3], NULL, 16);

	if (argc > 4)
		key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
								NULL, 16);

	src_ptr = (uint8_t *)(uintptr_t)src_addr;

	ret = zynqmp_verify_secure(key_ptr, src_ptr, len);
	if (ret)
		return CMD_RET_FAILURE;

	return CMD_RET_SUCCESS;
}

/***************************************************/
#ifdef CONFIG_SYS_LONGHELP
static char zynqmp_help_text[] =
	"secure src len [key_addr] - verifies secure images of $len bytes\n"
	"                            long at address $src. Optional key_addr\n"
	"                            can be specified if user key needs to\n"
	"                            be used for decryption\n";
#endif

U_BOOT_CMD(
	zynqmp, 5, 1, do_zynqmp,
	"Verify and load secure images",
	zynqmp_help_text
)
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 2018-05-06 21:58:06 +00:00			`// SPDX-License-Identifier: GPL-2.0`
arm64: zynqmp: Add support for verifying secure images This patch adds new command "zynqmp" to handle zynqmp specific commands like "zynqmp secure". This secure command is used for verifying zynqmp specific secure images. The secure image can either be authenticated or encrypted or both encrypted and authenticated. The secure image is prepared using bootgen and will be in xilinx specific BOOT.BIN format. The optional key can be used for decryption of encrypted image if user key was specified while creation BOOT.BIN. Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com> 2018-02-28 07:56:53 +00:00			`/*`
			`* (C) Copyright 2018 Xilinx, Inc.`
			`* Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>`
			`*/`

			`#include <common.h>`
			`#include <malloc.h>`
			`#include <asm/arch/sys_proto.h>`
			`#include <asm/io.h>`

			`static int zynqmp_verify_secure(u8 key_ptr, u8 src_ptr, u32 len)`
			`{`
			`int ret;`
			`u32 src_lo, src_hi;`
			`u32 key_lo = 0;`
			`u32 key_hi = 0;`
			`u32 ret_payload[PAYLOAD_ARG_CNT];`
			`u64 addr;`

			`if ((ulong)src_ptr != ALIGN((ulong)src_ptr,`
			`CONFIG_SYS_CACHELINE_SIZE)) {`
			`printf("Failed: source address not aligned:%p\n", src_ptr);`
			`return -EINVAL;`
			`}`

			`src_lo = lower_32_bits((ulong)src_ptr);`
			`src_hi = upper_32_bits((ulong)src_ptr);`
			`flush_dcache_range((ulong)src_ptr, (ulong)(src_ptr + len));`

			`if (key_ptr) {`
			`key_lo = lower_32_bits((ulong)key_ptr);`
			`key_hi = upper_32_bits((ulong)key_ptr);`
			`flush_dcache_range((ulong)key_ptr,`
			`(ulong)(key_ptr + KEY_PTR_LEN));`
			`}`

			`ret = invoke_smc(ZYNQMP_SIP_SVC_PM_SECURE_IMG_LOAD, src_lo, src_hi,`
			`key_lo, key_hi, ret_payload);`
			`if (ret) {`
			`printf("Failed: secure op status:0x%x\n", ret);`
			`} else {`
			`addr = (u64)ret_payload[1] << 32 \| ret_payload[2];`
			`printf("Verified image at 0x%llx\n", addr);`
			`env_set_hex("zynqmp_verified_img_addr", addr);`
			`}`

			`return ret;`
			`}`

			`/**`
			`* do_zynqmp - Handle the "zynqmp" command-line command`
			`* @cmdtp: Command data struct pointer`
			`* @flag: Command flag`
			`* @argc: Command-line argument count`
			`* @argv: Array of command-line arguments`
			`*`
			`* Processes the zynqmp specific commands`
			`*`
			`* Return: return 0 on success and CMD_RET_USAGE incase of misuse and error`
			`*/`
			`static int do_zynqmp(cmd_tbl_t *cmdtp, int flag, int argc,`
			`char *const argv[])`
			`{`
			`u64 src_addr;`
			`u32 len;`
			`u8 *key_ptr = NULL;`
			`u8 *src_ptr;`
			`int ret;`

			`if (argc > 5 \|\| argc < 4 \|\| strncmp(argv[1], "secure", 6))`
			`return CMD_RET_USAGE;`

			`src_addr = simple_strtoull(argv[2], NULL, 16);`

			`len = simple_strtoul(argv[3], NULL, 16);`

			`if (argc > 4)`
			`key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],`
			`NULL, 16);`

			`src_ptr = (uint8_t *)(uintptr_t)src_addr;`

			`ret = zynqmp_verify_secure(key_ptr, src_ptr, len);`
			`if (ret)`
			`return CMD_RET_FAILURE;`

			`return CMD_RET_SUCCESS;`
			`}`

			`/***************************************************/`
			`#ifdef CONFIG_SYS_LONGHELP`
			`static char zynqmp_help_text[] =`
			`"secure src len [key_addr] - verifies secure images of $len bytes\n"`
			`" long at address $src. Optional key_addr\n"`
			`" can be specified if user key needs to\n"`
			`" be used for decryption\n";`
			`#endif`

			`U_BOOT_CMD(`
			`zynqmp, 5, 1, do_zynqmp,`
			`"Verify and load secure images",`
			`zynqmp_help_text`
			`)`