The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Fix regression occurred during refactoring for the mentioned commit.
Fixes: bd6a247593 ("arm: mach-k3: security: separate out validating binary logic")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.
ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.
Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.
Fixes: 1e00e9be62 ("arm: mach-k3: common: re-locate authentication for atf/optee")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.
Signed-off-by: Andrew Davis <afd@ti.com>
If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.
This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.
If this does happen, print a nice big warning.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.
Signed-off-by: Andrew Davis <afd@ti.com>
On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.
Signed-off-by: Andrew Davis <afd@ti.com>
Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
K3 J721E:
* DMA support.
* MMC and ADMA support.
* EEPROM support.
* J721e High Security EVM support.
* USB DT nodes
K3 AM654:
* Fixed boot due to pmic probe error.
* USB support and DT nodes.
* ADMA support
DRA7xx/AM57xx:
* BBAI board support
* Clean up of net platform code under board/ti
AM33/AM43/Davinci:
* Reduce SPL size for omap3 boards.
* SPL DT support for da850-lcdk
* PLL divider fix for AM335x
On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.
Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>
