mirror of
https://github.com/AsahiLinux/u-boot
synced 2025-01-01 15:58:50 +00:00
83d290c56f
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
140 lines
3 KiB
C
140 lines
3 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* K2HK: secure kernel command file
|
|
*
|
|
* (C) Copyright 2012-2014
|
|
* Texas Instruments Incorporated, <www.ti.com>
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <command.h>
|
|
#include <mach/mon.h>
|
|
#include <spl.h>
|
|
asm(".arch_extension sec\n\t");
|
|
|
|
int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr)
|
|
{
|
|
int result;
|
|
|
|
__asm__ __volatile__ (
|
|
"stmfd r13!, {lr}\n"
|
|
"mov r0, %1\n"
|
|
"mov r1, %2\n"
|
|
"mov r2, %3\n"
|
|
"mov r3, %4\n"
|
|
"blx r0\n"
|
|
"mov %0, r0\n"
|
|
"ldmfd r13!, {lr}\n"
|
|
: "=&r" (result)
|
|
: "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr)
|
|
: "cc", "r0", "r1", "r2", "r3", "memory");
|
|
return result;
|
|
}
|
|
|
|
int mon_power_on(int core_id, void *ep)
|
|
{
|
|
int result;
|
|
|
|
asm volatile (
|
|
"stmfd r13!, {lr}\n"
|
|
"mov r1, %1\n"
|
|
"mov r2, %2\n"
|
|
"mov r0, #0\n"
|
|
"smc #0\n"
|
|
"mov %0, r0\n"
|
|
"ldmfd r13!, {lr}\n"
|
|
: "=&r" (result)
|
|
: "r" (core_id), "r" (ep)
|
|
: "cc", "r0", "r1", "r2", "memory");
|
|
return result;
|
|
}
|
|
|
|
int mon_power_off(int core_id)
|
|
{
|
|
int result;
|
|
|
|
asm volatile (
|
|
"stmfd r13!, {lr}\n"
|
|
"mov r1, %1\n"
|
|
"mov r0, #1\n"
|
|
"smc #1\n"
|
|
"mov %0, r0\n"
|
|
"ldmfd r13!, {lr}\n"
|
|
: "=&r" (result)
|
|
: "r" (core_id)
|
|
: "cc", "r0", "r1", "memory");
|
|
return result;
|
|
}
|
|
|
|
#ifdef CONFIG_TI_SECURE_DEVICE
|
|
#define KS2_HS_SEC_HEADER_LEN 0x60
|
|
#define KS2_HS_SEC_TAG_OFFSET 0x34
|
|
#define KS2_AUTH_CMD 130
|
|
|
|
/**
|
|
* k2_hs_bm_auth() - Invokes security functions using a
|
|
* proprietary TI interface. This binary and source for
|
|
* this is available in the secure development package or
|
|
* SECDEV. For details on how to access this please refer
|
|
* doc/README.ti-secure
|
|
*
|
|
* @cmd: Secure monitor command
|
|
* @arg1: Argument for command
|
|
*
|
|
* returns non-zero value on success, zero on error
|
|
*/
|
|
static int k2_hs_bm_auth(int cmd, void *arg1)
|
|
{
|
|
int result;
|
|
|
|
asm volatile (
|
|
"stmfd r13!, {r4-r12, lr}\n"
|
|
"mov r0, %1\n"
|
|
"mov r1, %2\n"
|
|
"smc #2\n"
|
|
"mov %0, r0\n"
|
|
"ldmfd r13!, {r4-r12, lr}\n"
|
|
: "=&r" (result)
|
|
: "r" (cmd), "r" (arg1)
|
|
: "cc", "r0", "r1", "memory");
|
|
|
|
return result;
|
|
}
|
|
|
|
void board_fit_image_post_process(void **p_image, size_t *p_size)
|
|
{
|
|
int result = 0;
|
|
void *image = *p_image;
|
|
|
|
if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) {
|
|
printf("No signature found in image!\n");
|
|
hang();
|
|
}
|
|
|
|
result = k2_hs_bm_auth(KS2_AUTH_CMD, image);
|
|
if (result == 0) {
|
|
printf("Authentication failed!\n");
|
|
hang();
|
|
}
|
|
|
|
/*
|
|
* Overwrite the image headers after authentication
|
|
* and decryption. Update size to reflect removal
|
|
* of header.
|
|
*/
|
|
*p_size -= KS2_HS_SEC_HEADER_LEN;
|
|
memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size);
|
|
|
|
/*
|
|
* Output notification of successful authentication to re-assure the
|
|
* user that the secure code is being processed as expected. However
|
|
* suppress any such log output in case of building for SPL and booting
|
|
* via YMODEM. This is done to avoid disturbing the YMODEM serial
|
|
* protocol transactions.
|
|
*/
|
|
if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
|
|
IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
|
|
spl_boot_device() == BOOT_DEVICE_UART))
|
|
printf("Authentication passed\n");
|
|
}
|
|
#endif
|