3 * Common security related functions for OMAP devices
6 * Texas Instruments, <www.ti.com>
8 * Daniel Allred <d-allred@ti.com>
9 * Andreas Dannenberg <dannenberg@ti.com>
11 * SPDX-License-Identifier: GPL-2.0+
17 #include <asm/arch/sys_proto.h>
18 #include <asm/omap_common.h>
19 #include <asm/omap_sec_common.h>
23 /* Index for signature verify ROM API */
24 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
26 static uint32_t secure_rom_call_args
[5] __aligned(ARCH_DMA_MINALIGN
);
28 u32
secure_rom_call(u32 service
, u32 proc_id
, u32 flag
, ...)
36 num_args
= va_arg(ap
, u32
);
41 /* Copy args to aligned args structure */
42 for (i
= 0; i
< num_args
; i
++)
43 secure_rom_call_args
[i
+ 1] = va_arg(ap
, u32
);
45 secure_rom_call_args
[0] = num_args
;
49 /* if data cache is enabled, flush the aligned args structure */
51 (unsigned int)&secure_rom_call_args
[0],
52 (unsigned int)&secure_rom_call_args
[0] +
53 roundup(sizeof(secure_rom_call_args
), ARCH_DMA_MINALIGN
));
55 return omap_smc_sec(service
, proc_id
, flag
, secure_rom_call_args
);
58 static u32
find_sig_start(char *image
, size_t size
)
60 char *image_end
= image
+ size
;
61 char *sig_start_magic
= "CERT_";
62 int magic_str_len
= strlen(sig_start_magic
);
65 while (--image_end
> image
) {
66 if (*image_end
== '_') {
67 ch
= image_end
- magic_str_len
+ 1;
68 if (!strncmp(ch
, sig_start_magic
, magic_str_len
))
75 int secure_boot_verify_image(void **image
, size_t *size
)
78 u32 cert_addr
, sig_addr
;
81 /* Perform cache writeback on input buffer */
84 (u32
)*image
+ roundup(*size
, ARCH_DMA_MINALIGN
));
86 cert_addr
= (uint32_t)*image
;
87 sig_addr
= find_sig_start((char *)*image
, *size
);
90 printf("No signature found in image!\n");
95 *size
= sig_addr
- cert_addr
; /* Subtract out the signature size */
98 /* Check if image load address is 32-bit aligned */
99 if (!IS_ALIGNED(cert_addr
, 4)) {
100 printf("Image is not 4-byte aligned!\n");
105 /* Image size also should be multiple of 4 */
106 if (!IS_ALIGNED(cert_size
, 4)) {
107 printf("Image size is not 4-byte aligned!\n");
112 /* Call ROM HAL API to verify certificate signature */
113 debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__
,
114 cert_addr
, cert_size
, sig_addr
);
116 result
= secure_rom_call(
117 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX
, 0, 0,
118 4, cert_addr
, cert_size
, sig_addr
, 0xFFFFFFFF);
121 printf("Authentication failed!\n");
122 printf("Return Value = %08X\n", result
);
127 * Output notification of successful authentication as well the name of
128 * the signing certificate used to re-assure the user that the secure
129 * code is being processed as expected. However suppress any such log
130 * output in case of building for SPL and booting via YMODEM. This is
131 * done to avoid disturbing the YMODEM serial protocol transactions.
133 if (!(IS_ENABLED(CONFIG_SPL_BUILD
) &&
134 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT
) &&
135 spl_boot_device() == BOOT_DEVICE_UART
))
136 printf("Authentication passed: %s\n", (char *)sig_addr
);