[thirdparty/u-boot.git] / arch / arm / mach-k3 / security.c

// SPDX-License-Identifier: GPL-2.0
/*
 * K3: Security functions
 *
 * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
 *	Andrew F. Davis <afd@ti.com>
 */

#include <common.h>
#include <cpu_func.h>
#include <dm.h>
#include <hang.h>
#include <asm/cache.h>
#include <linux/soc/ti/ti_sci_protocol.h>
#include <mach/spl.h>
#include <spl.h>
#include <asm/arch/sys_proto.h>

void board_fit_image_post_process(void **p_image, size_t *p_size)
{
	struct ti_sci_handle *ti_sci = get_ti_sci_handle();
	struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
	u64 image_addr;
	u32 image_size;
	int ret;

	image_addr = (uintptr_t)*p_image;
	image_size = *p_size;

	debug("Authenticating image at address 0x%016llx\n", image_addr);
	debug("Authenticating image of size %d bytes\n", image_size);

	flush_dcache_range((unsigned long)image_addr,
			   ALIGN((unsigned long)image_addr + image_size,
				 ARCH_DMA_MINALIGN));

	/* Authenticate image */
	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
	if (ret) {
		printf("Authentication failed!\n");
		hang();
	}

	if (image_size)
		invalidate_dcache_range((unsigned long)image_addr,
					ALIGN((unsigned long)image_addr +
					      image_size, ARCH_DMA_MINALIGN));

	/*
	 * The image_size returned may be 0 when the authentication process has
	 * moved the image. When this happens no further processing on the
	 * image is needed or often even possible as it may have also been
	 * placed behind a firewall when moved.
	 */
	*p_size = image_size;

	/*
	 * Output notification of successful authentication to re-assure the
	 * user that the secure code is being processed as expected. However
	 * suppress any such log output in case of building for SPL and booting
	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
	 * protocol transactions.
	 */
	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
	      spl_boot_device() == BOOT_DEVICE_UART))
		printf("Authentication passed\n");
}
Commit	Line	Data
3a543a80 AD	1	// SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* K3: Security functions
	4	*
	5	* Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
	6	* Andrew F. Davis <afd@ti.com>
	7	*/
	8
	9	#include <common.h>
95b256ec	10	#include <cpu_func.h>
3a543a80	11	#include <dm.h>
db41d65a	12	#include <hang.h>
90526e9f	13	#include <asm/cache.h>
3a543a80 AD	14	#include <linux/soc/ti/ti_sci_protocol.h>
	15	#include <mach/spl.h>
	16	#include <spl.h>
78e51212	17	#include <asm/arch/sys_proto.h>
3a543a80 AD	18
	19	void board_fit_image_post_process(void *p_image, size_t p_size)
	20	{
78e51212 LV	21	struct ti_sci_handle *ti_sci = get_ti_sci_handle();
78e51212 LV	22	struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
3a543a80 AD	23	u64 image_addr;
	24	u32 image_size;
	25	int ret;
	26
3a543a80	27	image_addr = (uintptr_t)*p_image;
95b256ec	28	image_size = *p_size;
3a543a80 AD	29
3a543a80 AD	30	debug("Authenticating image at address 0x%016llx\n", image_addr);
95b256ec AD	31	debug("Authenticating image of size %d bytes\n", image_size);
	32
	33	flush_dcache_range((unsigned long)image_addr,
	34	ALIGN((unsigned long)image_addr + image_size,
	35	ARCH_DMA_MINALIGN));
3a543a80 AD	36
	37	/* Authenticate image */
	38	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
	39	if (ret) {
	40	printf("Authentication failed!\n");
	41	hang();
	42	}
	43
95b256ec AD	44	if (image_size)
	45	invalidate_dcache_range((unsigned long)image_addr,
	46	ALIGN((unsigned long)image_addr +
	47	image_size, ARCH_DMA_MINALIGN));
	48
3a543a80 AD	49	/*
	50	* The image_size returned may be 0 when the authentication process has
	51	* moved the image. When this happens no further processing on the
	52	* image is needed or often even possible as it may have also been
	53	* placed behind a firewall when moved.
	54	*/
	55	*p_size = image_size;
	56
	57	/*
	58	* Output notification of successful authentication to re-assure the
	59	* user that the secure code is being processed as expected. However
	60	* suppress any such log output in case of building for SPL and booting
	61	* via YMODEM. This is done to avoid disturbing the YMODEM serial
	62	* protocol transactions.
	63	*/
	64	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
	65	IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
	66	spl_boot_device() == BOOT_DEVICE_UART))
	67	printf("Authentication passed\n");
	68	}