]>
Commit | Line | Data |
---|---|---|
aadd3360 TR |
1 | /* |
2 | * K2HK: secure kernel command file | |
3 | * | |
4 | * (C) Copyright 2012-2014 | |
5 | * Texas Instruments Incorporated, <www.ti.com> | |
6 | * | |
7 | * SPDX-License-Identifier: GPL-2.0+ | |
8 | */ | |
9 | ||
10 | #include <common.h> | |
11 | #include <command.h> | |
12 | #include <mach/mon.h> | |
e8d740f5 | 13 | #include <spl.h> |
aadd3360 TR |
14 | asm(".arch_extension sec\n\t"); |
15 | ||
1d73ce6f | 16 | int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr) |
aadd3360 TR |
17 | { |
18 | int result; | |
19 | ||
20 | __asm__ __volatile__ ( | |
21 | "stmfd r13!, {lr}\n" | |
22 | "mov r0, %1\n" | |
23 | "mov r1, %2\n" | |
24 | "mov r2, %3\n" | |
1d73ce6f | 25 | "mov r3, %4\n" |
aadd3360 TR |
26 | "blx r0\n" |
27 | "ldmfd r13!, {lr}\n" | |
28 | : "=&r" (result) | |
1d73ce6f MS |
29 | : "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr) |
30 | : "cc", "r0", "r1", "r2", "r3", "memory"); | |
aadd3360 TR |
31 | return result; |
32 | } | |
33 | ||
34 | int mon_power_on(int core_id, void *ep) | |
35 | { | |
36 | int result; | |
37 | ||
38 | asm volatile ( | |
39 | "stmfd r13!, {lr}\n" | |
40 | "mov r1, %1\n" | |
41 | "mov r2, %2\n" | |
42 | "mov r0, #0\n" | |
43 | "smc #0\n" | |
44 | "ldmfd r13!, {lr}\n" | |
45 | : "=&r" (result) | |
46 | : "r" (core_id), "r" (ep) | |
47 | : "cc", "r0", "r1", "r2", "memory"); | |
48 | return result; | |
49 | } | |
50 | ||
51 | int mon_power_off(int core_id) | |
52 | { | |
53 | int result; | |
54 | ||
55 | asm volatile ( | |
56 | "stmfd r13!, {lr}\n" | |
57 | "mov r1, %1\n" | |
58 | "mov r0, #1\n" | |
59 | "smc #1\n" | |
60 | "ldmfd r13!, {lr}\n" | |
61 | : "=&r" (result) | |
62 | : "r" (core_id) | |
63 | : "cc", "r0", "r1", "memory"); | |
64 | return result; | |
65 | } | |
e8d740f5 VA |
66 | |
67 | #ifdef CONFIG_TI_SECURE_DEVICE | |
68 | #define KS2_HS_SEC_HEADER_LEN 0x60 | |
69 | #define KS2_HS_SEC_TAG_OFFSET 0x34 | |
70 | #define KS2_AUTH_CMD 130 | |
71 | ||
72 | /** | |
73 | * k2_hs_bm_auth() - Invokes security functions using a | |
74 | * proprietary TI interface. This binary and source for | |
75 | * this is available in the secure development package or | |
76 | * SECDEV. For details on how to access this please refer | |
77 | * doc/README.ti-secure | |
78 | * | |
79 | * @cmd: Secure monitor command | |
80 | * @arg1: Argument for command | |
81 | * | |
82 | * returns non-zero value on success, zero on error | |
83 | */ | |
84 | static int k2_hs_bm_auth(int cmd, void *arg1) | |
85 | { | |
86 | int result; | |
87 | ||
88 | asm volatile ( | |
89 | "stmfd r13!, {r4-r12, lr}\n" | |
90 | "mov r0, %1\n" | |
91 | "mov r1, %2\n" | |
92 | "smc #2\n" | |
93 | "ldmfd r13!, {r4-r12, lr}\n" | |
94 | : "=&r" (result) | |
95 | : "r" (cmd), "r" (arg1) | |
96 | : "cc", "r0", "r1", "memory"); | |
97 | ||
98 | return result; | |
99 | } | |
100 | ||
101 | void board_fit_image_post_process(void **p_image, size_t *p_size) | |
102 | { | |
103 | int result = 0; | |
104 | void *image = *p_image; | |
105 | ||
106 | if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) { | |
107 | printf("No signature found in image!\n"); | |
108 | hang(); | |
109 | } | |
110 | ||
111 | result = k2_hs_bm_auth(KS2_AUTH_CMD, image); | |
112 | if (result == 0) { | |
113 | printf("Authentication failed!\n"); | |
114 | hang(); | |
115 | } | |
116 | ||
117 | /* | |
9e58d4db AD |
118 | * Overwrite the image headers after authentication |
119 | * and decryption. Update size to reflect removal | |
120 | * of header. | |
121 | */ | |
e8d740f5 | 122 | *p_size -= KS2_HS_SEC_HEADER_LEN; |
9e58d4db | 123 | memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size); |
e8d740f5 VA |
124 | |
125 | /* | |
126 | * Output notification of successful authentication to re-assure the | |
127 | * user that the secure code is being processed as expected. However | |
128 | * suppress any such log output in case of building for SPL and booting | |
129 | * via YMODEM. This is done to avoid disturbing the YMODEM serial | |
130 | * protocol transactions. | |
131 | */ | |
132 | if (!(IS_ENABLED(CONFIG_SPL_BUILD) && | |
133 | IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && | |
134 | spl_boot_device() == BOOT_DEVICE_UART)) | |
135 | printf("Authentication passed\n"); | |
136 | } | |
137 | #endif |