arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP. This reduces the delta between GP and HS U-Boot builds. End goal is to re-unify the two build types into one build that can run on all device types. Signed-off-by: Andrew Davis <afd@ti.com>
2022-07-15 11:34:34 -05:00 · 2022-07-15 11:34:34 -05:00 · a0379c6fe3
commit a0379c6fe3
parent e1ef04fb3e
3 changed files with 4 additions and 4 deletions
--- a/arch/arm/mach-k3/Makefile
+++ b/arch/arm/mach-k3/Makefile
@ -8,7 +8,6 @@ obj-$(CONFIG_SOC_K3_J721S2) += j721s2/
 obj-$(CONFIG_SOC_K3_AM625) += am62x/
 obj-$(CONFIG_ARM64) += arm64-mmu.o
 obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o
-obj-$(CONFIG_TI_SECURE_DEVICE) += security.o
 obj-$(CONFIG_ARM64) += cache.o
 ifeq ($(CONFIG_SPL_BUILD),y)
 obj-$(CONFIG_SOC_K3_AM654) += am654_init.o
@ -18,4 +17,4 @@ obj-$(CONFIG_SOC_K3_AM642) += am642_init.o
 obj-$(CONFIG_SOC_K3_AM625) += am625_init.o
 obj-$(CONFIG_K3_LOAD_SYSFW) += sysfw-loader.o
 endif
-obj-y += common.o
+obj-y += common.o security.o
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@ -290,9 +290,7 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image,
 	}
 #endif

-#if IS_ENABLED(CONFIG_TI_SECURE_DEVICE)
 	ti_secure_image_post_process(p_image, p_size);
-#endif
 }
 #endif

--- a/arch/arm/mach-k3/security.c
+++ b/arch/arm/mach-k3/security.c
@ -41,6 +41,9 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size)
 	image_addr = (uintptr_t)*p_image;
 	image_size = *p_size;

+	if (!image_size || get_device_type() == K3_DEVICE_TYPE_GP)
+		return;
+
 	if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
 	    !ti_secure_cert_detected(*p_image)) {
 		printf("Warning: Did not detect image signing certificate. "