u-boot/arch/arm/mach-k3/security.c
Tom Rini 07add22cab Merge tag '2020-01-20-ti-2020.04' of https://gitlab.denx.de/u-boot/custodians/u-boot-ti
K3 J721E:
* DMA support.
* MMC and ADMA support.
* EEPROM support.
* J721e High Security EVM support.
* USB DT nodes

K3 AM654:
* Fixed boot due to pmic probe error.
* USB support and DT nodes.
* ADMA support

DRA7xx/AM57xx:
* BBAI board support
* Clean up of net platform code under board/ti

AM33/AM43/Davinci:
* Reduce SPL size for omap3 boards.
* SPL DT support for da850-lcdk
* PLL divider fix for AM335x
2020-01-20 14:54:55 -05:00

68 lines
2.0 KiB
C

// SPDX-License-Identifier: GPL-2.0
/*
* K3: Security functions
*
* Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
* Andrew F. Davis <afd@ti.com>
*/
#include <common.h>
#include <cpu_func.h>
#include <dm.h>
#include <hang.h>
#include <linux/soc/ti/ti_sci_protocol.h>
#include <mach/spl.h>
#include <spl.h>
#include <asm/arch/sys_proto.h>
void board_fit_image_post_process(void **p_image, size_t *p_size)
{
struct ti_sci_handle *ti_sci = get_ti_sci_handle();
struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
u64 image_addr;
u32 image_size;
int ret;
image_addr = (uintptr_t)*p_image;
image_size = *p_size;
debug("Authenticating image at address 0x%016llx\n", image_addr);
debug("Authenticating image of size %d bytes\n", image_size);
flush_dcache_range((unsigned long)image_addr,
ALIGN((unsigned long)image_addr + image_size,
ARCH_DMA_MINALIGN));
/* Authenticate image */
ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
if (ret) {
printf("Authentication failed!\n");
hang();
}
if (image_size)
invalidate_dcache_range((unsigned long)image_addr,
ALIGN((unsigned long)image_addr +
image_size, ARCH_DMA_MINALIGN));
/*
* The image_size returned may be 0 when the authentication process has
* moved the image. When this happens no further processing on the
* image is needed or often even possible as it may have also been
* placed behind a firewall when moved.
*/
*p_size = image_size;
/*
* Output notification of successful authentication to re-assure the
* user that the secure code is being processed as expected. However
* suppress any such log output in case of building for SPL and booting
* via YMODEM. This is done to avoid disturbing the YMODEM serial
* protocol transactions.
*/
if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
spl_boot_device() == BOOT_DEVICE_UART))
printf("Authentication passed\n");
}