#include <asm/arch/sys_proto.h>
#include <asm/mach-imx/hab.h>
-/* -------- start of HAB API updates ------------*/
-
-#define hab_rvt_report_event_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \
-)
-
-#define hab_rvt_report_status_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \
-)
-
-#define hab_rvt_authenticate_image_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \
-)
-
-#define hab_rvt_entry_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \
-)
-
-#define hab_rvt_exit_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT) \
-)
-
-#define IVT_SIZE 0x20
#define ALIGN_SIZE 0x1000
-#define CSF_PAD_SIZE 0x2000
#define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
#define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0
#define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18
(is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \
(is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
-/*
- * +------------+ 0x0 (DDR_UIMAGE_START) -
- * | Header | |
- * +------------+ 0x40 |
- * | | |
- * | | |
- * | | |
- * | | |
- * | Image Data | |
- * . | |
- * . | > Stuff to be authenticated ----+
- * . | | |
- * | | | |
- * | | | |
- * +------------+ | |
- * | | | |
- * | Fill Data | | |
- * | | | |
- * +------------+ Align to ALIGN_SIZE | |
- * | IVT | | |
- * +------------+ + IVT_SIZE - |
- * | | |
- * | CSF DATA | <---------------------------------------------------------+
- * | |
- * +------------+
- * | |
- * | Fill Data |
- * | |
- * +------------+ + CSF_PAD_SIZE
- */
+static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
+{
+ printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
+ ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
-static bool is_hab_enabled(void);
+ return 1;
+}
+
+static int verify_ivt_header(struct ivt_header *ivt_hdr)
+{
+ int result = 0;
+
+ if (ivt_hdr->magic != IVT_HEADER_MAGIC)
+ result = ivt_header_error("bad magic", ivt_hdr);
+
+ if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
+ result = ivt_header_error("bad length", ivt_hdr);
+
+ if (ivt_hdr->version != IVT_HEADER_V1 &&
+ ivt_hdr->version != IVT_HEADER_V2)
+ result = ivt_header_error("bad version", ivt_hdr);
+
+ return result;
+}
#if !defined(CONFIG_SPL_BUILD)
bool any_rec_flag;
};
-char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n",
- "RSN = HAB_ENG_FAIL (0x30)\n",
- "RSN = HAB_INV_ADDRESS (0x22)\n",
- "RSN = HAB_INV_ASSERTION (0x0C)\n",
- "RSN = HAB_INV_CALL (0x28)\n",
- "RSN = HAB_INV_CERTIFICATE (0x21)\n",
- "RSN = HAB_INV_COMMAND (0x06)\n",
- "RSN = HAB_INV_CSF (0x11)\n",
- "RSN = HAB_INV_DCD (0x27)\n",
- "RSN = HAB_INV_INDEX (0x0F)\n",
- "RSN = HAB_INV_IVT (0x05)\n",
- "RSN = HAB_INV_KEY (0x1D)\n",
- "RSN = HAB_INV_RETURN (0x1E)\n",
- "RSN = HAB_INV_SIGNATURE (0x18)\n",
- "RSN = HAB_INV_SIZE (0x17)\n",
- "RSN = HAB_MEM_FAIL (0x2E)\n",
- "RSN = HAB_OVR_COUNT (0x2B)\n",
- "RSN = HAB_OVR_STORAGE (0x2D)\n",
- "RSN = HAB_UNS_ALGORITHM (0x12)\n",
- "RSN = HAB_UNS_COMMAND (0x03)\n",
- "RSN = HAB_UNS_ENGINE (0x0A)\n",
- "RSN = HAB_UNS_ITEM (0x24)\n",
- "RSN = HAB_UNS_KEY (0x1B)\n",
- "RSN = HAB_UNS_PROTOCOL (0x14)\n",
- "RSN = HAB_UNS_STATE (0x09)\n",
- "RSN = INVALID\n",
- NULL};
-
-char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n",
- "STS = HAB_FAILURE (0x33)\n",
- "STS = HAB_WARNING (0x69)\n",
- "STS = INVALID\n",
- NULL};
-
-char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n",
- "ENG = HAB_ENG_SCC (0x03)\n",
- "ENG = HAB_ENG_RTIC (0x05)\n",
- "ENG = HAB_ENG_SAHARA (0x06)\n",
- "ENG = HAB_ENG_CSU (0x0A)\n",
- "ENG = HAB_ENG_SRTC (0x0C)\n",
- "ENG = HAB_ENG_DCP (0x1B)\n",
- "ENG = HAB_ENG_CAAM (0x1D)\n",
- "ENG = HAB_ENG_SNVS (0x1E)\n",
- "ENG = HAB_ENG_OCOTP (0x21)\n",
- "ENG = HAB_ENG_DTCP (0x22)\n",
- "ENG = HAB_ENG_ROM (0x36)\n",
- "ENG = HAB_ENG_HDCP (0x24)\n",
- "ENG = HAB_ENG_RTL (0x77)\n",
- "ENG = HAB_ENG_SW (0xFF)\n",
- "ENG = INVALID\n",
- NULL};
-
-char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n",
- "CTX = HAB_CTX_FAB (0xFF)\n",
- "CTX = HAB_CTX_ENTRY (0xE1)\n",
- "CTX = HAB_CTX_TARGET (0x33)\n",
- "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
- "CTX = HAB_CTX_DCD (0xDD)\n",
- "CTX = HAB_CTX_CSF (0xCF)\n",
- "CTX = HAB_CTX_COMMAND (0xC0)\n",
- "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
- "CTX = HAB_CTX_ASSERT (0xA0)\n",
- "CTX = HAB_CTX_EXIT (0xEE)\n",
- "CTX = INVALID\n",
- NULL};
-
-uint8_t hab_statuses[5] = {
+static char *rsn_str[] = {
+ "RSN = HAB_RSN_ANY (0x00)\n",
+ "RSN = HAB_ENG_FAIL (0x30)\n",
+ "RSN = HAB_INV_ADDRESS (0x22)\n",
+ "RSN = HAB_INV_ASSERTION (0x0C)\n",
+ "RSN = HAB_INV_CALL (0x28)\n",
+ "RSN = HAB_INV_CERTIFICATE (0x21)\n",
+ "RSN = HAB_INV_COMMAND (0x06)\n",
+ "RSN = HAB_INV_CSF (0x11)\n",
+ "RSN = HAB_INV_DCD (0x27)\n",
+ "RSN = HAB_INV_INDEX (0x0F)\n",
+ "RSN = HAB_INV_IVT (0x05)\n",
+ "RSN = HAB_INV_KEY (0x1D)\n",
+ "RSN = HAB_INV_RETURN (0x1E)\n",
+ "RSN = HAB_INV_SIGNATURE (0x18)\n",
+ "RSN = HAB_INV_SIZE (0x17)\n",
+ "RSN = HAB_MEM_FAIL (0x2E)\n",
+ "RSN = HAB_OVR_COUNT (0x2B)\n",
+ "RSN = HAB_OVR_STORAGE (0x2D)\n",
+ "RSN = HAB_UNS_ALGORITHM (0x12)\n",
+ "RSN = HAB_UNS_COMMAND (0x03)\n",
+ "RSN = HAB_UNS_ENGINE (0x0A)\n",
+ "RSN = HAB_UNS_ITEM (0x24)\n",
+ "RSN = HAB_UNS_KEY (0x1B)\n",
+ "RSN = HAB_UNS_PROTOCOL (0x14)\n",
+ "RSN = HAB_UNS_STATE (0x09)\n",
+ "RSN = INVALID\n",
+ NULL
+};
+
+static char *sts_str[] = {
+ "STS = HAB_SUCCESS (0xF0)\n",
+ "STS = HAB_FAILURE (0x33)\n",
+ "STS = HAB_WARNING (0x69)\n",
+ "STS = INVALID\n",
+ NULL
+};
+
+static char *eng_str[] = {
+ "ENG = HAB_ENG_ANY (0x00)\n",
+ "ENG = HAB_ENG_SCC (0x03)\n",
+ "ENG = HAB_ENG_RTIC (0x05)\n",
+ "ENG = HAB_ENG_SAHARA (0x06)\n",
+ "ENG = HAB_ENG_CSU (0x0A)\n",
+ "ENG = HAB_ENG_SRTC (0x0C)\n",
+ "ENG = HAB_ENG_DCP (0x1B)\n",
+ "ENG = HAB_ENG_CAAM (0x1D)\n",
+ "ENG = HAB_ENG_SNVS (0x1E)\n",
+ "ENG = HAB_ENG_OCOTP (0x21)\n",
+ "ENG = HAB_ENG_DTCP (0x22)\n",
+ "ENG = HAB_ENG_ROM (0x36)\n",
+ "ENG = HAB_ENG_HDCP (0x24)\n",
+ "ENG = HAB_ENG_RTL (0x77)\n",
+ "ENG = HAB_ENG_SW (0xFF)\n",
+ "ENG = INVALID\n",
+ NULL
+};
+
+static char *ctx_str[] = {
+ "CTX = HAB_CTX_ANY(0x00)\n",
+ "CTX = HAB_CTX_FAB (0xFF)\n",
+ "CTX = HAB_CTX_ENTRY (0xE1)\n",
+ "CTX = HAB_CTX_TARGET (0x33)\n",
+ "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
+ "CTX = HAB_CTX_DCD (0xDD)\n",
+ "CTX = HAB_CTX_CSF (0xCF)\n",
+ "CTX = HAB_CTX_COMMAND (0xC0)\n",
+ "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
+ "CTX = HAB_CTX_ASSERT (0xA0)\n",
+ "CTX = HAB_CTX_EXIT (0xEE)\n",
+ "CTX = INVALID\n",
+ NULL
+};
+
+static uint8_t hab_statuses[5] = {
HAB_STS_ANY,
HAB_FAILURE,
HAB_WARNING,
-1
};
-uint8_t hab_reasons[26] = {
+static uint8_t hab_reasons[26] = {
HAB_RSN_ANY,
HAB_ENG_FAIL,
HAB_INV_ADDRESS,
-1
};
-uint8_t hab_contexts[12] = {
+static uint8_t hab_contexts[12] = {
HAB_CTX_ANY,
HAB_CTX_FAB,
HAB_CTX_ENTRY,
-1
};
-uint8_t hab_engines[16] = {
+static uint8_t hab_engines[16] = {
HAB_ENG_ANY,
HAB_ENG_SCC,
HAB_ENG_RTIC,
return -1;
}
-void process_event_record(uint8_t *event_data, size_t bytes)
+static void process_event_record(uint8_t *event_data, size_t bytes)
{
struct record *rec = (struct record *)event_data;
printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
}
-void display_event(uint8_t *event_data, size_t bytes)
+static void display_event(uint8_t *event_data, size_t bytes)
{
uint32_t i;
process_event_record(event_data, bytes);
}
-int get_hab_status(void)
+static int get_hab_status(void)
{
uint32_t index = 0; /* Loop index */
uint8_t event_data[128]; /* Event data buffer */
hab_rvt_report_event_t *hab_rvt_report_event;
hab_rvt_report_status_t *hab_rvt_report_status;
- hab_rvt_report_event = hab_rvt_report_event_p;
- hab_rvt_report_status = hab_rvt_report_status_p;
+ hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT;
+ hab_rvt_report_status =
+ (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS;
- if (is_hab_enabled())
+ if (imx_hab_is_enabled())
puts("\nSecure boot enabled\n");
else
puts("\nSecure boot disabled\n");
return 0;
}
-int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
{
if ((argc != 1)) {
cmd_usage(cmdtp);
}
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
- char * const argv[])
+ char * const argv[])
{
- ulong addr, ivt_offset;
+ ulong addr, length, ivt_offset;
int rcode = 0;
- if (argc < 3)
+ if (argc < 4)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
- ivt_offset = simple_strtoul(argv[2], NULL, 16);
+ length = simple_strtoul(argv[2], NULL, 16);
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
- rcode = authenticate_image(addr, ivt_offset);
+ rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
+ if (rcode == 0)
+ rcode = CMD_RET_SUCCESS;
+ else
+ rcode = CMD_RET_FAILURE;
return rcode;
}
+static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ hab_rvt_failsafe_t *hab_rvt_failsafe;
+
+ if (argc != 1) {
+ cmd_usage(cmdtp);
+ return 1;
+ }
+
+ hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE;
+ hab_rvt_failsafe();
+
+ return 0;
+}
+
+static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ int ret = CMD_RET_FAILURE;
+
+ if (argc != 4) {
+ ret = CMD_RET_USAGE;
+ goto error;
+ }
+
+ if (!imx_hab_is_enabled()) {
+ printf("error: secure boot disabled\n");
+ goto error;
+ }
+
+ if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
+ fprintf(stderr, "authentication fail -> %s %s %s %s\n",
+ argv[0], argv[1], argv[2], argv[3]);
+ do_hab_failsafe(0, 0, 1, NULL);
+ };
+ ret = CMD_RET_SUCCESS;
+error:
+ return ret;
+}
+
U_BOOT_CMD(
hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
"display HAB status",
);
U_BOOT_CMD(
- hab_auth_img, 3, 0, do_authenticate_image,
+ hab_auth_img, 4, 0, do_authenticate_image,
"authenticate image via HAB",
- "addr ivt_offset\n"
+ "addr length ivt_offset\n"
"addr - image hex address\n"
+ "length - image hex length\n"
"ivt_offset - hex offset of IVT in the image"
);
+U_BOOT_CMD(
+ hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe,
+ "run BootROM failsafe routine",
+ ""
+ );
+
+U_BOOT_CMD(
+ hab_auth_img_or_fail, 4, 0,
+ do_authenticate_image_or_failover,
+ "authenticate image via HAB on failure drop to USB BootROM mode",
+ "addr length ivt_offset\n"
+ "addr - image hex address\n"
+ "length - image hex length\n"
+ "ivt_offset - hex offset of IVT in the image"
+ );
#endif /* !defined(CONFIG_SPL_BUILD) */
-static bool is_hab_enabled(void)
+/* Get CSF Header length */
+static int get_hab_hdr_len(struct hab_hdr *hdr)
+{
+ return (size_t)((hdr->len[0] << 8) + (hdr->len[1]));
+}
+
+/* Check whether addr lies between start and
+ * end and is within the length of the image
+ */
+static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end)
+{
+ size_t csf_size = (size_t)((end + 1) - addr);
+
+ return (addr && (addr >= start) && (addr <= end) &&
+ (csf_size >= bytes));
+}
+
+/* Get Length of each command in CSF */
+static int get_csf_cmd_hdr_len(u8 *csf_hdr)
+{
+ if (*csf_hdr == HAB_CMD_HDR)
+ return sizeof(struct hab_hdr);
+
+ return get_hab_hdr_len((struct hab_hdr *)csf_hdr);
+}
+
+/* Check if CSF is valid */
+static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes)
+{
+ u8 *start = (u8 *)start_addr;
+ u8 *csf_hdr;
+ u8 *end;
+
+ size_t csf_hdr_len;
+ size_t cmd_hdr_len;
+ size_t offset = 0;
+
+ if (bytes != 0)
+ end = start + bytes - 1;
+ else
+ end = start;
+
+ /* Verify if CSF pointer content is zero */
+ if (!ivt->csf) {
+ puts("Error: CSF pointer is NULL\n");
+ return false;
+ }
+
+ csf_hdr = (u8 *)ivt->csf;
+
+ /* Verify if CSF Header exist */
+ if (*csf_hdr != HAB_CMD_HDR) {
+ puts("Error: CSF header command not found\n");
+ return false;
+ }
+
+ csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr);
+
+ /* Check if the CSF lies within the image bounds */
+ if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) {
+ puts("Error: CSF lies outside the image bounds\n");
+ return false;
+ }
+
+ do {
+ struct hab_hdr *cmd;
+
+ cmd = (struct hab_hdr *)&csf_hdr[offset];
+
+ switch (cmd->tag) {
+ case (HAB_CMD_WRT_DAT):
+ puts("Error: Deprecated write command found\n");
+ return false;
+ case (HAB_CMD_CHK_DAT):
+ puts("Error: Deprecated check command found\n");
+ return false;
+ case (HAB_CMD_SET):
+ if (cmd->par == HAB_PAR_MID) {
+ puts("Error: Deprecated Set MID command found\n");
+ return false;
+ }
+ default:
+ break;
+ }
+
+ cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]);
+ if (!cmd_hdr_len) {
+ puts("Error: Invalid command length\n");
+ return false;
+ }
+ offset += cmd_hdr_len;
+
+ } while (offset < csf_hdr_len);
+
+ return true;
+}
+
+bool imx_hab_is_enabled(void)
{
struct imx_sec_config_fuse_t *fuse =
(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
}
-uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
+int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
+ uint32_t ivt_offset)
{
uint32_t load_addr = 0;
size_t bytes;
- ptrdiff_t ivt_offset = 0;
- int result = 0;
+ uint32_t ivt_addr = 0;
+ int result = 1;
ulong start;
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
hab_rvt_entry_t *hab_rvt_entry;
hab_rvt_exit_t *hab_rvt_exit;
+ hab_rvt_check_target_t *hab_rvt_check_target;
+ struct ivt *ivt;
+ struct ivt_header *ivt_hdr;
+ enum hab_status status;
+
+ hab_rvt_authenticate_image =
+ (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE;
+ hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY;
+ hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT;
+ hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET;
+
+ if (!imx_hab_is_enabled()) {
+ puts("hab fuse not enabled\n");
+ return 0;
+ }
+
+ printf("\nAuthenticate image from DDR location 0x%x...\n",
+ ddr_start);
- hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
- hab_rvt_entry = hab_rvt_entry_p;
- hab_rvt_exit = hab_rvt_exit_p;
+ hab_caam_clock_enable(1);
+
+ /* Calculate IVT address header */
+ ivt_addr = ddr_start + ivt_offset;
+ ivt = (struct ivt *)ivt_addr;
+ ivt_hdr = &ivt->hdr;
+
+ /* Verify IVT header bugging out on error */
+ if (verify_ivt_header(ivt_hdr))
+ goto hab_authentication_exit;
+
+ /* Verify IVT body */
+ if (ivt->self != ivt_addr) {
+ printf("ivt->self 0x%08x pointer is 0x%08x\n",
+ ivt->self, ivt_addr);
+ goto hab_authentication_exit;
+ }
+
+ /* Verify if IVT DCD pointer is NULL */
+ if (ivt->dcd) {
+ puts("Error: DCD pointer must be NULL\n");
+ goto hab_authentication_exit;
+ }
- if (is_hab_enabled()) {
- printf("\nAuthenticate image from DDR location 0x%x...\n",
- ddr_start);
+ start = ddr_start;
+ bytes = image_size;
- hab_caam_clock_enable(1);
+ /* Verify CSF */
+ if (!csf_is_valid(ivt, start, bytes))
+ goto hab_authentication_exit;
- if (hab_rvt_entry() == HAB_SUCCESS) {
- /* If not already aligned, Align to ALIGN_SIZE */
- ivt_offset = (image_size + ALIGN_SIZE - 1) &
- ~(ALIGN_SIZE - 1);
+ if (hab_rvt_entry() != HAB_SUCCESS) {
+ puts("hab entry function fail\n");
+ goto hab_exit_failure_print_status;
+ }
- start = ddr_start;
- bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
+ status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
+ if (status != HAB_SUCCESS) {
+ printf("HAB check target 0x%08x-0x%08x fail\n",
+ ddr_start, ddr_start + bytes);
+ goto hab_exit_failure_print_status;
+ }
#ifdef DEBUG
- printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
- ivt_offset, ddr_start + ivt_offset);
- puts("Dumping IVT\n");
- print_buffer(ddr_start + ivt_offset,
- (void *)(ddr_start + ivt_offset),
- 4, 0x8, 0);
-
- puts("Dumping CSF Header\n");
- print_buffer(ddr_start + ivt_offset+IVT_SIZE,
- (void *)(ddr_start + ivt_offset+IVT_SIZE),
- 4, 0x10, 0);
+ printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
+ printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
+ ivt->dcd, ivt->csf);
+ puts("Dumping IVT\n");
+ print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
+
+ puts("Dumping CSF Header\n");
+ print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0);
#if !defined(CONFIG_SPL_BUILD)
- get_hab_status();
+ get_hab_status();
#endif
- puts("\nCalling authenticate_image in ROM\n");
- printf("\tivt_offset = 0x%x\n", ivt_offset);
- printf("\tstart = 0x%08lx\n", start);
- printf("\tbytes = 0x%x\n", bytes);
+ puts("\nCalling authenticate_image in ROM\n");
+ printf("\tivt_offset = 0x%x\n", ivt_offset);
+ printf("\tstart = 0x%08lx\n", start);
+ printf("\tbytes = 0x%x\n", bytes);
#endif
+ /*
+ * If the MMU is enabled, we have to notify the ROM
+ * code, or it won't flush the caches when needed.
+ * This is done, by setting the "pu_irom_mmu_enabled"
+ * word to 1. You can find its address by looking in
+ * the ROM map. This is critical for
+ * authenticate_image(). If MMU is enabled, without
+ * setting this bit, authentication will fail and may
+ * crash.
+ */
+ /* Check MMU enabled */
+ if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
+ if (is_mx6dq()) {
/*
- * If the MMU is enabled, we have to notify the ROM
- * code, or it won't flush the caches when needed.
- * This is done, by setting the "pu_irom_mmu_enabled"
- * word to 1. You can find its address by looking in
- * the ROM map. This is critical for
- * authenticate_image(). If MMU is enabled, without
- * setting this bit, authentication will fail and may
- * crash.
+ * This won't work on Rev 1.0.0 of
+ * i.MX6Q/D, since their ROM doesn't
+ * do cache flushes. don't think any
+ * exist, so we ignore them.
*/
- /* Check MMU enabled */
- if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
- if (is_mx6dq()) {
- /*
- * This won't work on Rev 1.0.0 of
- * i.MX6Q/D, since their ROM doesn't
- * do cache flushes. don't think any
- * exist, so we ignore them.
- */
- if (!is_mx6dqp())
- writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
- } else if (is_mx6sdl()) {
- writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
- } else if (is_mx6sl()) {
- writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
- }
- }
-
- load_addr = (uint32_t)hab_rvt_authenticate_image(
- HAB_CID_UBOOT,
- ivt_offset, (void **)&start,
- (size_t *)&bytes, NULL);
- if (hab_rvt_exit() != HAB_SUCCESS) {
- puts("hab exit function fail\n");
- load_addr = 0;
- }
- } else {
- puts("hab entry function fail\n");
+ if (!is_mx6dqp())
+ writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
+ } else if (is_mx6sdl()) {
+ writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
+ } else if (is_mx6sl()) {
+ writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
}
+ }
- hab_caam_clock_enable(0);
+ load_addr = (uint32_t)hab_rvt_authenticate_image(
+ HAB_CID_UBOOT,
+ ivt_offset, (void **)&start,
+ (size_t *)&bytes, NULL);
+ if (hab_rvt_exit() != HAB_SUCCESS) {
+ puts("hab exit function fail\n");
+ load_addr = 0;
+ }
+hab_exit_failure_print_status:
#if !defined(CONFIG_SPL_BUILD)
- get_hab_status();
+ get_hab_status();
#endif
- } else {
- puts("hab fuse not enabled\n");
- }
- if ((!is_hab_enabled()) || (load_addr != 0))
- result = 1;
+hab_authentication_exit:
+
+ if (load_addr != 0)
+ result = 0;
return result;
}