X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=arch%2Farm%2Fimx-common%2Fhab.c;h=523d0e3b387619312695ced69b29096c15319b94;hb=c93adc08f393bc401c5929e1045d72dfbea3e126;hp=67318250607dd23604d2d799c4a4dff23764289b;hpb=6beacfcff81bdc04c10a440971b0fb683ee57534;p=u-boot diff --git a/arch/arm/imx-common/hab.c b/arch/arm/imx-common/hab.c index 6731825060..523d0e3b38 100644 --- a/arch/arm/imx-common/hab.c +++ b/arch/arm/imx-common/hab.c @@ -77,7 +77,8 @@ #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 #define IS_HAB_ENABLED_BIT \ - (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2) + (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ + (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) /* * +------------+ 0x0 (DDR_UIMAGE_START) - @@ -110,6 +111,10 @@ * +------------+ + CSF_PAD_SIZE */ +static bool is_hab_enabled(void); + +#if !defined(CONFIG_SPL_BUILD) + #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ struct record { @@ -257,22 +262,6 @@ uint8_t hab_engines[16] = { -1 }; -bool is_hab_enabled(void) -{ - struct imx_sec_config_fuse_t *fuse = - (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; - uint32_t reg; - int ret; - - ret = fuse_read(fuse->bank, fuse->word, ®); - if (ret) { - puts("\nSecure boot fuse read error\n"); - return ret; - } - - return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; -} - static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) { uint8_t idx = 0; @@ -359,6 +348,68 @@ int get_hab_status(void) return 0; } +int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + if ((argc != 1)) { + cmd_usage(cmdtp); + return 1; + } + + get_hab_status(); + + return 0; +} + +static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + ulong addr, ivt_offset; + int rcode = 0; + + if (argc < 3) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + ivt_offset = simple_strtoul(argv[2], NULL, 16); + + rcode = authenticate_image(addr, ivt_offset); + + return rcode; +} + +U_BOOT_CMD( + hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, + "display HAB status", + "" + ); + +U_BOOT_CMD( + hab_auth_img, 3, 0, do_authenticate_image, + "authenticate image via HAB", + "addr ivt_offset\n" + "addr - image hex address\n" + "ivt_offset - hex offset of IVT in the image" + ); + + +#endif /* !defined(CONFIG_SPL_BUILD) */ + +static bool is_hab_enabled(void) +{ + struct imx_sec_config_fuse_t *fuse = + (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; + uint32_t reg; + int ret; + + ret = fuse_read(fuse->bank, fuse->word, ®); + if (ret) { + puts("\nSecure boot fuse read error\n"); + return ret; + } + + return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; +} + uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; @@ -400,7 +451,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) (void *)(ddr_start + ivt_offset+IVT_SIZE), 4, 0x10, 0); +#if !defined(CONFIG_SPL_BUILD) get_hab_status(); +#endif puts("\nCalling authenticate_image in ROM\n"); printf("\tivt_offset = 0x%x\n", ivt_offset); @@ -449,7 +502,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(0); +#if !defined(CONFIG_SPL_BUILD) get_hab_status(); +#endif } else { puts("hab fuse not enabled\n"); } @@ -459,46 +514,3 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) return result; } - -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) -{ - if ((argc != 1)) { - cmd_usage(cmdtp); - return 1; - } - - get_hab_status(); - - return 0; -} - -static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) -{ - ulong addr, ivt_offset; - int rcode = 0; - - if (argc < 3) - return CMD_RET_USAGE; - - addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); - - rcode = authenticate_image(addr, ivt_offset); - - return rcode; -} - -U_BOOT_CMD( - hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, - "display HAB status", - "" - ); - -U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, - "authenticate image via HAB", - "addr ivt_offset\n" - "addr - image hex address\n" - "ivt_offset - hex offset of IVT in the image" - );