X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=arch%2Farm%2Fimx-common%2Fhab.c;h=523d0e3b387619312695ced69b29096c15319b94;hb=c93adc08f393bc401c5929e1045d72dfbea3e126;hp=9ee0f12a660650a95411b6de01c3c1a0176d2158;hpb=7a7281a91c2e0b27bc276ef879e896ed8669342a;p=u-boot diff --git a/arch/arm/imx-common/hab.c b/arch/arm/imx-common/hab.c index 9ee0f12a66..523d0e3b38 100644 --- a/arch/arm/imx-common/hab.c +++ b/arch/arm/imx-common/hab.c @@ -5,6 +5,8 @@ */ #include +#include +#include #include #include #include @@ -15,60 +17,55 @@ #define hab_rvt_report_event_p \ ( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ + (is_mx6dqp()) ? \ ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \ ) #define hab_rvt_report_status_p \ ( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ + (is_mx6dqp()) ? \ + ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \ ) #define hab_rvt_authenticate_image_p \ ( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ + (is_mx6dqp()) ? \ ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \ ) #define hab_rvt_entry_p \ ( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ + (is_mx6dqp()) ? \ + ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \ ) #define hab_rvt_exit_p \ ( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ + (is_mx6dqp()) ? \ ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) @@ -79,6 +76,9 @@ #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 +#define IS_HAB_ENABLED_BIT \ + (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ + (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) /* * +------------+ 0x0 (DDR_UIMAGE_START) - @@ -111,6 +111,10 @@ * +------------+ + CSF_PAD_SIZE */ +static bool is_hab_enabled(void); + +#if !defined(CONFIG_SPL_BUILD) + #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ struct record { @@ -258,17 +262,6 @@ uint8_t hab_engines[16] = { -1 }; -bool is_hab_enabled(void) -{ - struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR; - struct fuse_bank *bank = &ocotp->bank[0]; - struct fuse_bank0_regs *fuse = - (struct fuse_bank0_regs *)bank->fuse_regs; - uint32_t reg = readl(&fuse->cfg5); - - return (reg & 0x2) == 0x2; -} - static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) { uint8_t idx = 0; @@ -355,6 +348,68 @@ int get_hab_status(void) return 0; } +int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + if ((argc != 1)) { + cmd_usage(cmdtp); + return 1; + } + + get_hab_status(); + + return 0; +} + +static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + ulong addr, ivt_offset; + int rcode = 0; + + if (argc < 3) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + ivt_offset = simple_strtoul(argv[2], NULL, 16); + + rcode = authenticate_image(addr, ivt_offset); + + return rcode; +} + +U_BOOT_CMD( + hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, + "display HAB status", + "" + ); + +U_BOOT_CMD( + hab_auth_img, 3, 0, do_authenticate_image, + "authenticate image via HAB", + "addr ivt_offset\n" + "addr - image hex address\n" + "ivt_offset - hex offset of IVT in the image" + ); + + +#endif /* !defined(CONFIG_SPL_BUILD) */ + +static bool is_hab_enabled(void) +{ + struct imx_sec_config_fuse_t *fuse = + (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; + uint32_t reg; + int ret; + + ret = fuse_read(fuse->bank, fuse->word, ®); + if (ret) { + puts("\nSecure boot fuse read error\n"); + return ret; + } + + return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; +} + uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; @@ -396,7 +451,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) (void *)(ddr_start + ivt_offset+IVT_SIZE), 4, 0x10, 0); +#if !defined(CONFIG_SPL_BUILD) get_hab_status(); +#endif puts("\nCalling authenticate_image in ROM\n"); printf("\tivt_offset = 0x%x\n", ivt_offset); @@ -414,9 +471,8 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) * crash. */ /* Check MMU enabled */ - if (get_cr() & CR_M) { - if (is_cpu_type(MXC_CPU_MX6Q) || - is_cpu_type(MXC_CPU_MX6D)) { + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { /* * This won't work on Rev 1.0.0 of * i.MX6Q/D, since their ROM doesn't @@ -425,10 +481,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) */ if (!is_mx6dqp()) writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_cpu_type(MXC_CPU_MX6DL) || - is_cpu_type(MXC_CPU_MX6SOLO)) { + } else if (is_mx6sdl()) { writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_cpu_type(MXC_CPU_MX6SL)) { + } else if (is_mx6sl()) { writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } } @@ -447,7 +502,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(0); +#if !defined(CONFIG_SPL_BUILD) get_hab_status(); +#endif } else { puts("hab fuse not enabled\n"); } @@ -457,46 +514,3 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) return result; } - -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) -{ - if ((argc != 1)) { - cmd_usage(cmdtp); - return 1; - } - - get_hab_status(); - - return 0; -} - -static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) -{ - ulong addr, ivt_offset; - int rcode = 0; - - if (argc < 3) - return CMD_RET_USAGE; - - addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); - - rcode = authenticate_image(addr, ivt_offset); - - return rcode; -} - -U_BOOT_CMD( - hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, - "display HAB status", - "" - ); - -U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, - "authenticate image via HAB", - "addr ivt_offset\n" - "addr - image hex address\n" - "ivt_offset - hex offset of IVT in the image" - );