* +------------+ + CSF_PAD_SIZE
*/
+static bool is_hab_enabled(void);
+
+#if !defined(CONFIG_SPL_BUILD)
+
#define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
struct record {
-1
};
-bool is_hab_enabled(void)
-{
- struct imx_sec_config_fuse_t *fuse =
- (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
- uint32_t reg;
- int ret;
-
- ret = fuse_read(fuse->bank, fuse->word, ®);
- if (ret) {
- puts("\nSecure boot fuse read error\n");
- return ret;
- }
-
- return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
-}
-
static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
{
uint8_t idx = 0;
return 0;
}
+int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+ if ((argc != 1)) {
+ cmd_usage(cmdtp);
+ return 1;
+ }
+
+ get_hab_status();
+
+ return 0;
+}
+
+static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ ulong addr, ivt_offset;
+ int rcode = 0;
+
+ if (argc < 3)
+ return CMD_RET_USAGE;
+
+ addr = simple_strtoul(argv[1], NULL, 16);
+ ivt_offset = simple_strtoul(argv[2], NULL, 16);
+
+ rcode = authenticate_image(addr, ivt_offset);
+
+ return rcode;
+}
+
+U_BOOT_CMD(
+ hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
+ "display HAB status",
+ ""
+ );
+
+U_BOOT_CMD(
+ hab_auth_img, 3, 0, do_authenticate_image,
+ "authenticate image via HAB",
+ "addr ivt_offset\n"
+ "addr - image hex address\n"
+ "ivt_offset - hex offset of IVT in the image"
+ );
+
+
+#endif /* !defined(CONFIG_SPL_BUILD) */
+
+static bool is_hab_enabled(void)
+{
+ struct imx_sec_config_fuse_t *fuse =
+ (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
+ uint32_t reg;
+ int ret;
+
+ ret = fuse_read(fuse->bank, fuse->word, ®);
+ if (ret) {
+ puts("\nSecure boot fuse read error\n");
+ return ret;
+ }
+
+ return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
+}
+
uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
{
uint32_t load_addr = 0;
(void *)(ddr_start + ivt_offset+IVT_SIZE),
4, 0x10, 0);
+#if !defined(CONFIG_SPL_BUILD)
get_hab_status();
+#endif
puts("\nCalling authenticate_image in ROM\n");
printf("\tivt_offset = 0x%x\n", ivt_offset);
hab_caam_clock_enable(0);
+#if !defined(CONFIG_SPL_BUILD)
get_hab_status();
+#endif
} else {
puts("hab fuse not enabled\n");
}
return result;
}
-
-int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
-{
- if ((argc != 1)) {
- cmd_usage(cmdtp);
- return 1;
- }
-
- get_hab_status();
-
- return 0;
-}
-
-static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
- char * const argv[])
-{
- ulong addr, ivt_offset;
- int rcode = 0;
-
- if (argc < 3)
- return CMD_RET_USAGE;
-
- addr = simple_strtoul(argv[1], NULL, 16);
- ivt_offset = simple_strtoul(argv[2], NULL, 16);
-
- rcode = authenticate_image(addr, ivt_offset);
-
- return rcode;
-}
-
-U_BOOT_CMD(
- hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
- "display HAB status",
- ""
- );
-
-U_BOOT_CMD(
- hab_auth_img, 3, 0, do_authenticate_image,
- "authenticate image via HAB",
- "addr ivt_offset\n"
- "addr - image hex address\n"
- "ivt_offset - hex offset of IVT in the image"
- );
#include <asm/arch/imx-regs.h>
#include <asm/spl.h>
#include <spl.h>
+#include <asm/imx-common/hab.h>
#if defined(CONFIG_MX6)
/* determine boot device from SRC_SBMR1 (BOOT_CFG[4:1]) or SRC_GPR9 register */
}
}
#endif
+
+#if defined(CONFIG_SECURE_BOOT)
+
+__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
+{
+ typedef void __noreturn (*image_entry_noargs_t)(void);
+
+ image_entry_noargs_t image_entry =
+ (image_entry_noargs_t)(unsigned long)spl_image->entry_point;
+
+ debug("image entry point: 0x%X\n", spl_image->entry_point);
+
+ /* HAB looks for the CSF at the end of the authenticated data therefore,
+ * we need to subtract the size of the CSF from the actual filesize */
+ if (authenticate_image(spl_image->load_addr,
+ spl_image->size - CONFIG_CSF_SIZE)) {
+ image_entry();
+ } else {
+ puts("spl: ERROR: image authentication unsuccessful\n");
+ hang();
+ }
+}
+
+#endif
projects / u-boot / commitdiff