Linux_SDK_V1.2.1

Signed-off-by: thead_admin <occ_thead@service.alibaba.com>
author: thead_admin <occ_thead@service.alibaba.com> 2023-08-07 11:22:40 +0800
committer: Han Gao <rabenda.cn@gmail.com> 2023-08-19 02:17:24 +0800
commit: 329e2581fe5bd0afdb59c1b1d715124bc82262e2 (patch)
tree: 981839f10f0e2dba43e7a6725ad4d0b6e65ed10c /board
parent: 8337ee75f4872682ce9fe266274c8c916938ecc7 (diff)
13 files changed, 383 insertions, 112 deletions
diff --git a/board/thead/light-c910/Kconfig b/board/thead/light-c910/Kconfig
index 26907eae..5dd65f43 100644
--- a/board/thead/light-c910/Kconfig
+++ b/board/thead/light-c910/Kconfig
@@ -34,22 +34,53 @@ config SYS_BOARD
 config SYS_CONFIG_NAME
     default "light-c910"
 
+config LIGHT_BOOT_FORCE_SEQ
+	bool "light boot force sequence"
+	default n
+
 config LIGHT_SEC_UPGRADE
     bool "light secure upgrade"
     default n
 
+config LIGHT_ANDROID_BOOT_IMAGE_VAL_A
+    bool "light board-a android image"
+    default n
+
+config AVB_USE_OEM_KEY
+    bool "AVB signature with OEM key"
+    default n
+
+config AVB_ROLLBACK_ENABLE
+    bool "AVB rollback index in RPMB"
+    default n
+
+config AVB_HW_ENGINE_ENABLE
+    bool "AVB Hardware cryptographic engine enable"
+    default n
+
+config LIGHT_ANDROID_BOOT_IMAGE_VAL_B
+    bool "light board-b android image"
+    default n
+
+config LIGHT_ANDROID_BOOT_IMAGE_VAL_LPI4A
+    bool "light board-lpi4a android image"
+    default n
+
 config LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A
     bool "light board-a security boot with verification"
     default n
 
 config LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B
-	bool "light board-b security boot with verification"
+    bool "light board-b security boot with verification"
+    default n
 
 config LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF
-	bool "light ant ref security boot with verification"
+    bool "light ant ref security boot with verification"
+    default n
 
 config LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A
-	bool "light lpi4a security boot with verification"
+    bool "light lpi4a security boot with verification"
+    default n
 
 config TARGET_LIGHT_FPGA_FM_C910
     bool "light fullmask FPGA board"
diff --git a/board/thead/light-c910/Makefile b/board/thead/light-c910/Makefile
index 3847a0b8..21e9649b 100644
--- a/board/thead/light-c910/Makefile
+++ b/board/thead/light-c910/Makefile
@@ -68,4 +68,5 @@ endif
 obj-y += light-sv/pll_io_test.o
 obj-y += light-sv/adc_test.o
 obj-y += version_rollback.o
+obj-$(CONFIG_AVB_VERIFY) += secimg_load.o
 endif
diff --git a/board/thead/light-c910/board.c b/board/thead/light-c910/board.c
index fa3ecc52..b02b0e95 100644
--- a/board/thead/light-c910/board.c
+++ b/board/thead/light-c910/board.c
@@ -50,9 +50,9 @@ int g_dnl_board_usb_cable_connected(void)
 
 #define C906_RST_ADDR_L		0xfffff48048
 #define C906_RST_ADDR_H		0xfffff4804C
-#define C906_START_ADDRESS_L	0xc0000000
-#define C906_START_ADDRESS_H	0xff
-#define C910_C906_START_ADDRESS	0xffc0000000
+#define C906_START_ADDRESS_L	0x32000000
+#define C906_START_ADDRESS_H	0x00
+#define C910_C906_START_ADDRESS	0x0032000000
 #define C906_CPR_IPCG_ADDRESS   0xFFCB000010
 #define C906_IOCTL_GPIO_SEL_ADDRESS     0xFFCB01D000
 #define C906_IOCTL_AF_SELH_ADDRESS      0xFFCB01D008
diff --git a/board/thead/light-c910/boot.c b/board/thead/light-c910/boot.c
index 1922638d..24f3776f 100644
--- a/board/thead/light-c910/boot.c
+++ b/board/thead/light-c910/boot.c
@@ -42,6 +42,7 @@ static unsigned int upgrade_image_version = 0;
 #define RPMB_EMMC_CID_SIZE 16
 #define RPMB_CID_PRV_OFFSET             9
 #define RPMB_CID_CRC_OFFSET             15
+#ifdef LIGHT_KDF_RPMB_KEY
 static int tee_rpmb_key_gen(uint8_t* key, uint32_t * length)
 {
 	uint32_t data[RPMB_EMMC_CID_SIZE / 4];
@@ -107,17 +108,17 @@ func_exit:
 	return ret;
 
 }
+#endif
 
 int csi_rpmb_write_access_key(void) 
 {
+#ifdef LIGHT_KDF_RPMB_KEY
     unsigned long *temp_rpmb_key_addr = NULL;
     char runcmd[64] = {0};
     uint8_t blkdata[256] = {0};
     __attribute__((__aligned__(8))) uint8_t kdf_rpmb_key[32];
-	uint32_t kdf_rpmb_key_length = 0;
+    uint32_t kdf_rpmb_key_length = 0;
 	int ret = 0;
-
-#ifdef LIGHT_KDF_RPMB_KEY
     /* Step1: retrive RPMB key from KDF function */
 	ret = tee_rpmb_key_gen(kdf_rpmb_key, &kdf_rpmb_key_length);
 	if (ret != 0) {
@@ -294,7 +295,7 @@ int csi_uboot_get_image_version(unsigned int *ver)
 	unsigned int ver_x = 0;
 	int ret = 0;
 
-	ret = csi_efuse_api_int();
+	ret = csi_efuse_api_init();
 	if (ret) {
 		printf("efuse api init fail \n");
 		return -1;
@@ -320,7 +321,6 @@ int csi_uboot_set_image_version(unsigned int ver)
 	//TODO
 	unsigned long long uboot_ver = 0;
 	unsigned char ver_x = (ver & 0xff00) >> 8;
-    char ver_str[32] = {0};
 
 	uboot_ver = env_get_hex("uboot_version", 0xffffffffffffffff);
 
@@ -343,7 +343,7 @@ int csi_uboot_set_image_version(unsigned int ver)
 		return 0;
 	}
 
-	ret = csi_efuse_api_int();
+	ret = csi_efuse_api_init();
 	if (ret) {
 		printf("efuse api init fail \n");
 		return -1;
@@ -411,6 +411,9 @@ int check_image_version_rule(unsigned int new_ver, unsigned int cur_ver)
 	cur_ver_x = (cur_ver & 0xFF00) >> 8;
 	cur_ver_y = cur_ver & 0xFF;
 
+    (void)new_ver_y;
+    (void)cur_ver_y;
+
 	/* Ensure image version must be less than expected version */
 	if (new_ver_x < cur_ver_x) {
 		return -1;
@@ -588,10 +591,8 @@ int light_secboot(int argc, char * const argv[])
 	int ret = 0;
 	unsigned long tf_addr = LIGHT_TF_FW_ADDR;
 	unsigned long tee_addr = LIGHT_TEE_FW_ADDR;
-    unsigned long kernel_addr = LIGHT_KERNEL_ADDR;
 	unsigned int tf_image_size = 0;
 	unsigned int tee_image_size = 0;
-	unsigned int kernel_image_size = 0;
 
 	printf("\n\n");
 	printf("Now, we start to verify all trust firmware before boot kernel !\n");
@@ -759,7 +760,7 @@ void sec_upgrade_thread(void)
 		} else {
             image_buffer = image_malloc_buffer;
         }
-        memcpy(image_buffer, temp_addr, upgrade_file_size);
+        memcpy(image_buffer, (void*)temp_addr, upgrade_file_size);
 
 		/* STEP 2: verify its authentiticy here */
 		sprintf(runcmd, "vimage 0x%p tf", (void *)temp_addr);
@@ -820,7 +821,7 @@ _upgrade_tf_exit:
 		} else {
             image_buffer = image_malloc_buffer;
         }
-        memcpy(image_buffer, temp_addr, upgrade_file_size);
+        memcpy(image_buffer, (void*)temp_addr, upgrade_file_size);
 
 		/* STEP 2: verify its authentiticy here */
 		sprintf(runcmd, "vimage 0x%p tee", (void *)temp_addr);
diff --git a/board/thead/light-c910/clock_config.c b/board/thead/light-c910/clock_config.c
index e1b52190..50036fb4 100644
--- a/board/thead/light-c910/clock_config.c
+++ b/board/thead/light-c910/clock_config.c
@@ -1146,6 +1146,7 @@ void ap_mipi_dsi1_clk_endisable(bool en)
 	writel(cfg1, (void __iomem *)AP_DPU1_PLL_CFG1);
 }
 
+#if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_ANT_DISCRETE) || defined (CONFIG_TARGET_LIGHT_FM_C910_BEAGLE) || defined (CONFIG_TARGET_LIGHT_FM_C910_B_REF) || defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_ANT_REF) || defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER) || defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B) || defined (CONFIG_TARGET_LIGHT_FM_C910_LPI4A)
 static void ap_multimedia_div_num_set(enum multimedia_div_type type, unsigned int div_num)
 {
 	unsigned long div_reg;
@@ -1209,6 +1210,7 @@ static void ap_multimedia_div_num_set(enum multimedia_div_type type, unsigned in
 	div_cfg |= div_en;
 	writel(div_cfg, (void __iomem *)div_reg);
 }
+#endif
 
 int clk_config(void)
 {
diff --git a/board/thead/light-c910/light.c b/board/thead/light-c910/light.c
index 76e12bec..edd9307c 100644
--- a/board/thead/light-c910/light.c
+++ b/board/thead/light-c910/light.c
@@ -913,14 +913,14 @@ static void light_iopin_init(void)
 	light_pin_cfg(GPIO1_2,PIN_SPEED_NORMAL,PIN_PN,2);
 	light_pin_cfg(GPIO1_3,PIN_SPEED_NORMAL,PIN_PN,2);
 	light_pin_cfg(GPIO1_4,PIN_SPEED_NORMAL,PIN_PN,2);
-#ifndef defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER)
+#if ! defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER)
 	light_pin_cfg(GPIO1_9,PIN_SPEED_NORMAL,PIN_PN,2); //soc_vdd18_lcd0_en_reg --backup regulator
 #else
 	light_pin_cfg(GPIO1_9,PIN_SPEED_NORMAL,PIN_PU,2); //soc_vdd18_lcd0_en_reg
 #endif
 	light_pin_cfg(GPIO1_10,PIN_SPEED_NORMAL,PIN_PN,2);//soc_lcd0_bias_en_reg
 	light_pin_cfg(GPIO1_11,PIN_SPEED_NORMAL,PIN_PN,2);
-#ifndef defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER)
+#if ! defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER)
 	light_pin_cfg(GPIO1_12,PIN_SPEED_NORMAL,PIN_PN,2);//reg_tp_pwr_en --touch pannel
 #else
 	light_pin_cfg(GPIO1_12,PIN_SPEED_NORMAL,PIN_PU,2);//reg_tp_pwr_en --touch pannel
diff --git a/board/thead/light-c910/lpddr-regu/ddr_regu.c b/board/thead/light-c910/lpddr-regu/ddr_regu.c
index 868af141..72d1f815 100644
--- a/board/thead/light-c910/lpddr-regu/ddr_regu.c
+++ b/board/thead/light-c910/lpddr-regu/ddr_regu.c
@@ -165,6 +165,7 @@ static const struct regulator_t g_apcpu_regu_id_list[] = {
 	}
 };
 #else
+#if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B)
 /**
  * board for EB064A10/EB064A11
  *
@@ -183,6 +184,7 @@ static const struct regulator_t g_regu_id_list[] = {
 		REGU_ID_DEF(IIC_IDX_AONIIC,DDR_VDD_REGU_1V1,0x5A,0xA7,0,1,CONFIG_DDR_REGU_1V1,800000,1500000,20000,0),
 	}
 };
+#endif
 
 static const struct regulator_t g_apcpu_regu_id_list[] = {
 	{
@@ -236,7 +238,7 @@ static int wait_iic_receive(dw_iic_regs_t *iic_base, uint32_t wait_data_num, uin
 }
 
 
-unsigned long soc_get_iic_freq(uint32_t idx)
+static unsigned long soc_get_iic_freq(uint32_t idx)
 {
 	if (idx == IIC_IDX_AONIIC){
 		return 49152000U;
@@ -651,6 +653,7 @@ int32_t csi_iic_mem_receive_sr(csi_iic_t *iic, uint32_t devaddr, uint16_t memadd
     return read_count;
 }
 
+#if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_A) ||defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B)
 static int pmic_read_reg_sr(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset, uint32_t *val)
 {
 	int32_t num;
@@ -662,6 +665,7 @@ static int pmic_read_reg_sr(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t off
 	*val = temp[0];
 	return 0;
 }
+#endif
 
 static int pmic_write_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset, uint32_t val)
 {
@@ -688,6 +692,7 @@ static int pmic_write_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offse
 	return 0;
 }
 
+#if !defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_A) && !defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B)
 static int pmic_read_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset, uint32_t *val)
 {
 	int32_t num;
@@ -716,6 +721,7 @@ static int pmic_read_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset
 	*val = temp[0];
 	return 0;
 }
+#endif 
 
 static int _pmic_ddr_regu_init(uint32_t idx)
 {
@@ -818,13 +824,14 @@ int pmic_ddr_regu_init(void)
 int pmic_ddr_set_voltage(void)
 {
 	int ret = 0;
+
+#if 0 //currently,no need to modify ddr regulator voltage
 	uint32_t val = 0;
 	uint32_t regu_num = ARRAY_SIZE(g_regu_id_list);
 	uint32_t i;
 	struct regulator_t *pregu;
 	csi_iic_t          *dev_handle;
 
-#if 0 //currently,no need to modify ddr regulator voltage
 	pregu = (struct regulator_t*)g_regu_id_list;
 	for (i = 0; i < regu_num; i++, pregu++) {
 		if (pregu->regu_vol_target < pregu->regu_vol_min || pregu->regu_vol_target > pregu->regu_vol_max)
@@ -838,6 +845,10 @@ int pmic_ddr_set_voltage(void)
 #endif
 
 #if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B)
+	uint32_t val = 0;
+	struct regulator_t *pregu;
+	csi_iic_t          *dev_handle;
+
 	/*enable lcd0_en ldo*/
 	pregu = (struct regulator_t*)&g_regu_id_list[LCD0_EN];
 	dev_handle = pmic_get_iic_handle(pregu->iic_id);
diff --git a/board/thead/light-c910/lpddr4/include/ddr_common_func.h b/board/thead/light-c910/lpddr4/include/ddr_common_func.h
index 670477b5..de600b32 100644
--- a/board/thead/light-c910/lpddr4/include/ddr_common_func.h
+++ b/board/thead/light-c910/lpddr4/include/ddr_common_func.h
@@ -48,5 +48,5 @@ void ctrl_init(int rank_num, int speed);
 void addrmap(int rank_num, enum DDR_BITWIDTH bits);
 void ctrl_en(enum DDR_BITWIDTH bits);
 void enable_auto_refresh(void);
-
+void lpddr4_auto_selref(void);
 #endif // DDR_COMMON_FUNCE_H
diff --git a/board/thead/light-c910/lpddr4/src/ddr_common_func.c b/board/thead/light-c910/lpddr4/src/ddr_common_func.c
index 55155eb4..40276f6e 100644
--- a/board/thead/light-c910/lpddr4/src/ddr_common_func.c
+++ b/board/thead/light-c910/lpddr4/src/ddr_common_func.c
@@ -1132,7 +1132,7 @@ void ddr_soc_pll_disable () {
   printf("DDR SOC PLL PowerDown \n");
 #endif
 }
-void lpddr4_auto_selref()
+void lpddr4_auto_selref(void)
 {
   ddr_sysreg_wr(DDR_CFG1,0xa0000);   //remove core clock after xx
   wr(SWCTL,0);
diff --git a/board/thead/light-c910/sec_check.c b/board/thead/light-c910/sec_check.c
index 29a3ca56..af44ec9b 100644
--- a/board/thead/light-c910/sec_check.c
+++ b/board/thead/light-c910/sec_check.c
@@ -12,7 +12,7 @@
 #include <asm/arch-thead/boot_mode.h>
 #include "../../../lib/sec_library/include/csi_sec_img_verify.h"
 
-extern int csi_efuse_api_int(void);
+extern int csi_efuse_api_init(void);
 extern int csi_efuse_api_unint(void);
 extern int csi_efuse_read_raw(uint32_t addr, void *data, uint32_t cnt);
 extern int csi_efuse_write_raw(uint32_t addr, const void *data, uint32_t cnt);
@@ -35,7 +35,7 @@ int csi_sec_init(void)
 	char *version;
 
 	/* Initialize eFuse module */
-	ret = csi_efuse_api_int();
+	ret = csi_efuse_api_init();
 	if (ret) {
 		printf("efuse init faild[%d]\n", ret);
 		 goto exit;
@@ -62,7 +62,7 @@ void designware_get_mac_from_fuse(unsigned char *mac)
 	int ret;
 
 	/* Initialize eFuse module */
-	ret = csi_efuse_api_int();
+	ret = csi_efuse_api_init();
 	if (ret) {
 		printf("efuse init faild[%d]\n", ret);
 		return;
@@ -75,6 +75,87 @@ void designware_get_mac_from_fuse(unsigned char *mac)
 	}
 }
 
+#if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A)
+/* Secure function for image verificaiton here */
+int get_image_version(unsigned long img_src_addr)
+{
+	img_header_t *img = (img_header_t *)img_src_addr;
+	uint8_t magiccode[4] = {0};
+	
+	magiccode[3] = img->magic_num & 0xff;
+	magiccode[2] = (img->magic_num & 0xff00) >> 8;
+	magiccode[1] = (img->magic_num & 0xff0000) >> 16;
+	magiccode[0] = (img->magic_num & 0xff000000) >> 24;
+	if (memcmp(header_magic, magiccode, 4) == 0) {
+		return -1;
+	}
+	
+	return img->image_version;
+}
+
+int get_image_size(unsigned long img_src_addr)
+{
+	img_header_t *img = (img_header_t *)img_src_addr;
+	uint8_t magiccode[4] = {0};
+	
+	magiccode[3] = img->magic_num & 0xff;
+	magiccode[2] = (img->magic_num & 0xff00) >> 8;
+	magiccode[1] = (img->magic_num & 0xff0000) >> 16;
+	magiccode[0] = (img->magic_num & 0xff000000) >> 24;
+	if (memcmp(header_magic, magiccode, 4) == 0) {
+		return -1;
+	}
+	
+	return img->image_size;
+}
+
+void dump_image_header_info(long addr)
+{
+	img_header_t *phead = (img_header_t *)addr;
+
+	printf("\n---------------------------------------------\n");
+	printf("entry point: 0x%x\n", phead->entry_point);
+	printf("image size: %d Bytes\n", phead->image_size);
+	printf("head version: 0x%x\n", phead->head_version);
+	printf("image version: 0x%x\n", phead->image_version);
+	printf("image checksum: 0x%x\n", phead->image_checksum);
+	printf("image run addr: 0x%llx\n", phead->image_run_addr);
+	printf("image offset: 0x%x\n", phead->image_offset);
+	printf("image digest scheme: %d\n", phead->digest_scheme);
+	printf("image sign scheme: %d\n", phead->signature_scheme);
+	printf("image encrypt type: %d\n", phead->encrypt_type);
+	printf("\n---------------------------------------------\n");
+}
+
+int verify_customer_image(img_type_t type, long addr)
+{
+	int ret;
+    
+	/* Double check image number */
+	if (image_have_head(addr) == 0)
+		return -1;
+
+	/* Dump image header information here */
+	dump_image_header_info(addr);
+
+	/* Call customer image verification function */
+	if ((type == T_TF) || (type == T_TEE) || (type == T_KRLIMG)) {
+		ret = csi_sec_custom_image_verify(addr, UBOOT_STAGE_ADDR);
+		if (ret) {
+			printf("Image(%d) is verified fail, Please go to check!\n\n", type);
+			return ret;
+		}
+	} else if (type == T_UBOOT) {
+		ret = csi_sec_uboot_image_verify(addr, addr - PUBKEY_HEADER_SIZE);
+		if (ret) {
+			printf("Image(%s) is verified fail, Please go to check!\n\n", "uboot");
+			return ret;
+		}
+	}
+
+	return 0;
+}
+#else
 static int strtou32(const char *str, unsigned int base, u32 *result)
 {
 	char *ep;
@@ -110,7 +191,7 @@ static int do_fuse(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	int ret, i;
 
 	/* Initialize eFuse module */
-	ret = csi_efuse_api_int();
+	ret = csi_efuse_api_init();
 	if (ret) {
 		printf("efuse init faild[%d]\n", ret);
 		goto err;
@@ -180,88 +261,6 @@ err:
 	return CMD_RET_FAILURE;
 }
 
-#if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A)
-/* Secure function for image verificaiton here */
-int get_image_version(unsigned long img_src_addr)
-{
-	img_header_t *img = (img_header_t *)img_src_addr;
-	uint8_t magiccode[4] = {0};
-	
-	magiccode[3] = img->magic_num & 0xff;
-	magiccode[2] = (img->magic_num & 0xff00) >> 8;
-	magiccode[1] = (img->magic_num & 0xff0000) >> 16;
-	magiccode[0] = (img->magic_num & 0xff000000) >> 24;
-	if (memcmp(header_magic, magiccode, 4) == 0) {
-		return -1;
-	}
-	
-	return img->image_version;
-}
-
-int get_image_size(unsigned long img_src_addr)
-{
-	img_header_t *img = (img_header_t *)img_src_addr;
-	uint8_t magiccode[4] = {0};
-	
-	magiccode[3] = img->magic_num & 0xff;
-	magiccode[2] = (img->magic_num & 0xff00) >> 8;
-	magiccode[1] = (img->magic_num & 0xff0000) >> 16;
-	magiccode[0] = (img->magic_num & 0xff000000) >> 24;
-	if (memcmp(header_magic, magiccode, 4) == 0) {
-		return -1;
-	}
-	
-	return img->image_size;
-}
-
-void dump_image_header_info(long addr)
-{
-	img_header_t *phead = (img_header_t *)addr;
-
-	printf("\n---------------------------------------------\n");
-	printf("entry point: 0x%x\n", phead->entry_point);
-	printf("image size: %d Bytes\n", phead->image_size);
-	printf("head version: 0x%x\n", phead->head_version);
-	printf("image version: 0x%x\n", phead->image_version);
-	printf("image checksum: 0x%x\n", phead->image_checksum);
-	printf("image run addr: 0x%llx\n", phead->image_run_addr);
-	printf("image offset: 0x%x\n", phead->image_offset);
-	printf("image digest scheme: %d\n", phead->digest_scheme);
-	printf("image sign scheme: %d\n", phead->signature_scheme);
-	printf("image encrypt type: %d\n", phead->encrypt_type);
-	printf("\n---------------------------------------------\n");
-}
-
-int verify_customer_image(img_type_t type, long addr)
-{
-	int ret;
-    const char *image_name = "";
-    
-	/* Double check image number */
-	if (image_have_head(addr) == 0)
-		return -1;
-
-	/* Dump image header information here */
-	dump_image_header_info(addr);
-
-	/* Call customer image verification function */
-	if ((type == T_TF) || (type == T_TEE) || (type == T_KRLIMG)) {
-		ret = csi_sec_custom_image_verify(addr, UBOOT_STAGE_ADDR);
-		if (ret) {
-			printf("Image(%d) is verified fail, Please go to check!\n\n", type);
-			return ret;
-		}
-	} else if (type == T_UBOOT) {
-		ret = csi_sec_uboot_image_verify(addr, addr - PUBKEY_HEADER_SIZE);
-		if (ret) {
-			printf("Image(%s) is verified fail, Please go to check!\n\n", "uboot");
-			return ret;
-		}
-	}
-
-	return 0;
-}
-#else
 U_BOOT_CMD(
 	efuse, CONFIG_SYS_MAXARGS, 0, do_fuse,
 	"eFuse sub-system",
diff --git a/board/thead/light-c910/secimg_load.c b/board/thead/light-c910/secimg_load.c
new file mode 100644
index 00000000..f5f1111e
--- /dev/null
+++ b/board/thead/light-c910/secimg_load.c
@@ -0,0 +1,212 @@
+/*
+ * (C) Copyright 2018, Linaro Limited
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+#include <command.h>
+#include <env.h>
+#include <configs/light-c910.h>
+#include <asm/arch-thead/boot_mode.h>
+#include "sec_library.h"
+
+#define ENV_SECIMG_LOAD     "sec_m_load"
+#define VAL_SECIMG_LOAD     "ext4load mmc 0:7 $tf_addr trust_firmware.bin; ext4load mmc 0:7 $tee_addr tee.bin"
+
+#define RPMB_BLOCK_SIZE 256
+#define RPMB_ROLLBACK_BLOCK_START 1
+
+#ifndef LIGHT_KDF_RPMB_KEYs
+static const unsigned char emmc_rpmb_key_sample[32] = {0x33, 0x22, 0x11, 0x00, 0x77, 0x66, 0x55, 0x44, \
+												0xbb, 0xaa, 0x99, 0x88, 0xff, 0xee, 0xdd, 0xcc, \
+												0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
+												0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+#endif
+
+extern int sprintf(char *buf, const char *fmt, ...);
+
+static int get_rpmb_key(uint8_t key[32])
+{
+#ifndef LIGHT_KDF_RPMB_KEY 
+    memcpy(key, emmc_rpmb_key_sample, sizeof(emmc_rpmb_key_sample));
+
+    return 0;
+#else 
+	uint32_t kdf_rpmb_key_length = 0;
+	int ret = 0;
+	ret = csi_kdf_gen_hmac_key(key, &kdf_rpmb_key_length);
+	if (ret != 0) {
+		return -1;
+	}
+
+    return 0;
+#endif
+}
+
+static int get_image_file_size(unsigned long img_src_addr)
+{
+	img_header_t *img = (img_header_t *)img_src_addr;
+	uint8_t magiccode[4] = {0};
+	
+	magiccode[3] = img->magic_num & 0xff;
+	magiccode[2] = (img->magic_num & 0xff00) >> 8;
+	magiccode[1] = (img->magic_num & 0xff0000) >> 16;
+	magiccode[0] = (img->magic_num & 0xff000000) >> 24;
+	if (memcmp(header_magic, magiccode, 4) == 0) {
+		return -1;
+	}
+	
+	return img->image_size;
+}
+
+static int verify_and_load_image(unsigned long image_addr_src, unsigned long image_addr_dst)
+{
+    int ret = 0;
+	unsigned int image_size = 0;
+
+	if (image_have_head(image_addr_src) == 1) {
+        ret = csi_sec_init();
+        if (ret != 0) {
+			return -1;
+		}
+        
+        ret = csi_sec_custom_image_verify(image_addr_src, UBOOT_STAGE_ADDR);
+        if (ret != 0) {
+            printf("image verify error\r\n");
+            return -2;
+        }
+		
+		image_size = get_image_file_size(image_addr_src);
+		if (image_size  < 0) {
+            printf("image get size error\r\n");
+			return -3;
+		}
+
+		memmove((void *)image_addr_dst, (const void *)(image_addr_src + HEADER_SIZE), image_size);
+	} else {
+        printf("in secure mode but image has no header\r\n");
+		return -4;
+	}
+
+    return 0;
+}
+
+int verify_and_load_tee_tf_image(void)
+{
+    int ret = 0;
+
+    ret = verify_and_load_image(LIGHT_TF_FW_TMP_ADDR, LIGHT_TF_FW_ADDR);
+    if (ret != 0) {
+        printf("verify tf image failed\r\n");
+        return ret;
+    }
+    printf("verify trust firmware image success\r\n");
+
+    ret = verify_and_load_image(LIGHT_TEE_FW_ADDR, LIGHT_TEE_FW_ADDR);
+    if (ret != 0) {
+        printf("verify tee image failed\r\n");
+        return ret;
+    }
+    printf("verify tee image success\r\n");
+
+    return 0;
+}
+
+/* In order to use common bootloader for both secure boot and non-secure boot,
+   we only know the boot type through reading the sec_boot field in efuse. Due to 
+   the efuse is only accessed in lifecycle(DEV/OEM/PRO/RMP), we ensure it must be 
+   non-secure boot in lifecycle(INIT) */
+bool get_system_boot_type(void)
+{
+	bool btype = false; /* false: non-secure boot | true: secure boot */
+	int lc = 0;
+	sboot_st_t sb_flag = SECURE_BOOT_DIS;
+	int ret = 0;
+
+	ret = csi_efuse_get_lc(&lc);
+	/* 0: LC_INIT, 1: LC_DEV, 2: LC_OEM, 3: LC_PRO */
+	if ((ret == 0) && (lc != 0)) {
+		csi_efuse_api_init();
+
+		/* Check platform secure boot enable ? */
+		ret = csi_efuse_get_secure_boot_st(&sb_flag);
+		if ((ret == 0) && (sb_flag == SECURE_BOOT_EN))
+			btype = true;
+
+		csi_efuse_api_uninit();
+	}
+
+	return btype;
+}
+
+int sec_read_rollback_index(size_t rollback_index_slot, uint64_t *out_rollback_index)
+{
+	char runcmd[64] = {0};
+	unsigned char blkdata[RPMB_BLOCK_SIZE];
+    size_t rpmb_block = (rollback_index_slot * sizeof(uint64_t)) / RPMB_BLOCK_SIZE + RPMB_ROLLBACK_BLOCK_START;
+    size_t rpmb_offset = (rollback_index_slot * sizeof(uint64_t)) % RPMB_BLOCK_SIZE;
+
+    sprintf(runcmd, "mmc rpmb read 0x%lx %ld 1", (unsigned long)blkdata, rpmb_block);
+	if(run_command(runcmd, 0)) {
+        printf("read_rollback_index failed, mmc read error\r\n");
+        return -1;
+    }
+
+    *out_rollback_index = *(uint64_t*)(blkdata + rpmb_offset);
+	return 0;
+}
+
+int sec_write_rollback_index(size_t rollback_index_slot, uint64_t rollback_index)
+{
+    char runcmd[64] = {0};
+	unsigned char blkdata[RPMB_BLOCK_SIZE];
+    size_t rpmb_block = (rollback_index_slot * sizeof(uint64_t)) / RPMB_BLOCK_SIZE + RPMB_ROLLBACK_BLOCK_START;
+    size_t rpmb_offset = (rollback_index_slot * sizeof(uint64_t)) % RPMB_BLOCK_SIZE;
+    uint8_t rpmb_key[32];
+
+    sprintf(runcmd, "mmc rpmb read 0x%lx %ld 1", (unsigned long)blkdata, rpmb_block);
+	if(run_command(runcmd, 0)) {
+        printf("read_rollback_index failed, mmc read error\r\n");
+        return -1;
+    }
+
+    *(uint64_t*)(blkdata + rpmb_offset) = rollback_index;
+    
+    if (get_rpmb_key(rpmb_key) != 0) {
+        return -2;
+    }
+
+	sprintf(runcmd, "mmc rpmb write 0x%lx %ld 1 0x%lx", (unsigned long)blkdata, rpmb_block, (unsigned long)rpmb_key);
+    if(run_command(runcmd, 0)) {
+        printf("read_rollback_index failed, mmc write error\r\n");
+        return -3;
+    }
+
+    return 0;
+}
+
+static int do_secimg_load(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+    bool sb_enable = false;
+    const char *secimgs_load_str = VAL_SECIMG_LOAD;
+    int ret = -1;
+    sb_enable = get_system_boot_type();
+    if (sb_enable) {
+        /* By default, the value for ENV-SEC-M-LOAD is always to load opensbi image.
+         * if secure boot is enable, we force to change the value to load tee image.
+         * but Never to save it in volatile-RAM
+         */
+        ret = env_set(ENV_SECIMG_LOAD, secimgs_load_str);
+        if (ret != 0) {
+            printf("Rewrite ENV (%s) fails\n", ENV_SECIMG_LOAD);
+            return CMD_RET_FAILURE;
+        }
+    }
+    
+	return CMD_RET_SUCCESS;
+}
+
+U_BOOT_CMD(
+	secimg_load, 1, 1,	do_secimg_load,
+	"Runtime-load secure image if secure system is enable",
+	NULL
+);
diff --git a/board/thead/light-c910/spl.c b/board/thead/light-c910/spl.c
index 8c868046..530c8cbf 100644
--- a/board/thead/light-c910/spl.c
+++ b/board/thead/light-c910/spl.c
@@ -48,6 +48,7 @@ static struct light_reset_list light_post_reset_lists[] = {
 	{0x00000002, 0xFFEF528000}, /* VO sys_reg: GPU rst */
 	{0x00000003, 0xFFEF528000}, /* VO sys_reg: GPU rst */
 	{0x00000007, 0xFFFF529004}, /* VO sys_reg: DPU rst */
+	{0x07FFFF18, 0xFFCB000014}, /* Audio sys_reg: DMA rst */
 };
 
 static void light_pre_reset_config(void)
@@ -399,9 +400,20 @@ void board_init_f(ulong dummy)
 	light_board_init_r(NULL, 0);
 }
 
+static uint32_t get_custom_boot_seq(void)
+{
+	/* boot media definition */
+	/* BOOT_DEVICE_MMC1 - boot from eMMC or SD card */
+	/* BOOT_DEVICE_NAND - boot from nand flash */
+	/* BOOT_DEVICE_SPI - boot from spi flash */
+	/* TODO: user can decide the boot media according their own configuration */
+	return BOOT_DEVICE_MMC1;
+}
+
 void board_boot_order(u32 *spl_boot_list)
 {
 #define SOC_OM_ADDRBASE        0xffef018010
+#if CONFIG_IS_ENABLED(LIGHT_BOOT_FORCE_SEQ)
 	switch (readl((void *)SOC_OM_ADDRBASE) & 0x7) {
 	case 0:
 	case 1:
@@ -428,6 +440,8 @@ void board_boot_order(u32 *spl_boot_list)
 	default:
 		spl_boot_list[0] = BOOT_DEVICE_NONE;
 	}
-
+#else
+	spl_boot_list[0] = get_custom_boot_seq();
+#endif
 	cpu_performance_enable();
 }
diff --git a/board/thead/light-c910/sys_clk.c b/board/thead/light-c910/sys_clk.c
index c18fdb2c..8c237790 100644
--- a/board/thead/light-c910/sys_clk.c
+++ b/board/thead/light-c910/sys_clk.c
@@ -43,9 +43,9 @@ void cpu_clk_config(uint32_t cpu_freq)
 	udelay(11);
 
 	/* config bus: cpu clk ratio to 1:1 */
-	writel((readl(LIGHT_APCLK_ADDRBASE + 0x100) & (~(0x7<<8))) | (0x0<<8), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // ratio=0
-	writel(readl(LIGHT_APCLK_ADDRBASE + 0x100) & (~(0x1<<11)), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=0
-	writel(readl(LIGHT_APCLK_ADDRBASE + 0x100) | (0x1<<11), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=1
+	writel((readl((const volatile void __iomem *)(LIGHT_APCLK_ADDRBASE + 0x100)) & (~(0x7<<8))) | (0x0<<8), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // ratio=0
+	writel(readl((const volatile void __iomem *)(LIGHT_APCLK_ADDRBASE + 0x100)) & (~(0x1<<11)), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=0
+	writel(readl((const volatile void __iomem *)(LIGHT_APCLK_ADDRBASE + 0x100)) | (0x1<<11), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=1
 
 	/* switch c910_cclk to cpu_pll1_foutpostdiv */
 	tmp = readl((void *)LIGHT_APCLK_ADDRBASE + 0x100);
author	thead_admin <occ_thead@service.alibaba.com>	2023-08-07 11:22:40 +0800
committer	Han Gao <rabenda.cn@gmail.com>	2023-08-19 02:17:24 +0800
commit	329e2581fe5bd0afdb59c1b1d715124bc82262e2 (patch)
tree	981839f10f0e2dba43e7a6725ad4d0b6e65ed10c /board
parent	8337ee75f4872682ce9fe266274c8c916938ecc7 (diff)