diff options
Diffstat (limited to 'board/thead/light-c910')
| -rw-r--r-- | board/thead/light-c910/Kconfig | 11 | ||||
| -rw-r--r-- | board/thead/light-c910/board.c | 50 | ||||
| -rw-r--r-- | board/thead/light-c910/boot.c | 207 | ||||
| -rw-r--r-- | board/thead/light-c910/light.c | 8 | ||||
| -rw-r--r-- | board/thead/light-c910/lpddr4/src/ddr_common_func.c | 6 | ||||
| -rwxr-xr-x | board/thead/light-c910/lpddr4/src/lpddr4_init.c | 984 | ||||
| -rw-r--r-- | board/thead/light-c910/sbmeta/sbmeta.c | 292 | ||||
| -rw-r--r-- | board/thead/light-c910/sbmeta/sbmeta.h | 22 | ||||
| -rw-r--r-- | board/thead/light-c910/sec_check.c | 8 | ||||
| -rw-r--r-- | board/thead/light-c910/secimg_load.c | 75 | ||||
| -rw-r--r-- | board/thead/light-c910/spl.c | 6 |
11 files changed, 1510 insertions, 159 deletions
diff --git a/board/thead/light-c910/Kconfig b/board/thead/light-c910/Kconfig index abac54f3..e860e293 100644 --- a/board/thead/light-c910/Kconfig +++ b/board/thead/light-c910/Kconfig @@ -66,6 +66,10 @@ config LIGHT_ANDROID_BOOT_IMAGE_VAL_LPI4A bool "light board-lpi4a android image" default n +config LIGHT_ANDROID_BOOT_IMAGE_ANT_REF + bool "light board ant ref android image" + default n + config LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A bool "light board-a security boot with verification" default n @@ -248,10 +252,11 @@ config DDR_LP4_2133_SINGLERANK help Enabling this will support lpddr4 2133 singlerank configuration. -config DDR_ROW16 - bool "LPDDR4/4X 17-bit row address support" +config DDR_DDP + bool "LPDDR4/4X Dual Die Package support" help - Enabling this will support ddr 17-bit row address (16:0). + Enabling this will support ddr Dual Die Package configuration. + e.g. to support 8GB ddr device with 17-bit row address (16:0) config DDR_H32_MODE bool "LPDDR4/4X 32bit mode configuration" diff --git a/board/thead/light-c910/board.c b/board/thead/light-c910/board.c index 6ebbbb59..7d705b48 100644 --- a/board/thead/light-c910/board.c +++ b/board/thead/light-c910/board.c @@ -10,6 +10,8 @@ #include <usb.h> #include <cpu_func.h> #include <asm/gpio.h> +#include <abuf.h> +#include "sec_library.h" #ifdef CONFIG_USB_DWC3 static struct dwc3_device dwc3_device_data = { @@ -51,9 +53,11 @@ int g_dnl_board_usb_cable_connected(void) #define C906_RST_ADDR_L 0xfffff48048 #define C906_RST_ADDR_H 0xfffff4804C + #define C906_START_ADDRESS_L 0x32000000 #define C906_START_ADDRESS_H 0x00 #define C910_C906_START_ADDRESS 0x0032000000 + #define C906_CPR_IPCG_ADDRESS 0xFFCB000010 #define C906_IOCTL_GPIO_SEL_ADDRESS 0xFFCB01D000 #define C906_IOCTL_AF_SELH_ADDRESS 0xFFCB01D008 @@ -140,4 +144,48 @@ int misc_init_r(void) light_c910_set_gpio_output_high(); return 0; -}
\ No newline at end of file +} + +#ifdef CONFIG_BOARD_RNG_SEED +const char pre_gen_seed[128] = {211, 134, 226, 116, 1, 13, 224, 196, 88, 213, 188, 219, 128, 41, 231, 228, 129, 123, 173, 234, 219, 79, 152, 154, 169, 27, 183, 166, 52, 21, 118, 7, 155, 89, 124, 156, 102, 92, 96, 190, 49, 28, 154, 177, 69, 129, 149, 199, 253, 66, 177, 216, 146, 73, 114, 59, 100, 41, 225, 152, 62, 88, 160, 217, 177, 28, 117, 23, 120, 213, 213, 169, 242, 111, 90, 55, 241, 239, 254, 238, 50, 175, 198, 196, 248, 56, 255, 92, 97, 224, 245, 160, 56, 149, 121, 233, 177, 239, 0, 41, 196, 214, 210, 182, 69, 44, 238, 54, 27, 236, 36, 77, 156, 234, 17, 148, 34, 16, 241, 132, 241, 230, 36, 41, 123, 157, 19, 44}; +/* Use hardware rng to seed Linux random. */ +int board_rng_seed(struct abuf *buf) +{ + size_t len = 128; + uint8_t *data = NULL; + int sc_err = SC_FAIL; + + /* abuf is working up in asynchronization mode, so the memory usage for random data storage must + be allocated first. */ + data = malloc(len); + if (!data) { + printf("Fail to allocate memory, using pre-defined entropy\n"); + return -1; + } + +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + /* We still use pre-define entropy data in case hardware random engine does not work */ + sc_err = csi_sec_library_init(); + if (sc_err != SC_OK) { + printf("Fail to initialize sec library, using pre-defined entropy\n"); + goto _err; + } + + sc_err = sc_rng_get_random_bytes(data, len); + if (sc_err != SC_OK) { + printf("Fail to retrieve random data, using pre-defined entropy\n"); + goto _err; + } + + abuf_init_set(buf, data, len); + return 0; + +_err: +#endif + /* use pre-defined random data in case of the random engine is disable */ + memcpy(data, pre_gen_seed, len); + abuf_init_set(buf, data, len); + + return 0; +} +#endif diff --git a/board/thead/light-c910/boot.c b/board/thead/light-c910/boot.c index 8bc067a7..645f1e37 100644 --- a/board/thead/light-c910/boot.c +++ b/board/thead/light-c910/boot.c @@ -31,7 +31,7 @@ //#define LIGHT_IMG_VERSION_CHECK_IN_BOOT 1 /* the sample rpmb key is only used for testing */ -#ifndef LIGHT_KDF_RPMB_KEY +#ifndef LIGHT_KDF_RPMB_KEY static const unsigned char emmc_rpmb_key_sample[32] = {0x33, 0x22, 0x11, 0x00, 0x77, 0x66, 0x55, 0x44, \ 0xbb, 0xaa, 0x99, 0x88, 0xff, 0xee, 0xdd, 0xcc, \ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \ @@ -110,7 +110,7 @@ func_exit: } #endif -int csi_rpmb_write_access_key(void) +int csi_rpmb_write_access_key(void) { #ifdef LIGHT_KDF_RPMB_KEY unsigned long *temp_rpmb_key_addr = NULL; @@ -162,7 +162,7 @@ int csi_tf_get_image_version(unsigned int *ver) if (ret == 0) { *ver = (blkdata[16] << 8) + blkdata[17]; } - + return ret; } @@ -179,9 +179,9 @@ int csi_tf_set_image_version(unsigned int ver) blkdata[17] = ver & 0xFF; /* tf version reside in RPMB block#0, offset#16*/ -#ifndef LIGHT_KDF_RPMB_KEY +#ifndef LIGHT_KDF_RPMB_KEY temp_rpmb_key_addr = (unsigned long *)emmc_rpmb_key_sample; -#else +#else uint8_t kdf_rpmb_key[32]; uint32_t kdf_rpmb_key_length = 0; int ret = 0; @@ -245,9 +245,9 @@ int csi_tee_set_image_version(unsigned int ver) blkdata[1] = ver & 0xFF; /* tf version reside in RPMB block#0, offset#16*/ -#ifndef LIGHT_KDF_RPMB_KEY +#ifndef LIGHT_KDF_RPMB_KEY temp_rpmb_key_addr = (unsigned long *)emmc_rpmb_key_sample; -#else +#else uint8_t kdf_rpmb_key[32]; uint32_t kdf_rpmb_key_length = 0; int ret = 0; @@ -268,6 +268,57 @@ int csi_tee_set_upgrade_version(void) return csi_tee_set_image_version(upgrade_image_version); } +int csi_sbmeta_get_image_version(unsigned int *ver) +{ + char runcmd[64] = {0}; + unsigned char blkdata[256]; + int ret = 0; + + /* sbmeta version reside in RPMB block#0, offset#48*/ + sprintf(runcmd, "mmc rpmb read 0x%lx 0 1", (unsigned long)blkdata); + ret = run_command(runcmd, 0); + if (ret == 0) { + *ver = (blkdata[48] << 8) + blkdata[49]; + } + + return ret; +} + +int csi_sbmeta_set_image_version(unsigned int ver) +{ + char runcmd[64] = {0}; + unsigned char blkdata[256]; + unsigned long *temp_rpmb_key_addr = NULL; + + /* sbmeta version reside in RPMB block#0, offset#48*/ + sprintf(runcmd, "mmc rpmb read 0x%lx 0 1", (unsigned long)blkdata); + run_command(runcmd, 0); + blkdata[48] = (ver & 0xFF00) >> 8; + blkdata[49] = ver & 0xFF; + /* sbmeta version reside in RPMB block#0, offset#48*/ +#ifndef LIGHT_KDF_RPMB_KEY + temp_rpmb_key_addr = (unsigned long *)emmc_rpmb_key_sample; +#else + uint8_t kdf_rpmb_key[32]; + uint32_t kdf_rpmb_key_length = 0; + int ret = 0; + ret = csi_kdf_gen_hmac_key(kdf_rpmb_key, &kdf_rpmb_key_length); + if (ret != 0) { + return -1; + } + temp_rpmb_key_addr = (unsigned long *)kdf_rpmb_key; +#endif + sprintf(runcmd, "mmc rpmb write 0x%lx 0 1 0x%lx", (unsigned long)blkdata, (unsigned long)temp_rpmb_key_addr); + run_command(runcmd, 0); + + return 0; +} + +int csi_sbmeta_set_upgrade_version(void) +{ + return csi_sbmeta_set_image_version(upgrade_image_version); +} + int csi_uboot_get_image_version(unsigned int *ver) { #ifdef LIGHT_UBOOT_VERSION_IN_ENV @@ -476,6 +527,33 @@ int check_tee_version_in_boot(unsigned long tee_addr) return 0; } +int check_sbmeta_version_in_boot(unsigned long sbmeta_addr) +{ + int ret = 0; + unsigned int img_version = 0; + unsigned int expected_img_version = 0; + + img_version = get_image_version(sbmeta_addr); + if (img_version == 0) { + printf("get sbmeta image version fail\n"); + return -1; + } + + ret = csi_sbmeta_get_image_version(&expected_img_version); + if (ret != 0) { + printf("Get sbmeta expected img version fail\n"); + return -1; + } + + ret = check_image_version_rule(img_version, expected_img_version); + if (ret != 0) { + printf("Image version breaks the rule\n"); + return -1; + } + + return 0; +} + int light_vimage(int argc, char *const argv[]) { int ret = 0; @@ -483,14 +561,14 @@ int light_vimage(int argc, char *const argv[]) unsigned int new_img_version = 0; unsigned int cur_img_version = 0; char imgname[32] = {0}; - - if (argc < 3) + + if (argc < 3) return CMD_RET_USAGE; - + /* Parse input parameters */ vimage_addr = simple_strtoul(argv[1], NULL, 16); strcpy(imgname, argv[2]); - + /* Retrieve desired information from image header */ new_img_version = get_image_version(vimage_addr); if (new_img_version == 0) { @@ -524,13 +602,20 @@ int light_vimage(int argc, char *const argv[]) printf("Get kernel img version fail\n"); return CMD_RET_FAILURE; } - } else if (strcmp(imgname, UBOOT_PART_NAME) == 0) { + } else if (strcmp(imgname, SBMETA_PART_NAME) == 0){ + + ret = csi_sbmeta_get_image_version(&cur_img_version); + if (ret != 0) { + printf("Get sbmeta img version fail\n"); + return CMD_RET_FAILURE; + } + } else if (strcmp(imgname, UBOOT_PART_NAME) == 0) { ret = csi_uboot_get_image_version(&cur_img_version); if (ret != 0) { printf("Get uboot img version fail\n"); return CMD_RET_FAILURE; - } - + } + // Check uboot maximization version > 64 if (((new_img_version & 0xFF00) >> 8) > UBOOT_MAX_VER) { printf("UBOOT Image version has reached to max-version\n"); @@ -578,6 +663,11 @@ int light_vimage(int argc, char *const argv[]) if (ret != 0) { return CMD_RET_FAILURE; } + } else if (strcmp(imgname, SBMETA_PART_NAME) == 0) { + ret = verify_customer_image(T_SBMETA, vimage_addr); + if (ret != 0) { + return CMD_RET_FAILURE; + } } else { printf("Error: unknow image name\n"); return CMD_RET_FAILURE; @@ -698,15 +788,19 @@ void sec_firmware_version_dump(void) unsigned int tf_ver = 0; unsigned int tee_ver = 0; unsigned int uboot_ver = 0; + unsigned int sbmeta_ver = 0; unsigned int tf_ver_env = 0; unsigned int tee_ver_env = 0; + unsigned int sbmeta_ver_env = 0; csi_uboot_get_image_version(&uboot_ver); csi_tf_get_image_version(&tf_ver); csi_tee_get_image_version(&tee_ver); + csi_sbmeta_get_image_version(&sbmeta_ver); /* Keep sync with version in RPMB, the Following version could be leveraged by OTA client */ tee_ver_env = env_get_hex("tee_version", 0); tf_ver_env = env_get_hex("tf_version", 0); + sbmeta_ver_env = env_get_hex("sbmeta_version", 0); if ((tee_ver_env != tee_ver) && (tee_ver != 0)) { env_set_hex("tee_version", tee_ver); run_command("saveenv", 0); @@ -717,11 +811,17 @@ void sec_firmware_version_dump(void) run_command("saveenv", 0); } + if ((sbmeta_ver_env != sbmeta_ver) && (sbmeta_ver != 0)) { + env_set_hex("sbmeta_version", sbmeta_ver); + run_command("saveenv", 0); + } + printf("\n\n"); printf("Secure Firmware image version info: \n"); printf("uboot Firmware v%d.0\n", (uboot_ver & 0xff00) >> 8); printf("Trust Firmware v%d.%d\n", (tf_ver & 0xff00) >> 8, tf_ver & 0xff); printf("TEE OS v%d.%d\n", (tee_ver & 0xff00) >> 8, tee_ver & 0xff); + printf("SBMETA v%d.%d\n", (sbmeta_ver & 0xff00) >> 8, sbmeta_ver & 0xff); printf("\n\n"); } @@ -738,13 +838,11 @@ void sec_upgrade_thread(void) sec_upgrade_flag = env_get_hex("sec_upgrade_mode", 0); if (sec_upgrade_flag == 0) return; - printf("bootstrap: sec_upgrade_flag: %x\n", sec_upgrade_flag); if (sec_upgrade_flag == TF_SEC_UPGRADE_FLAG) { - /* STEP 1: read upgrade image (trust_firmware.bin) from stash partition */ printf("read upgrade image (trust_firmware.bin) from stash partition \n"); - sprintf(runcmd, "ext4load mmc 0:5 0x%p trust_firmware.bin", (void *)temp_addr); + sprintf(runcmd, "ext4load mmc 0:4 0x%p trust_firmware.bin", (void *)temp_addr); printf("runcmd:%s\n", runcmd); ret = run_command(runcmd, 0); if (ret != 0) { @@ -805,7 +903,7 @@ _upgrade_tf_exit: /* STEP 1: read upgrade image (tee.bin) from stash partition */ printf("read upgrade image (tee.bin) from stash partition \n"); - sprintf(runcmd, "ext4load mmc 0:5 0x%p tee.bin", (void *)temp_addr); + sprintf(runcmd, "ext4load mmc 0:4 0x%p tee.bin", (void *)temp_addr); printf("runcmd:%s\n", runcmd); ret = run_command(runcmd, 0); if (ret != 0) { @@ -815,7 +913,7 @@ _upgrade_tf_exit: /* Fetch the total file size after read out operation end */ upgrade_file_size = env_get_hex("filesize", 0); printf("TEE upgrade file size: %d\n", upgrade_file_size); - + /*store image to temp buffer as temp_addr may be decrypted*/ image_malloc_buffer = malloc(upgrade_file_size); if ( image_malloc_buffer == NULL ) { @@ -835,8 +933,8 @@ _upgrade_tf_exit: } /* STEP 3: update tee partition */ - printf("read upgrade image (tee.bin) into tf partition \n"); - sprintf(runcmd, "ext4write mmc 0:4 0x%p /tee.bin 0x%x", (void *)image_buffer, upgrade_file_size); + printf("read upgrade image (tee.bin) into sbmeta partition \n"); + sprintf(runcmd, "ext4write mmc 0:3 0x%p /tee.bin 0x%x", (void *)image_buffer, upgrade_file_size); printf("runcmd:%s\n", runcmd); ret = run_command(runcmd, 0); if (ret != 0) { @@ -857,12 +955,73 @@ _upgrade_tee_exit: run_command("env set sec_upgrade_mode 0", 0); run_command("saveenv", 0); run_command("reset", 0); - + + if ( image_malloc_buffer != NULL ) { + free(image_malloc_buffer); + image_malloc_buffer = NULL; + } + } else if (sec_upgrade_flag == SBMETA_SEC_UPGRADE_FLAG) { + + /* STEP 1: read upgrade image (sbmeta.bin) from stash partition */ + printf("read upgrade image (sbmeta.bin) from stash partition \n"); + sprintf(runcmd, "ext4load mmc 0:4 0x%p sbmeta.bin", (void *)temp_addr); + printf("runcmd:%s\n", runcmd); + ret = run_command(runcmd, 0); + if (ret != 0) { + printf("SBMETA Upgrade process is terminated due to some reason\n"); + goto _upgrade_sbmeta_exit; + } + /* Fetch the total file size after read out operation end */ + upgrade_file_size = env_get_hex("filesize", 0); + printf("SBMETA upgrade file size: %d\n", upgrade_file_size); + + /*store image to temp buffer as temp_addr may be decrypted*/ + image_malloc_buffer = malloc(upgrade_file_size); + if ( image_malloc_buffer == NULL ) { + image_buffer = (uint8_t*)temp_addr + upgrade_file_size; + } else { + image_buffer = image_malloc_buffer; + } + memcpy(image_buffer, (void*)temp_addr, upgrade_file_size); + + /* STEP 2: verify its authentiticy here */ + sprintf(runcmd, "vimage 0x%p sbmeta", (void *)temp_addr); + printf("runcmd:%s\n", runcmd); + ret = run_command(runcmd, 0); + if (ret != 0) { + printf("SBMETA Image verification fail and upgrade process terminates\n"); + goto _upgrade_sbmeta_exit; + } + + /* STEP 3: update sbmeta partition */ + printf("read upgrade image (SBMETA.bin) into sbmeta partition \n"); + sprintf(runcmd, "ext4write mmc 0:3 0x%p /sbmeta.bin 0x%x", (void *)image_buffer, upgrade_file_size); + printf("runcmd:%s\n", runcmd); + ret = run_command(runcmd, 0); + if (ret != 0) { + printf("SBMETA upgrade process is terminated due to some reason\n"); + goto _upgrade_sbmeta_exit; + } + + /* STEP 4: update sbmeta version */ + ret = csi_sbmeta_set_upgrade_version(); + if (ret != 0) { + printf("Set sbmeta upgrade version fail\n"); + goto _upgrade_sbmeta_exit; + } + + printf("\n\nSBMETA image ugprade process is successful\n\n"); +_upgrade_sbmeta_exit: + /* set secure upgrade flag to 0 that indicate upgrade over */ + run_command("env set sec_upgrade_mode 0", 0); + run_command("saveenv", 0); + run_command("reset", 0); + if ( image_malloc_buffer != NULL ) { free(image_malloc_buffer); image_malloc_buffer = NULL; } - } else if (sec_upgrade_flag == UBOOT_SEC_UPGRADE_FLAG) { + } else if (sec_upgrade_flag == UBOOT_SEC_UPGRADE_FLAG) { unsigned int block_cnt; struct blk_desc *dev_desc; const unsigned long uboot_temp_addr=0x80000000; @@ -871,7 +1030,7 @@ _upgrade_tee_exit: /* STEP 1: read upgrade image (u-boot-with-spl.bin) from stash partition */ printf("read upgrade image (u-boot-with-spl.bin) from stash partition \n"); - sprintf(runcmd, "ext4load mmc 0:5 0x%p u-boot-with-spl.bin", (void *)temp_addr); + sprintf(runcmd, "ext4load mmc 0:4 0x%p u-boot-with-spl.bin", (void *)temp_addr); printf("runcmd:%s\n", runcmd); ret = run_command(runcmd, 0); if (ret != 0) { diff --git a/board/thead/light-c910/light.c b/board/thead/light-c910/light.c index 6a765400..7e93d308 100644 --- a/board/thead/light-c910/light.c +++ b/board/thead/light-c910/light.c @@ -1575,7 +1575,7 @@ static void light_iopin_init(void) light_pin_mux(CLK_OUT_2, 0); light_pin_cfg(CLK_OUT_2, PIN_SPEED_NORMAL, PIN_PU, 2); light_pin_mux(CLK_OUT_3, 0); - light_pin_cfg(CLK_OUT_3, PIN_SPEED_NORMAL, PIN_PU, 2); + light_pin_cfg(CLK_OUT_3, PIN_SPEED_NORMAL, PIN_PU, 2); // light_pin_mux(GPIO1_21,3); light_pin_mux(GPIO1_22, 3); @@ -1595,7 +1595,7 @@ static void light_iopin_init(void) light_pin_cfg(GPIO1_30, PIN_SPEED_NORMAL, PIN_PN, 2); ///<DBB2LEDDRIVER_EN light_pin_cfg(UART0_TXD, PIN_SPEED_NORMAL, PIN_PN, 2); - light_pin_cfg(UART0_RXD, PIN_SPEED_NORMAL, PIN_PN, 2); + light_pin_cfg(UART0_RXD, PIN_SPEED_NORMAL, PIN_PN, 2); /*ap-pdmux on righ/top*/ // light_pin_mux(QSPI0_SCLK,3); ///NC @@ -2432,10 +2432,10 @@ static void light_usb_boot_check(void) if (boot_mode & BIT(2)) return; - /*check board id of uboot image*/ + /*check board id of uboot image*/ ret = check_image_board_id((uint8_t*)SRAM_BASE_ADDR); if (ret != 0) { - while(1); + while(1); } #ifdef CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG diff --git a/board/thead/light-c910/lpddr4/src/ddr_common_func.c b/board/thead/light-c910/lpddr4/src/ddr_common_func.c index 40276f6e..a9073310 100644 --- a/board/thead/light-c910/lpddr4/src/ddr_common_func.c +++ b/board/thead/light-c910/lpddr4/src/ddr_common_func.c @@ -14,7 +14,7 @@ unsigned long get_ddr_density() { #ifdef CONFIG_DDR_DUAL_RANK mul = 2; #endif -#ifdef CONFIG_DDR_ROW16 +#ifdef CONFIG_DDR_DDP mul *= 2; #endif #ifdef CONFIG_DDR_H32_MODE @@ -876,7 +876,7 @@ if(bits==64) { #endif wr(ADDRMAP0,0x0004001f); // +2 if(rank_num==2) { -#ifdef CONFIG_DDR_ROW16 +#ifdef CONFIG_DDR_DDP wr(ADDRMAP0,0x00040019);//16GB #else wr(ADDRMAP0,0x00040018);//8GB @@ -888,7 +888,7 @@ if(bits==64) { wr(ADDRMAP4,0x00001f1f); //col b11~ col b10 wr(ADDRMAP5,0x080f0808); //row_b11 row b2_10 row b1 row b0 +6 wr(ADDRMAP6,0x08080808); -#ifdef CONFIG_DDR_ROW16 +#ifdef CONFIG_DDR_DDP wr(ADDRMAP7,0x00000f08); #else wr(ADDRMAP7,0x00000f0f); diff --git a/board/thead/light-c910/lpddr4/src/lpddr4_init.c b/board/thead/light-c910/lpddr4/src/lpddr4_init.c index 68123980..0c5ba407 100755 --- a/board/thead/light-c910/lpddr4/src/lpddr4_init.c +++ b/board/thead/light-c910/lpddr4/src/lpddr4_init.c @@ -26,11 +26,993 @@ void lpddr4_init(enum DDR_TYPE type, int rank_num, int speed, enum DDR_BITWIDTH lp4_phy_train1d2d(type, speed, bits); + dwc_ddrphy_phyinit_regInterface(); + ctrl_en(bits); enable_axi_port(0x1f); - + enable_auto_refresh(); lpddr4_auto_selref(); } + +static const uint32_t RetRegList_addr[934] = +{ + 0x1005f, + 0x1015f, + 0x1105f, + 0x1115f, + 0x1205f, + 0x1215f, + 0x1305f, + 0x1315f, + 0x55, + 0x1055, + 0x2055, + 0x3055, + 0x4055, + 0x5055, + 0x200c5, + 0x2002e, + 0x90204, + 0x20024, + 0x2003a, + 0x2007d, + 0x2007c, + 0x20056, + 0x1004d, + 0x1014d, + 0x1104d, + 0x1114d, + 0x1204d, + 0x1214d, + 0x1304d, + 0x1314d, + 0x10049, + 0x10149, + 0x11049, + 0x11149, + 0x12049, + 0x12149, + 0x13049, + 0x13149, + 0x43, + 0x1043, + 0x2043, + 0x3043, + 0x4043, + 0x5043, + 0x20018, + 0x20075, + 0x20050, + 0x2009b, + 0x20008, + 0x20088, + 0x200b2, + 0x10043, + 0x10143, + 0x11043, + 0x11143, + 0x12043, + 0x12143, + 0x13043, + 0x13143, + 0x200fa, + 0x20019, + 0x200f0, + 0x200f1, + 0x200f2, + 0x200f3, + 0x200f4, + 0x200f5, + 0x200f6, + 0x200f7, + 0x20025, + 0x2002d, + 0x20021, + 0x2002c, + 0xd0000, + 0x90000, + 0x90001, + 0x90002, + 0x90003, + 0x90004, + 0x90005, + 0x90029, + 0x9002a, + 0x9002b, + 0x9002c, + 0x9002d, + 0x9002e, + 0x9002f, + 0x90030, + 0x90031, + 0x90032, + 0x90033, + 0x90034, + 0x90035, + 0x90036, + 0x90037, + 0x90038, + 0x90039, + 0x9003a, + 0x9003b, + 0x9003c, + 0x9003d, + 0x9003e, + 0x9003f, + 0x90040, + 0x90041, + 0x90042, + 0x90043, + 0x90044, + 0x90045, + 0x90046, + 0x90047, + 0x90048, + 0x90049, + 0x9004a, + 0x9004b, + 0x9004c, + 0x9004d, + 0x9004e, + 0x9004f, + 0x90050, + 0x90051, + 0x90052, + 0x90053, + 0x90054, + 0x90055, + 0x90056, + 0x90057, + 0x90058, + 0x90059, + 0x9005a, + 0x9005b, + 0x9005c, + 0x9005d, + 0x9005e, + 0x9005f, + 0x90060, + 0x90061, + 0x90062, + 0x90063, + 0x90064, + 0x90065, + 0x90066, + 0x90067, + 0x90068, + 0x90069, + 0x9006a, + 0x9006b, + 0x9006c, + 0x9006d, + 0x9006e, + 0x9006f, + 0x90070, + 0x90071, + 0x90072, + 0x90073, + 0x90074, + 0x90075, + 0x90076, + 0x90077, + 0x90078, + 0x90079, + 0x9007a, + 0x9007b, + 0x9007c, + 0x9007d, + 0x9007e, + 0x9007f, + 0x90080, + 0x90081, + 0x90082, + 0x90083, + 0x90084, + 0x90085, + 0x90086, + 0x90087, + 0x90088, + 0x90089, + 0x9008a, + 0x9008b, + 0x9008c, + 0x9008d, + 0x9008e, + 0x9008f, + 0x90090, + 0x90091, + 0x90092, + 0x90093, + 0x90094, + 0x90095, + 0x90096, + 0x90097, + 0x90098, + 0x90099, + 0x9009a, + 0x9009b, + 0x9009c, + 0x9009d, + 0x9009e, + 0x9009f, + 0x900a0, + 0x900a1, + 0x900a2, + 0x900a3, + 0x40000, + 0x40020, + 0x40040, + 0x40060, + 0x40001, + 0x40021, + 0x40041, + 0x40061, + 0x40002, + 0x40022, + 0x40042, + 0x40062, + 0x40003, + 0x40023, + 0x40043, + 0x40063, + 0x40004, + 0x40024, + 0x40044, + 0x40064, + 0x40005, + 0x40025, + 0x40045, + 0x40065, + 0x40006, + 0x40026, + 0x40046, + 0x40066, + 0x40007, + 0x40027, + 0x40047, + 0x40067, + 0x40008, + 0x40028, + 0x40048, + 0x40068, + 0x40009, + 0x40029, + 0x40049, + 0x40069, + 0x4000a, + 0x4002a, + 0x4004a, + 0x4006a, + 0x4000b, + 0x4002b, + 0x4004b, + 0x4006b, + 0x4000c, + 0x4002c, + 0x4004c, + 0x4006c, + 0x4000d, + 0x4002d, + 0x4004d, + 0x4006d, + 0x4000e, + 0x4002e, + 0x4004e, + 0x4006e, + 0x4000f, + 0x4002f, + 0x4004f, + 0x4006f, + 0x40010, + 0x40030, + 0x40050, + 0x40070, + 0x40011, + 0x40031, + 0x40051, + 0x40071, + 0x40012, + 0x40032, + 0x40052, + 0x40072, + 0x40013, + 0x40033, + 0x40053, + 0x40073, + 0x40014, + 0x40034, + 0x40054, + 0x40074, + 0x40015, + 0x40035, + 0x40055, + 0x40075, + 0x40016, + 0x40036, + 0x40056, + 0x40076, + 0x40017, + 0x40037, + 0x40057, + 0x40077, + 0x40018, + 0x40038, + 0x40058, + 0x40078, + 0x40019, + 0x40039, + 0x40059, + 0x40079, + 0x4001a, + 0x4003a, + 0x4005a, + 0x4007a, + 0x900a4, + 0x900a5, + 0x900a6, + 0x900a7, + 0x900a8, + 0x900a9, + 0x900aa, + 0x900ab, + 0x900ac, + 0x900ad, + 0x900ae, + 0x900af, + 0x900b0, + 0x900b1, + 0x900b2, + 0x900b3, + 0x900b4, + 0x900b5, + 0x900b6, + 0x900b7, + 0x900b8, + 0x900b9, + 0x900ba, + 0x900bb, + 0x900bc, + 0x900bd, + 0x900be, + 0x900bf, + 0x900c0, + 0x900c1, + 0x900c2, + 0x900c3, + 0x900c4, + 0x900c5, + 0x900c6, + 0x900c7, + 0x900c8, + 0x900c9, + 0x900ca, + 0x900cb, + 0x900cc, + 0x900cd, + 0x900ce, + 0x900cf, + 0x900d0, + 0x900d1, + 0x900d2, + 0x900d3, + 0x900d4, + 0x900d5, + 0x900d6, + 0x900d7, + 0x900d8, + 0x900d9, + 0x900da, + 0x900db, + 0x900dc, + 0x900dd, + 0x900de, + 0x900df, + 0x900e0, + 0x900e1, + 0x900e2, + 0x900e3, + 0x900e4, + 0x900e5, + 0x900e6, + 0x900e7, + 0x900e8, + 0x900e9, + 0x900ea, + 0x900eb, + 0x900ec, + 0x900ed, + 0x900ee, + 0x900ef, + 0x900f0, + 0x900f1, + 0x900f2, + 0x900f3, + 0x900f4, + 0x900f5, + 0x900f6, + 0x900f7, + 0x900f8, + 0x900f9, + 0x900fa, + 0x900fb, + 0x900fc, + 0x900fd, + 0x900fe, + 0x900ff, + 0x90100, + 0x90101, + 0x90102, + 0x90103, + 0x90104, + 0x90105, + 0x90106, + 0x90107, + 0x90108, + 0x90109, + 0x9010a, + 0x9010b, + 0x9010c, + 0x9010d, + 0x9010e, + 0x9010f, + 0x90110, + 0x90111, + 0x90112, + 0x90113, + 0x90114, + 0x90115, + 0x90116, + 0x90117, + 0x90118, + 0x90119, + 0x9011a, + 0x9011b, + 0x9011c, + 0x9011d, + 0x9011e, + 0x9011f, + 0x90120, + 0x90121, + 0x90122, + 0x90123, + 0x90124, + 0x90125, + 0x90126, + 0x90127, + 0x90128, + 0x90129, + 0x9012a, + 0x9012b, + 0x9012c, + 0x9012d, + 0x9012e, + 0x9012f, + 0x90130, + 0x90131, + 0x90132, + 0x90133, + 0x90134, + 0x90135, + 0x90136, + 0x90137, + 0x90138, + 0x90139, + 0x9013a, + 0x9013b, + 0x9013c, + 0x9013d, + 0x9013e, + 0x9013f, + 0x90140, + 0x90141, + 0x90142, + 0x90143, + 0x90144, + 0x90145, + 0x90146, + 0x90147, + 0x90148, + 0x90149, + 0x9014a, + 0x9014b, + 0x9014c, + 0x9014d, + 0x9014e, + 0x9014f, + 0x90150, + 0x90151, + 0x90152, + 0x90153, + 0x90154, + 0x90155, + 0x90156, + 0x90157, + 0x90158, + 0x90159, + 0x9015a, + 0x9015b, + 0x9015c, + 0x9015d, + 0x9015e, + 0x9015f, + 0x90160, + 0x90161, + 0x90162, + 0x90163, + 0x90164, + 0x90165, + 0x90166, + 0x90167, + 0x90168, + 0x90169, + 0x9016a, + 0x9016b, + 0x9016c, + 0x9016d, + 0x9016e, + 0x9016f, + 0x90170, + 0x90171, + 0x90172, + 0x90173, + 0x90174, + 0x90175, + 0x90176, + 0x90177, + 0x90178, + 0x90179, + 0x9017a, + 0x9017b, + 0x9017c, + 0x9017d, + 0x9017e, + 0x9017f, + 0x90180, + 0x90181, + 0x90006, + 0x90007, + 0x90008, + 0x90009, + 0x9000a, + 0x9000b, + 0xd00e7, + 0x90017, + 0x9001f, + 0x90026, + 0x400d0, + 0x400d1, + 0x400d2, + 0x400d3, + 0x400d4, + 0x400d5, + 0x400d6, + 0x400d7, + 0x200be, + 0x2000b, + 0x2000c, + 0x2000d, + 0x2000e, + 0x9000c, + 0x9000d, + 0x9000e, + 0x9000f, + 0x90010, + 0x90011, + 0x90012, + 0x90013, + 0x20010, + 0x20011, + 0x40080, + 0x40081, + 0x40082, + 0x40083, + 0x40084, + 0x40085, + 0x400fd, + 0x10011, + 0x10012, + 0x10013, + 0x10018, + 0x10002, + 0x100b2, + 0x101b4, + 0x102b4, + 0x103b4, + 0x104b4, + 0x105b4, + 0x106b4, + 0x107b4, + 0x108b4, + 0x11011, + 0x11012, + 0x11013, + 0x11018, + 0x11002, + 0x110b2, + 0x111b4, + 0x112b4, + 0x113b4, + 0x114b4, + 0x115b4, + 0x116b4, + 0x117b4, + 0x118b4, + 0x12011, + 0x12012, + 0x12013, + 0x12018, + 0x12002, + 0x120b2, + 0x121b4, + 0x122b4, + 0x123b4, + 0x124b4, + 0x125b4, + 0x126b4, + 0x127b4, + 0x128b4, + 0x13011, + 0x13012, + 0x13013, + 0x13018, + 0x13002, + 0x130b2, + 0x131b4, + 0x132b4, + 0x133b4, + 0x134b4, + 0x135b4, + 0x136b4, + 0x137b4, + 0x138b4, + 0x20089, + 0xc0080, + 0x200cb, + 0x10068, + 0x10069, + 0x10168, + 0x10169, + 0x10268, + 0x10269, + 0x10368, + 0x10369, + 0x10468, + 0x10469, + 0x10568, + 0x10569, + 0x10668, + 0x10669, + 0x10768, + 0x10769, + 0x10868, + 0x10869, + 0x100aa, + 0x10062, + 0x10001, + 0x100a0, + 0x100a1, + 0x100a2, + 0x100a3, + 0x100a4, + 0x100a5, + 0x100a6, + 0x100a7, + 0x11068, + 0x11069, + 0x11168, + 0x11169, + 0x11268, + 0x11269, + 0x11368, + 0x11369, + 0x11468, + 0x11469, + 0x11568, + 0x11569, + 0x11668, + 0x11669, + 0x11768, + 0x11769, + 0x11868, + 0x11869, + 0x110aa, + 0x11062, + 0x11001, + 0x110a0, + 0x110a1, + 0x110a2, + 0x110a3, + 0x110a4, + 0x110a5, + 0x110a6, + 0x110a7, + 0x12068, + 0x12069, + 0x12168, + 0x12169, + 0x12268, + 0x12269, + 0x12368, + 0x12369, + 0x12468, + 0x12469, + 0x12568, + 0x12569, + 0x12668, + 0x12669, + 0x12768, + 0x12769, + 0x12868, + 0x12869, + 0x120aa, + 0x12062, + 0x12001, + 0x120a0, + 0x120a1, + 0x120a2, + 0x120a3, + 0x120a4, + 0x120a5, + 0x120a6, + 0x120a7, + 0x13068, + 0x13069, + 0x13168, + 0x13169, + 0x13268, + 0x13269, + 0x13368, + 0x13369, + 0x13468, + 0x13469, + 0x13568, + 0x13569, + 0x13668, + 0x13669, + 0x13768, + 0x13769, + 0x13868, + 0x13869, + 0x130aa, + 0x13062, + 0x13001, + 0x130a0, + 0x130a1, + 0x130a2, + 0x130a3, + 0x130a4, + 0x130a5, + 0x130a6, + 0x130a7, + 0x80, + 0x1080, + 0x2080, + 0x3080, + 0x4080, + 0x5080, + 0x10020, + 0x10080, + 0x10081, + 0x100d0, + 0x100d1, + 0x1008c, + 0x1008d, + 0x10180, + 0x10181, + 0x101d0, + 0x101d1, + 0x1018c, + 0x1018d, + 0x100c0, + 0x100c1, + 0x101c0, + 0x101c1, + 0x102c0, + 0x102c1, + 0x103c0, + 0x103c1, + 0x104c0, + 0x104c1, + 0x105c0, + 0x105c1, + 0x106c0, + 0x106c1, + 0x107c0, + 0x107c1, + 0x108c0, + 0x108c1, + 0x100ae, + 0x100af, + 0x11020, + 0x11080, + 0x11081, + 0x110d0, + 0x110d1, + 0x1108c, + 0x1108d, + 0x11180, + 0x11181, + 0x111d0, + 0x111d1, + 0x1118c, + 0x1118d, + 0x110c0, + 0x110c1, + 0x111c0, + 0x111c1, + 0x112c0, + 0x112c1, + 0x113c0, + 0x113c1, + 0x114c0, + 0x114c1, + 0x115c0, + 0x115c1, + 0x116c0, + 0x116c1, + 0x117c0, + 0x117c1, + 0x118c0, + 0x118c1, + 0x110ae, + 0x110af, + 0x12020, + 0x12080, + 0x12081, + 0x120d0, + 0x120d1, + 0x1208c, + 0x1208d, + 0x12180, + 0x12181, + 0x121d0, + 0x121d1, + 0x1218c, + 0x1218d, + 0x120c0, + 0x120c1, + 0x121c0, + 0x121c1, + 0x122c0, + 0x122c1, + 0x123c0, + 0x123c1, + 0x124c0, + 0x124c1, + 0x125c0, + 0x125c1, + 0x126c0, + 0x126c1, + 0x127c0, + 0x127c1, + 0x128c0, + 0x128c1, + 0x120ae, + 0x120af, + 0x13020, + 0x13080, + 0x13081, + 0x130d0, + 0x130d1, + 0x1308c, + 0x1308d, + 0x13180, + 0x13181, + 0x131d0, + 0x131d1, + 0x1318c, + 0x1318d, + 0x130c0, + 0x130c1, + 0x131c0, + 0x131c1, + 0x132c0, + 0x132c1, + 0x133c0, + 0x133c1, + 0x134c0, + 0x134c1, + 0x135c0, + 0x135c1, + 0x136c0, + 0x136c1, + 0x137c0, + 0x137c1, + 0x138c0, + 0x138c1, + 0x130ae, + 0x130af, + 0x90201, + 0x90202, + 0x90203, + 0x90205, + 0x90206, + 0x90207, + 0x90208, + 0x20020, + 0x20077, + 0x20072, + 0x20073, + 0x400c0, + 0x10040, + 0x10140, + 0x10240, + 0x10340, + 0x10440, + 0x10540, + 0x10640, + 0x10740, + 0x10840, + 0x11040, + 0x11140, + 0x11240, + 0x11340, + 0x11440, + 0x11540, + 0x11640, + 0x11740, + 0x11840, + 0x12040, + 0x12140, + 0x12240, + 0x12340, + 0x12440, + 0x12540, + 0x12640, + 0x12740, + 0x12840, + 0x13040, + 0x13140, + 0x13240, + 0x13340, + 0x13440, + 0x13540, + 0x13640, + 0x13740, + 0x13840, +}; + +typedef struct Reg_Addr_Val { + uint32_t Address; ///< register address + uint16_t Value0; ///< register value phy0 + uint16_t Value1; ///< register value phy1 +} Reg_Addr_Val_t; + +typedef struct Reg_Addr_Value { + uint32_t reg_num; + Reg_Addr_Val_t reg[0]; +} Reg_Addr_Value_t; + +int NumRegSaved = 934; ///< Current Number of registers saved. +#define SRAM_E902_BASEADDR 0xFFFFEF8000 +#define DDR_PHY_REG_SAVEADDR (SRAM_E902_BASEADDR + 0xDF00) +Reg_Addr_Value_t *pRetRegList = (Reg_Addr_Value_t *)DDR_PHY_REG_SAVEADDR; + +int dwc_ddrphy_phyinit_regInterface() { + ddr_phy_reg_wr(0xd0000, 0x0); + ddr_phy_reg_wr(0xc0080, 0x3); + pRetRegList->reg_num = NumRegSaved; + // go through all the tracked registers, issue a register read and place + // the result in the data structure for future recovery. + int regIndx = 0; + uint16_t data; + for (regIndx = 0; regIndx < NumRegSaved; regIndx++) + { + data = ddr_phy0_reg_rd(RetRegList_addr[regIndx]); + pRetRegList->reg[regIndx].Value0 = data; + pRetRegList->reg[regIndx].Address = RetRegList_addr[regIndx]; + } +#ifndef CONFIG_DDR_H32_MODE + for (regIndx = 0; regIndx < NumRegSaved; regIndx++) + { + data = ddr_phy1_reg_rd(RetRegList_addr[regIndx]); + pRetRegList->reg[regIndx].Value1 = data; + } +#endif + ddr_phy_reg_wr(0xc0080, 0x2); + ddr_phy_reg_wr(0xd0000, 0x1); + return 1; +} diff --git a/board/thead/light-c910/sbmeta/sbmeta.c b/board/thead/light-c910/sbmeta/sbmeta.c index 6407ec7a..047696c1 100644 --- a/board/thead/light-c910/sbmeta/sbmeta.c +++ b/board/thead/light-c910/sbmeta/sbmeta.c @@ -4,23 +4,42 @@ */ #include "sbmeta.h" +#include "sec_crypto_sha.h" + +#define LOGLEVEL_ERROR 1 +#define LOGLEVEL_INFO 2 +#define LOGLEVEL_DEBUG 3 +#define SBMETA_LOGLEVEL 1 +#define trace_printer(level, fmt,...) printf("%s"fmt, level, ##__VA_ARGS__) +#if (SBMETA_LOGLEVEL < 1) +#define EMSG(...) +#else +#define EMSG(fmt, args...) trace_printer("error: ", fmt, ##args) +#endif + +#if (SBMETA_LOGLEVEL < 2) +#define IMSG(...) +#else +#define IMSG(fmt, args...) trace_printer("info: ", fmt, ##args) +#endif -#define NO_DEBUG 0 -#if NO_DEBUG -#define print_info(fmt, args...) +#if (SBMETA_LOGLEVEL < 3) +#define DMSG(...) #else -#define print_info(fmt, args...) printf(fmt, ##args) +#define DMSG(fmt, args...) trace_printer("", fmt, ##args) #endif #if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A) #if CONFIG_IS_ENABLED(LIGHT_SEC_UPGRADE) /* digest_size corresponding to digest_scheme specified in sbmeta_info_t */ -static const int digest_size[] = {0, 20, 16, 28, 32, 48, 64, 32, 64}; +static const int digest_size[] = {0, 20, 16, 28, 32, 48, 64, 32}; static const char* image_name_s[] = { "dtb", "kernel", "tf", "aon", "rootfs", "tee", "uboot", "user" }; +/* index to get sc_sha_mode_t value */ +static const int sha_idx2ctl[] = {0, 1, 8, 3, 2, 5, 4, 9}; -static const uint32_t image_addrs[] = { +static const unsigned long image_addrs[] = { LIGHT_DTB_ADDR, LIGHT_KERNEL_ADDR, LIGHT_TF_FW_TMP_ADDR, @@ -30,13 +49,29 @@ static const uint32_t image_addrs[] = { CONFIG_SYS_TEXT_BASE, }; +typedef struct { + int magiccode; + uint8_t dev; + uint8_t part; + uint8_t image_type; + uint8_t digest_scheme; + uint8_t sign_scheme; + uint8_t isencrypted; + uint8_t medium_type; + uint8_t checksum_scheme; + char filename[MAX_NAME_SIZE]; + uint8_t digest[MAX_DIGEST_SIZE]; + uint32_t relocated_addr; + uint32_t reserved[4]; +} sbmeta_info_t; + static int is_sbmeta_info(uint32_t entry_src_addr) { - uint32_t *buffer = (uint32_t *)entry_src_addr; + uint32_t *buffer = (uint32_t *)(uintptr_t)entry_src_addr; /* sbmeta_info_t entry should start with magic code 'S''B''M''T' */ if (*buffer != SBMETA_MAGIC) { - return -1; + return CMD_RET_FAILURE; } return 0; @@ -47,113 +82,211 @@ static int dump_sbmeta_info(sbmeta_info_t *sbmeta_info) if (sbmeta_info == NULL) { return CMD_RET_FAILURE; } - /* only support emmc now */ if (sbmeta_info->medium_type != 0) { - print_info("Error: medium type %s is not supported now\r\n"); + EMSG("medium type %d is not supported now\r\n", sbmeta_info->medium_type); return CMD_RET_FAILURE; } - /* only support dtb, krlimg/tf, sbi, aon, rootfs, tee, uboot and user-defined type */ if (sbmeta_info->image_type > IMAGE_TYPE_NUM || sbmeta_info->image_type < 0) { - print_info("Error: image type is out of range\r\n"); + EMSG("image type is out of range\r\n"); return CMD_RET_FAILURE; } - /* only support none, sha1, md5, sha224, sha256, sha384, sha512, sm3 and reserved scheme */ if (sbmeta_info->digest_scheme > DIGEST_TYPE_NUM || sbmeta_info->digest_scheme < 0) { - print_info("Error: digest type is out of range\r\n"); + EMSG("digest type is out of range\r\n"); return CMD_RET_FAILURE; } - /* only support none, rsa1024, rsa2048, ecc256, ecc160, sm2 and reserved scheme */ if (sbmeta_info->sign_scheme > SIGN_TYPE_NUM || sbmeta_info->sign_scheme < 0) { - print_info("Error: signature type is out of range\r\n"); + EMSG("signature type is out of range\r\n"); return CMD_RET_FAILURE; } - /* DTB, TF, TEE, Kernel will be loaded from default partitions specified in env */ if (sbmeta_info->image_type != T_ROOTFS && sbmeta_info->image_type != T_USER) { - print_info("Image has been loaded\r\n"); + IMSG("Image has been loaded\r\n"); } /* dump sbmeta_info_t */ - print_info("image medium type: %d\n", sbmeta_info->medium_type); - print_info("image load part: mmc %d:%d\n", sbmeta_info->dev, sbmeta_info->part); - print_info("image type: %d \n", sbmeta_info->image_type); - print_info("image digest scheme: %d\n", sbmeta_info->digest_scheme); - print_info("image sign scheme: %d\n", sbmeta_info->sign_scheme); - print_info("image enable encryption: %s\n", sbmeta_info->isencrypted ? "en" : "dis"); - print_info("image file name: %s\n", sbmeta_info->filename); - print_info("image digest:"); + DMSG("image medium type: %d\n", sbmeta_info->medium_type); + DMSG("image load part: mmc %d:%d\n", sbmeta_info->dev, sbmeta_info->part); + DMSG("image type: %d \n", sbmeta_info->image_type); + DMSG("image digest scheme: %d\n", sbmeta_info->digest_scheme); + DMSG("image sign scheme: %d\n", sbmeta_info->sign_scheme); + DMSG("image enable encryption: %s\n", sbmeta_info->isencrypted ? "en" : "dis"); + DMSG("image file name: %s\n", sbmeta_info->filename); + DMSG("image digest:"); for (int i = 0; i < digest_size[sbmeta_info->digest_scheme]; i++) { - print_info("%02X", sbmeta_info->digest[i]); + DMSG("%02X", sbmeta_info->digest[i]); } - print_info("\r\n"); - + DMSG("\r\n"); + DMSG("\n\n"); + return 0; } +static int sbmeta_field_verify(sbmeta_info_t *sbmeta_info, unsigned long img_src_addr) +{ + uint8_t digest_scheme = 0; + uint8_t sign_scheme = 0; + uint8_t is_encrypted = 0; + img_header_t *phead = NULL; + + if (sbmeta_info == NULL) { + return CMD_RET_FAILURE; + } + + /* if image has secure header, check with sbmeta field */ + if (image_have_head(img_src_addr)) { + phead = (img_header_t *)img_src_addr; + digest_scheme = phead->digest_scheme; + sign_scheme = phead->signature_scheme; + is_encrypted = (phead->option_flag & 0x2) >> 1; + } + + if (sbmeta_info->digest_scheme != digest_scheme) { + EMSG("digest type %d is not expected: %d\r\n", digest_scheme, sbmeta_info->digest_scheme); + return CMD_RET_FAILURE; + } + + /* only support none, rsa1024, rsa2048, ecc256, ecc160, sm2 and reserved scheme */ + if (sbmeta_info->sign_scheme != sign_scheme) { + EMSG("signature type %d is not expected: %d\r\n", sign_scheme, sbmeta_info->sign_scheme); + return CMD_RET_FAILURE; + } + + if (sbmeta_info->isencrypted != is_encrypted) { + EMSG("encryption %d is not expected: %d\r\n", is_encrypted, sbmeta_info->isencrypted); + return CMD_RET_FAILURE; + } + + return 0; +} + +static int check_digest(uint8_t *buffer, uint32_t buffer_size, uint8_t digest_scheme, uint8_t *digest) +{ + uint32_t len = 0; + uint8_t sum[64]; + sc_sha_t sha; + sc_sha_context_t ctx; + int mode = 0; + + if (!buffer || digest_scheme > DIGEST_TYPE_NUM) { + EMSG("wrong parameter\r\n"); + return CMD_RET_FAILURE; + } + + if (digest_scheme == 0) { + return 0; + } + mode = sha_idx2ctl[digest_scheme]; + + if (sc_sha_init(&sha, 0) != 0) { + EMSG("sha initialize failed\r\n"); + return CMD_RET_FAILURE; + } + + if (sc_sha_start(&sha, &ctx, mode) != 0) { + EMSG("sha start failed\r\n"); + return CMD_RET_FAILURE; + } + + if (sc_sha_update(&sha, &ctx, buffer, buffer_size) != 0) { + EMSG("sha update failed\r\n"); + return CMD_RET_FAILURE; + } + + if (sc_sha_finish(&sha, &ctx, sum, &len) != 0) { + EMSG("sha finish failed\r\n"); + return CMD_RET_FAILURE; + } + + sc_sha_uninit(&sha); + + /* check digest value */ + if (memcmp(digest, sum, len) != 0) { + EMSG("check digest failed\r\n"); + return CMD_RET_FAILURE; + } + + return 0; +} /* Verify image specified in sbmeta_info_t. The image has been loaded to memory before */ -static int sbmeta_verify_image(uint32_t image_load_addr, uint8_t image_type) +static int sbmeta_verify_image(uint32_t image_load_addr, sbmeta_info_t *sbmeta_info) { uint32_t image_size = 0; - char *image_name = NULL; - + const char *image_name; + uint8_t image_type = sbmeta_info->image_type; + uint8_t checksum_scheme = sbmeta_info->checksum_scheme; + uint8_t *digest = sbmeta_info->digest; + uint8_t is_encrypted = sbmeta_info->isencrypted; + uint32_t security_level = env_get_hex("sbmeta_security_level", 3); + uint32_t filesize = 0; + char buf[64] = {0}; + /* check image_type to avoid array index out of bounds */ if (image_type > IMAGE_TYPE_NUM || image_type < 0) { - print_info("Error: image type is out of range\r\n"); + EMSG("image type is out of range\r\n"); return CMD_RET_FAILURE; } image_name = image_name_s[image_type]; - /* if image has secure header, do verification. otherwise */ - if (image_have_head(image_load_addr) == 1) { - /* check tee/tf version if needed */ + /* check tee/tf version if needed */ #ifdef LIGHT_IMG_VERSION_CHECK_IN_BOOT + if (image_have_head(image_load_addr) == 1) { if (image_type == T_TF) { - print_info("check TF version in boot \n"); + IMSG("check TF version in boot \n"); if (check_tf_version_in_boot(LIGHT_TF_FW_TMP_ADDR) != 0) { return CMD_RET_FAILURE; } } if (image_type == T_TEE) { - print_info("check TEE version in boot \n"); + IMSG("check TEE version in boot \n"); if (check_tee_version_in_boot(LIGHT_TEE_FW_ADDR) != 0) { return CMD_RET_FAILURE; } } + } #endif - /* start verifying images */ - print_info("Process %s image verification ...\n", image_name); - dump_image_header_info(image_load_addr); - if (image_type == T_UBOOT) { - if (csi_sec_uboot_image_verify(image_load_addr, image_load_addr - PUBKEY_HEADER_SIZE) != 0) { - print_info("Image(%s) is verified fail, Please go to check!\n\n", image_name); - return CMD_RET_FAILURE; - } - } else { - if (csi_sec_custom_image_verify(image_load_addr, UBOOT_STAGE_ADDR) != 0) { - print_info("Image(%s) is verified fail, Please go to check!\n\n", image_name); - return CMD_RET_FAILURE; - } + /* start verifying images */ + IMSG("Process %s image verification ...\n", image_name); + if (security_level == 3 || is_encrypted != 0) { + if (verify_customer_image(image_type, image_load_addr) != 0) { + return CMD_RET_FAILURE; + } + } else if (security_level == 2) { + if (memcmp(digest, buf, 64) == 0) { + EMSG("sbmeta info doesn't specify digest value in security level 2\r\n"); + return CMD_RET_FAILURE; } - + + snprintf(buf, sizeof(buf), "ext4size mmc %x:%x %s", sbmeta_info->dev, sbmeta_info->part, sbmeta_info->filename); + if (run_command(buf, 0) != 0) { + EMSG("get file size error\r\n"); + return CMD_RET_FAILURE; + } + + filesize = env_get_hex("filesize", 0); + if (check_digest((uint8_t *)(uintptr_t)image_load_addr, filesize, checksum_scheme, digest) != 0) { + return CMD_RET_FAILURE; + } + } + + /* move image headers always */ + if (image_have_head(image_load_addr) == 1) { image_size = get_image_size(image_load_addr); - print_info("%s image size: %d\n", image_name, image_size); + IMSG("%s image size: %d\n", image_name, image_size); if (image_size < 0) { - print_info("GET %s image size error\n", image_name); + EMSG("GET %s image size error\n", image_name); return CMD_RET_FAILURE; } - - /* move image headers always */ if (image_type == T_TF) { - memmove((void *)LIGHT_TF_FW_ADDR, (const void *)(image_load_addr + HEADER_SIZE), image_size); + memmove((void *)(uintptr_t)LIGHT_TF_FW_ADDR, (const void *)(uintptr_t)(image_load_addr + HEADER_SIZE), image_size); } else { - memmove((void *)image_load_addr, (const void *)(image_load_addr + HEADER_SIZE), image_size); + memmove((void *)(uintptr_t)image_load_addr, (const void *)(uintptr_t)(image_load_addr + HEADER_SIZE), image_size); } } else { /* TF should be moved to LIGHT_TF_FW_ADDR all the cases*/ @@ -173,14 +306,13 @@ static int light_sbmetaboot(int argc, char *const argv[]) uint32_t info_addr = 0; uint32_t image_load_addr = 0; char cmd[64] = {0}; - char *image_name = NULL; sbmeta_info_t *sbmeta_info = NULL; /* Load sbmeta image to memory */ - snprintf(cmd, sizeof(cmd), "ext4load mmc %x:%x 0x%p %s", SBMETA_DEV, SBMETA_PART, LIGHT_SBMETA_ADDR, SBMETA_FILENAME); + snprintf(cmd, sizeof(cmd), "ext4load mmc $mmcdev:%x 0x%p %s", SBMETA_PART, (void *)(uintptr_t)LIGHT_SBMETA_ADDR, SBMETA_FILENAME); if (run_command(cmd, 0) != 0) { /* if sbmeta doesn't exist, do secboot by default */ - print_info("SBMETA doesn't exist, go to verify tf/tee\r\n"); + IMSG("SBMETA doesn't exist, go to verify tf/tee\r\n"); /* * Verify tf and tee by command secboot. @@ -200,24 +332,29 @@ static int light_sbmetaboot(int argc, char *const argv[]) /* Check and verify sbmeta image */ if (image_have_head(LIGHT_SBMETA_ADDR) == 1) { - print_info("Process SBMETA image verification...\r\n"); - dump_image_header_info(LIGHT_SBMETA_ADDR); - if (csi_sec_custom_image_verify(LIGHT_SBMETA_ADDR, UBOOT_STAGE_ADDR) != 0) { - print_info("SBMETA is verified fail, Please go to check!\r\n"); +#ifdef LIGHT_IMG_VERSION_CHECK_IN_BOOT + IMSG("check SBMETA version in boot \n"); + ret = check_sbmeta_version_in_boot(LIGHT_SBMETA_ADDR); + if (ret != 0) { + return CMD_RET_FAILURE; + } +#endif + IMSG("Process SBMETA image verification...\r\n"); + if (verify_customer_image(T_SBMETA, LIGHT_SBMETA_ADDR) != 0) { return CMD_RET_FAILURE; } sbmeta_size = get_image_size(LIGHT_SBMETA_ADDR); - print_info("sbmeta_size:%d\r\n", sbmeta_size); + IMSG("sbmeta_size:%d\r\n", sbmeta_size); if (sbmeta_size != SBMETA_SIZE) { - print_info("Error: SBMETA header is wrong! Size must equal to %d bytes!\r\n", SBMETA_SIZE); + EMSG("SBMETA header is wrong! Size must equal to %d bytes!\r\n", SBMETA_SIZE); return CMD_RET_FAILURE; } /* move image headers always */ memmove((void *)LIGHT_SBMETA_ADDR, (const void *)(LIGHT_SBMETA_ADDR + HEADER_SIZE), sbmeta_size); } else { /* if sbmeta image is not secure, reset */ - print_info("Error: SBMETA image must be with signature\r\n"); + IMSG("SBMETA image must be with signature\r\n"); return CMD_RET_FAILURE; } @@ -226,12 +363,11 @@ static int light_sbmetaboot(int argc, char *const argv[]) for (count = 0; count < MAX_ENTRY_NUM; count++) { if (is_sbmeta_info(info_addr) == 0) { /* Dump and check sbmeta info */ - sbmeta_info = (sbmeta_info_t*)info_addr; + sbmeta_info = (sbmeta_info_t *)(uintptr_t)info_addr; if (dump_sbmeta_info(sbmeta_info) != 0) { return CMD_RET_FAILURE; } - image_name = image_name_s[sbmeta_info->image_type]; info_addr += ENTRY_SIZE; /* @@ -251,14 +387,18 @@ static int light_sbmetaboot(int argc, char *const argv[]) if (sbmeta_info->image_type == T_ROOTFS || sbmeta_info->image_type == T_USER) { snprintf(cmd, sizeof(cmd), "ext4load mmc %x:%x %p %s", sbmeta_info->dev, sbmeta_info->part, \ - image_load_addr, sbmeta_info->filename); + (void *)(uintptr_t)image_load_addr, sbmeta_info->filename); if (run_command(cmd, 0) != 0) { return CMD_RET_FAILURE; } } + if (sbmeta_field_verify(sbmeta_info, image_load_addr) != 0) { + return CMD_RET_FAILURE; + } + /* Check and verify user-specified image */ - if (sbmeta_verify_image(image_load_addr, sbmeta_info->image_type) != 0) { + if (sbmeta_verify_image(image_load_addr, sbmeta_info) != 0) { return CMD_RET_FAILURE; } } else { @@ -268,7 +408,7 @@ static int light_sbmetaboot(int argc, char *const argv[]) /* if sbmeta didn't specify images, reset */ if (count == 0) { - print_info("Error: SBMETA doesn't specify any images!\r\n"); + EMSG("SBMETA doesn't specify any images!\r\n"); return CMD_RET_FAILURE; } @@ -280,10 +420,10 @@ static int light_sbmetaboot(int argc, char *const argv[]) static int do_sbmetaboot(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { if (light_sbmetaboot(argc, argv) != 0) { - run_command("reset", 0); - return -1; + EMSG("sbmetaboot failed\r\n"); + while (1); + return CMD_RET_FAILURE; } - return 0; } diff --git a/board/thead/light-c910/sbmeta/sbmeta.h b/board/thead/light-c910/sbmeta/sbmeta.h index 4955d758..5a721b80 100644 --- a/board/thead/light-c910/sbmeta/sbmeta.h +++ b/board/thead/light-c910/sbmeta/sbmeta.h @@ -17,8 +17,7 @@ #if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A) #define LIGHT_SBMETA_ADDR 0x10000000 #endif -#define SBMETA_DEV 0 -#define SBMETA_PART 6 +#define SBMETA_PART 5 #define ENTRY_SIZE 128 #define PLAIN_SBMETA_TEXT 4096 #define SBMETA_SIZE 4736 /* 4K SMBETA image + 640 footer */ @@ -26,23 +25,10 @@ #define IMAGE_TYPE_NUM 7 #define DIGEST_TYPE_NUM 8 #define SIGN_TYPE_NUM 6 -#define T_USER 7 #define SBMETA_FILENAME "sbmeta.bin" -typedef struct { - int magiccode; - uint8_t dev; - uint8_t part; - uint8_t image_type; - uint8_t digest_scheme; - uint8_t sign_scheme; - uint8_t isencrypted; - uint8_t medium_type; - uint8_t reserve0; - char filename[MAX_NAME_SIZE]; - uint8_t digest[MAX_DIGEST_SIZE]; - uint32_t relocated_addr; - uint32_t reserved[4]; -} sbmeta_info_t; +#define SBMETA_SECURITY_LEVEL_H 3 /* verify signature and hash */ +#define SBMETA_SECURITY_LEVEL_M 2 /* verify checksum */ +#define SBMETA_SECURITY_LEVEL_L 1 /* no verification */ #endif diff --git a/board/thead/light-c910/sec_check.c b/board/thead/light-c910/sec_check.c index af44ec9b..847e9ef5 100644 --- a/board/thead/light-c910/sec_check.c +++ b/board/thead/light-c910/sec_check.c @@ -130,16 +130,18 @@ void dump_image_header_info(long addr) int verify_customer_image(img_type_t type, long addr) { int ret; - + /* Double check image number */ - if (image_have_head(addr) == 0) + if (image_have_head(addr) == 0) { + printf("error: image has no secure header\r\n"); return -1; + } /* Dump image header information here */ dump_image_header_info(addr); /* Call customer image verification function */ - if ((type == T_TF) || (type == T_TEE) || (type == T_KRLIMG)) { + if ((type == T_TF) || (type == T_TEE) || (type == T_KRLIMG) || (type == T_DTB) || (type == T_SBMETA)) { ret = csi_sec_custom_image_verify(addr, UBOOT_STAGE_ADDR); if (ret) { printf("Image(%d) is verified fail, Please go to check!\n\n", type); diff --git a/board/thead/light-c910/secimg_load.c b/board/thead/light-c910/secimg_load.c index 49b8262d..9120eff4 100644 --- a/board/thead/light-c910/secimg_load.c +++ b/board/thead/light-c910/secimg_load.c @@ -10,7 +10,7 @@ #include "sec_library.h" #define ENV_SECIMG_LOAD "sec_m_load" -#define VAL_SECIMG_LOAD "ext4load mmc 0:7 $tf_addr trust_firmware.bin; ext4load mmc 0:7 $tee_addr tee.bin" +#define VAL_SECIMG_LOAD "ext4load mmc ${mmcdev}:${mmcteepart} $tf_addr trust_firmware.bin; ext4load mmc ${mmcdev}:${mmcteepart} $tee_addr tee.bin\0" #define RPMB_BLOCK_SIZE 256 #define RPMB_ROLLBACK_BLOCK_START 1 @@ -23,14 +23,15 @@ static const unsigned char emmc_rpmb_key_sample[32] = {0x33, 0x22, 0x11, 0x00, 0 #endif extern int sprintf(char *buf, const char *fmt, ...); +extern char * get_slot_name_suffix(void); static int get_rpmb_key(uint8_t key[32]) { -#ifndef LIGHT_KDF_RPMB_KEY +#ifndef LIGHT_KDF_RPMB_KEY memcpy(key, emmc_rpmb_key_sample, sizeof(emmc_rpmb_key_sample)); return 0; -#else +#else uint32_t kdf_rpmb_key_length = 0; int ret = 0; ret = csi_kdf_gen_hmac_key(key, &kdf_rpmb_key_length); @@ -46,7 +47,7 @@ static int get_image_file_size(unsigned long img_src_addr) { img_header_t *img = (img_header_t *)img_src_addr; uint8_t magiccode[4] = {0}; - + magiccode[3] = img->magic_num & 0xff; magiccode[2] = (img->magic_num & 0xff00) >> 8; magiccode[1] = (img->magic_num & 0xff0000) >> 16; @@ -54,7 +55,7 @@ static int get_image_file_size(unsigned long img_src_addr) if (memcmp(header_magic, magiccode, 4) == 0) { return -1; } - + return img->image_size; } @@ -68,13 +69,13 @@ static int verify_and_load_image(unsigned long image_addr_src, unsigned long ima if (ret != 0) { return -1; } - + ret = csi_sec_custom_image_verify(image_addr_src, UBOOT_STAGE_ADDR); if (ret != 0) { printf("image verify error\r\n"); return -2; } - + image_size = get_image_file_size(image_addr_src); if (image_size < 0) { printf("image get size error\r\n"); @@ -112,15 +113,23 @@ int verify_and_load_tee_tf_image(void) } /* In order to use common bootloader for both secure boot and non-secure boot, - we only know the boot type through reading the sec_boot field in efuse. Due to - the efuse is only accessed in lifecycle(DEV/OEM/PRO/RMP), we ensure it must be + we only know the boot type through reading the sec_boot field in efuse. Due to + the efuse is only accessed in lifecycle(DEV/OEM/PRO/RMP), we ensure it must be non-secure boot in lifecycle(INIT) */ bool get_system_boot_type(void) { - bool btype = false; /* false: non-secure boot | true: secure boot */ + bool btype = true; /* false: non-secure boot | true: secure boot */ +#if 0 int lc = 0; sboot_st_t sb_flag = SECURE_BOOT_DIS; int ret = 0; +#endif + int sb_emulater = 0; + + sb_emulater = env_get_ulong("sb_emulater", 10, 0); + if (sb_emulater == 0) { + btype = false; + } # if 0 ret = csi_efuse_get_lc(&lc); /* 0: LC_INIT, 1: LC_DEV, 2: LC_OEM, 3: LC_PRO */ @@ -170,7 +179,7 @@ int sec_write_rollback_index(size_t rollback_index_slot, uint64_t rollback_index } *(uint64_t*)(blkdata + rpmb_offset) = rollback_index; - + if (get_rpmb_key(rpmb_key) != 0) { return -2; } @@ -189,19 +198,37 @@ static int do_secimg_load(cmd_tbl_t *cmdtp, int flag, int argc, char * const arg bool sb_enable = false; const char *secimgs_load_str = VAL_SECIMG_LOAD; int ret = -1; - sb_enable = get_system_boot_type(); - if (sb_enable) { - /* By default, the value for ENV-SEC-M-LOAD is always to load opensbi image. - * if secure boot is enable, we force to change the value to load tee image. - * but Never to save it in volatile-RAM - */ - ret = env_set(ENV_SECIMG_LOAD, secimgs_load_str); - if (ret != 0) { - printf("Rewrite ENV (%s) fails\n", ENV_SECIMG_LOAD); - return CMD_RET_FAILURE; - } - } - + int teepart = 0; + +#ifdef CONFIG_ANDROID_AB + char *slot_suffix = get_slot_name_suffix(); + teepart = env_get_ulong("mmcteepart", 10, 8); + if ((strcmp(slot_suffix, "_a") == 0) && (teepart != 8)) { + /* Switch mmcbootpart to "_b" */ + env_set_ulong("mmcbootpart", 2); + /* Switch mmcteepart to "_b" */ + env_set_ulong("mmcteepart", 8); + } else if ((strcmp(slot_suffix, "_b") == 0) && (teepart != 9)){ + /* Switch mmcbootpart to "_b" */ + env_set_ulong("mmcbootpart", 3); + /* Switch mmcteepart to "_b" */ + env_set_ulong("mmcteepart", 9); + } +#endif + + sb_enable = get_system_boot_type(); + if (sb_enable) { + /* By default, the value for ENV-SEC-M-LOAD is always to load opensbi image. + * if secure boot is enable, we force to change the value to load tee image. + * but Never to save it in volatile-RAM + */ + ret = env_set(ENV_SECIMG_LOAD, secimgs_load_str); + if (ret != 0) { + printf("Rewrite ENV (%s) fails\n", ENV_SECIMG_LOAD); + return CMD_RET_FAILURE; + } + } + return CMD_RET_SUCCESS; } diff --git a/board/thead/light-c910/spl.c b/board/thead/light-c910/spl.c index 530c8cbf..6b560cc5 100644 --- a/board/thead/light-c910/spl.c +++ b/board/thead/light-c910/spl.c @@ -302,10 +302,12 @@ void cpu_performance_enable(void) #define CSR_MHINT2_E 0x7cc #define CSR_MHINT4 0x7ce csr_write(CSR_SMPEN, 0x1); - csr_write(CSR_MHINT2_E, csr_read(CSR_MHINT2_E) | 0x20000); + // FIXME set mhint2[22] to enable core icg en + csr_write(CSR_MHINT2_E, csr_read(CSR_MHINT2_E) | 0x420000); csr_write(CSR_MHINT4, csr_read(CSR_MHINT4) | 0x410); csr_write(CSR_MCCR2, 0xe2490009); - csr_write(CSR_MHCR, 0x117f); // clear bit7 to disable indirect branch prediction + // FIXME: Clear bit[12] to disable L0BTB. + csr_write(CSR_MHCR, 0x17f); // clear bit7 to disable indirect brantch prediction csr_write(CSR_MXSTATUS, 0x638000); csr_write(CSR_MHINT, 0x6e30c | (1<<21) | (1<<22)); // set bit21 & bit 22 to close tlb & fence broadcast } |