From 7d84978c9cbbb7b06986a14dbdd4f1ee597a6aab Mon Sep 17 00:00:00 2001 From: Ye Li Date: Sat, 7 Aug 2021 16:00:36 +0800 Subject: arm: imx8: Move container parser and image to mach-imx common folder Since we will re-use the container parser on imx8ulp, move the codes to mach-imx Signed-off-by: Ye Li --- arch/arm/mach-imx/parse-container.c | 208 ++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100644 arch/arm/mach-imx/parse-container.c (limited to 'arch/arm/mach-imx/parse-container.c') diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c new file mode 100644 index 0000000000..375098902f --- /dev/null +++ b/arch/arm/mach-imx/parse-container.c @@ -0,0 +1,208 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2018-2019 NXP + */ + +#include +#include +#include +#include +#include +#include + +#define SEC_SECURE_RAM_BASE 0x31800000UL +#define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) +#define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE 0x60000000UL + +#define SECO_PT 2U + +#ifdef CONFIG_AHAB_BOOT +static int authenticate_image(struct boot_img_t *img, int image_index) +{ + sc_faddr_t start, end; + sc_rm_mr_t mr; + int err; + int ret = 0; + + debug("img %d, dst 0x%x, src 0x%x, size 0x%x\n", + image_index, (uint32_t)img->dst, img->offset, img->size); + + /* Find the memreg and set permission for seco pt */ + err = sc_rm_find_memreg(-1, &mr, + img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), + ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1); + + if (err) { + printf("can't find memreg for image %d load address 0x%x, error %d\n", + image_index, img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), err); + return -ENOMEM; + } + + err = sc_rm_get_memreg_info(-1, mr, &start, &end); + if (!err) + debug("memreg %u 0x%x -- 0x%x\n", mr, start, end); + + err = sc_rm_set_memreg_permissions(-1, mr, + SECO_PT, SC_RM_PERM_FULL); + if (err) { + printf("set permission failed for img %d, error %d\n", + image_index, err); + return -EPERM; + } + + err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, + 1 << image_index); + if (err) { + printf("authenticate img %d failed, return %d\n", + image_index, err); + ret = -EIO; + } + + err = sc_rm_set_memreg_permissions(-1, mr, + SECO_PT, SC_RM_PERM_NONE); + if (err) { + printf("remove permission failed for img %d, error %d\n", + image_index, err); + ret = -EPERM; + } + + return ret; +} +#endif + +static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, + struct spl_load_info *info, + struct container_hdr *container, + int image_index, + u32 container_sector) +{ + struct boot_img_t *images; + ulong sector; + u32 sectors; + + if (image_index > container->num_images) { + debug("Invalid image number\n"); + return NULL; + } + + images = (struct boot_img_t *)((u8 *)container + + sizeof(struct container_hdr)); + + if (images[image_index].offset % info->bl_len) { + printf("%s: image%d offset not aligned to %u\n", + __func__, image_index, info->bl_len); + return NULL; + } + + sectors = roundup(images[image_index].size, info->bl_len) / + info->bl_len; + sector = images[image_index].offset / info->bl_len + + container_sector; + + debug("%s: container: %p sector: %lu sectors: %u\n", __func__, + container, sector, sectors); + if (info->read(info, sector, sectors, + (void *)images[image_index].entry) != sectors) { + printf("%s wrong\n", __func__); + return NULL; + } + +#ifdef CONFIG_AHAB_BOOT + if (authenticate_image(&images[image_index], image_index)) { + printf("Failed to authenticate image %d\n", image_index); + return NULL; + } +#endif + + return &images[image_index]; +} + +static int read_auth_container(struct spl_image_info *spl_image, + struct spl_load_info *info, ulong sector) +{ + struct container_hdr *container = NULL; + u16 length; + u32 sectors; + int i, size, ret = 0; + + size = roundup(CONTAINER_HDR_ALIGNMENT, info->bl_len); + sectors = size / info->bl_len; + + /* + * It will not override the ATF code, so safe to use it here, + * no need malloc + */ + container = (struct container_hdr *)spl_get_load_buffer(-size, size); + + debug("%s: container: %p sector: %lu sectors: %u\n", __func__, + container, sector, sectors); + if (info->read(info, sector, sectors, container) != sectors) + return -EIO; + + if (container->tag != 0x87 && container->version != 0x0) { + printf("Wrong container header"); + return -ENOENT; + } + + if (!container->num_images) { + printf("Wrong container, no image found"); + return -ENOENT; + } + + length = container->length_lsb + (container->length_msb << 8); + debug("Container length %u\n", length); + + if (length > CONTAINER_HDR_ALIGNMENT) { + size = roundup(length, info->bl_len); + sectors = size / info->bl_len; + + container = (struct container_hdr *)spl_get_load_buffer(-size, size); + + debug("%s: container: %p sector: %lu sectors: %u\n", + __func__, container, sector, sectors); + if (info->read(info, sector, sectors, container) != + sectors) + return -EIO; + } + +#ifdef CONFIG_AHAB_BOOT + memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); + + ret = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, + SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); + if (ret) { + printf("authenticate container hdr failed, return %d\n", ret); + return ret; + } +#endif + + for (i = 0; i < container->num_images; i++) { + struct boot_img_t *image = read_auth_image(spl_image, info, + container, i, + sector); + + if (!image) { + ret = -EINVAL; + goto end_auth; + } + + if (i == 0) { + spl_image->load_addr = image->dst; + spl_image->entry_point = image->entry; + } + } + +end_auth: +#ifdef CONFIG_AHAB_BOOT + if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0)) + printf("Error: release container failed!\n"); +#endif + return ret; +} + +int spl_load_imx_container(struct spl_image_info *spl_image, + struct spl_load_info *info, ulong sector) +{ + return read_auth_container(spl_image, info, sector); +} -- cgit v1.2.3 From 31f00852855e4d76f4c19ae47732ba416dd21098 Mon Sep 17 00:00:00 2001 From: Ye Li Date: Sat, 7 Aug 2021 16:00:37 +0800 Subject: arm: imx8: Move container image header file to mach-imx Since the container is shared among i.MX platforms, move its header file to mach-imx Signed-off-by: Ye Li Signed-off-by: Peng Fan --- arch/arm/include/asm/arch-imx8/image.h | 67 ---------------------------------- arch/arm/include/asm/mach-imx/image.h | 67 ++++++++++++++++++++++++++++++++++ arch/arm/mach-imx/cmd_dek.c | 2 +- arch/arm/mach-imx/image-container.c | 2 +- arch/arm/mach-imx/imx8/ahab.c | 2 +- arch/arm/mach-imx/parse-container.c | 2 +- 6 files changed, 71 insertions(+), 71 deletions(-) delete mode 100644 arch/arm/include/asm/arch-imx8/image.h create mode 100644 arch/arm/include/asm/mach-imx/image.h (limited to 'arch/arm/mach-imx/parse-container.c') diff --git a/arch/arm/include/asm/arch-imx8/image.h b/arch/arm/include/asm/arch-imx8/image.h deleted file mode 100644 index 547beeb986..0000000000 --- a/arch/arm/include/asm/arch-imx8/image.h +++ /dev/null @@ -1,67 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0+ */ -/* - * Copyright 2018-2019 NXP - */ - -#ifndef __CONTAINER_HEADER_H_ -#define __CONTAINER_HEADER_H_ - -#include -#include - -#define IV_MAX_LEN 32 -#define HASH_MAX_LEN 64 - -#define CONTAINER_HDR_ALIGNMENT 0x400 -#define CONTAINER_HDR_EMMC_OFFSET 0 -#define CONTAINER_HDR_MMCSD_OFFSET SZ_32K -#define CONTAINER_HDR_QSPI_OFFSET SZ_4K -#define CONTAINER_HDR_NAND_OFFSET SZ_128M - -struct container_hdr { - u8 version; - u8 length_lsb; - u8 length_msb; - u8 tag; - u32 flags; - u16 sw_version; - u8 fuse_version; - u8 num_images; - u16 sig_blk_offset; - u16 reserved; -} __packed; - -struct boot_img_t { - u32 offset; - u32 size; - u64 dst; - u64 entry; - u32 hab_flags; - u32 meta; - u8 hash[HASH_MAX_LEN]; - u8 iv[IV_MAX_LEN]; -} __packed; - -struct signature_block_hdr { - u8 version; - u8 length_lsb; - u8 length_msb; - u8 tag; - u16 srk_table_offset; - u16 cert_offset; - u16 blob_offset; - u16 signature_offset; - u32 reserved; -} __packed; - -struct generate_key_blob_hdr { - u8 version; - u8 length_lsb; - u8 length_msb; - u8 tag; - u8 flags; - u8 size; - u8 algorithm; - u8 mode; -} __packed; -#endif diff --git a/arch/arm/include/asm/mach-imx/image.h b/arch/arm/include/asm/mach-imx/image.h new file mode 100644 index 0000000000..547beeb986 --- /dev/null +++ b/arch/arm/include/asm/mach-imx/image.h @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright 2018-2019 NXP + */ + +#ifndef __CONTAINER_HEADER_H_ +#define __CONTAINER_HEADER_H_ + +#include +#include + +#define IV_MAX_LEN 32 +#define HASH_MAX_LEN 64 + +#define CONTAINER_HDR_ALIGNMENT 0x400 +#define CONTAINER_HDR_EMMC_OFFSET 0 +#define CONTAINER_HDR_MMCSD_OFFSET SZ_32K +#define CONTAINER_HDR_QSPI_OFFSET SZ_4K +#define CONTAINER_HDR_NAND_OFFSET SZ_128M + +struct container_hdr { + u8 version; + u8 length_lsb; + u8 length_msb; + u8 tag; + u32 flags; + u16 sw_version; + u8 fuse_version; + u8 num_images; + u16 sig_blk_offset; + u16 reserved; +} __packed; + +struct boot_img_t { + u32 offset; + u32 size; + u64 dst; + u64 entry; + u32 hab_flags; + u32 meta; + u8 hash[HASH_MAX_LEN]; + u8 iv[IV_MAX_LEN]; +} __packed; + +struct signature_block_hdr { + u8 version; + u8 length_lsb; + u8 length_msb; + u8 tag; + u16 srk_table_offset; + u16 cert_offset; + u16 blob_offset; + u16 signature_offset; + u32 reserved; +} __packed; + +struct generate_key_blob_hdr { + u8 version; + u8 length_lsb; + u8 length_msb; + u8 tag; + u8 flags; + u8 size; + u8 algorithm; + u8 mode; +} __packed; +#endif diff --git a/arch/arm/mach-imx/cmd_dek.c b/arch/arm/mach-imx/cmd_dek.c index 1e3cfee473..89da89c51d 100644 --- a/arch/arm/mach-imx/cmd_dek.c +++ b/arch/arm/mach-imx/cmd_dek.c @@ -17,7 +17,7 @@ #include #ifdef CONFIG_IMX_SECO_DEK_ENCAP #include -#include +#include #endif #include diff --git a/arch/arm/mach-imx/image-container.c b/arch/arm/mach-imx/image-container.c index 5abc0d3a39..9e18f6630f 100644 --- a/arch/arm/mach-imx/image-container.c +++ b/arch/arm/mach-imx/image-container.c @@ -11,7 +11,7 @@ #include #include #include -#include +#include #include #include diff --git a/arch/arm/mach-imx/imx8/ahab.c b/arch/arm/mach-imx/imx8/ahab.c index 015267c8b2..5a4d39cdaa 100644 --- a/arch/arm/mach-imx/imx8/ahab.c +++ b/arch/arm/mach-imx/imx8/ahab.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include #include diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c index 375098902f..e4354bf930 100644 --- a/arch/arm/mach-imx/parse-container.c +++ b/arch/arm/mach-imx/parse-container.c @@ -7,7 +7,7 @@ #include #include #include -#include +#include #include #define SEC_SECURE_RAM_BASE 0x31800000UL -- cgit v1.2.3 From 20ed81eaebeca29724a05466496eda8f49bc9a0d Mon Sep 17 00:00:00 2001 From: Peng Fan Date: Sat, 7 Aug 2021 16:00:38 +0800 Subject: arm: imx: parse-container: guard included header files Guard included sci.h with CONFIG_AHAB_BOOT to avoid build failure for i.MX8ULP Signed-off-by: Peng Fan --- arch/arm/mach-imx/parse-container.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'arch/arm/mach-imx/parse-container.c') diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c index e4354bf930..039a4c7303 100644 --- a/arch/arm/mach-imx/parse-container.c +++ b/arch/arm/mach-imx/parse-container.c @@ -8,7 +8,9 @@ #include #include #include +#ifdef CONFIG_AHAB_BOOT #include +#endif #define SEC_SECURE_RAM_BASE 0x31800000UL #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) -- cgit v1.2.3