Commit 206c8a0e7a628966697cf89918955021b08980f2
1 parent
71e4d73734
Exists in
smarc_8mm-imx_v2019.04_4.19.35_1.1.0
and in
1 other branch
MLK-22757-2 imx8: Change to use new SECO API commands
Latest SCFW has removed old MISC SECO commands. So update the codes to use new SECO commands. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> (cherry picked from commit 8e54efce6d2a1691605ae23983ff91f4a702adba)
Showing 4 changed files with 8 additions and 8 deletions Inline Diff
arch/arm/mach-imx/imx8/ahab.c
1 | /* | 1 | /* |
2 | * Copyright 2018 NXP | 2 | * Copyright 2018 NXP |
3 | * | 3 | * |
4 | * SPDX-License-Identifier: GPL-2.0+ | 4 | * SPDX-License-Identifier: GPL-2.0+ |
5 | * | 5 | * |
6 | */ | 6 | */ |
7 | 7 | ||
8 | #include <common.h> | 8 | #include <common.h> |
9 | #include <errno.h> | 9 | #include <errno.h> |
10 | #include <asm/io.h> | 10 | #include <asm/io.h> |
11 | #include <asm/arch/sci/sci.h> | 11 | #include <asm/arch/sci/sci.h> |
12 | #include <asm/mach-imx/sys_proto.h> | 12 | #include <asm/mach-imx/sys_proto.h> |
13 | #include <asm/arch-imx/cpu.h> | 13 | #include <asm/arch-imx/cpu.h> |
14 | #include <asm/arch/sys_proto.h> | 14 | #include <asm/arch/sys_proto.h> |
15 | #include <asm/arch/image.h> | 15 | #include <asm/arch/image.h> |
16 | #include <console.h> | 16 | #include <console.h> |
17 | 17 | ||
18 | DECLARE_GLOBAL_DATA_PTR; | 18 | DECLARE_GLOBAL_DATA_PTR; |
19 | 19 | ||
20 | #define SEC_SECURE_RAM_BASE (0x31800000UL) | 20 | #define SEC_SECURE_RAM_BASE (0x31800000UL) |
21 | #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) | 21 | #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) |
22 | #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE (0x60000000UL) | 22 | #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE (0x60000000UL) |
23 | 23 | ||
24 | #define SECO_PT 2U | 24 | #define SECO_PT 2U |
25 | 25 | ||
26 | static inline bool check_in_dram(ulong addr) | 26 | static inline bool check_in_dram(ulong addr) |
27 | { | 27 | { |
28 | int i; | 28 | int i; |
29 | bd_t *bd = gd->bd; | 29 | bd_t *bd = gd->bd; |
30 | 30 | ||
31 | for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) { | 31 | for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) { |
32 | if (bd->bi_dram[i].size) { | 32 | if (bd->bi_dram[i].size) { |
33 | if (addr >= bd->bi_dram[i].start && | 33 | if (addr >= bd->bi_dram[i].start && |
34 | addr < (bd->bi_dram[i].start + bd->bi_dram[i].size)) | 34 | addr < (bd->bi_dram[i].start + bd->bi_dram[i].size)) |
35 | return true; | 35 | return true; |
36 | } | 36 | } |
37 | } | 37 | } |
38 | 38 | ||
39 | return false; | 39 | return false; |
40 | } | 40 | } |
41 | 41 | ||
42 | int authenticate_os_container(ulong addr) | 42 | int authenticate_os_container(ulong addr) |
43 | { | 43 | { |
44 | struct container_hdr *phdr; | 44 | struct container_hdr *phdr; |
45 | int i, ret = 0; | 45 | int i, ret = 0; |
46 | int err; | 46 | int err; |
47 | sc_rm_mr_t mr; | 47 | sc_rm_mr_t mr; |
48 | sc_faddr_t start, end; | 48 | sc_faddr_t start, end; |
49 | uint16_t length; | 49 | uint16_t length; |
50 | 50 | ||
51 | if (addr % 4) { | 51 | if (addr % 4) { |
52 | puts("Error: Image's address is not 4 byte aligned\n"); | 52 | puts("Error: Image's address is not 4 byte aligned\n"); |
53 | return -EINVAL; | 53 | return -EINVAL; |
54 | } | 54 | } |
55 | 55 | ||
56 | if (!check_in_dram(addr)) { | 56 | if (!check_in_dram(addr)) { |
57 | puts("Error: Image's address is invalid \n"); | 57 | puts("Error: Image's address is invalid \n"); |
58 | return -EINVAL; | 58 | return -EINVAL; |
59 | } | 59 | } |
60 | 60 | ||
61 | phdr = (struct container_hdr *)addr; | 61 | phdr = (struct container_hdr *)addr; |
62 | if (phdr->tag != 0x87 && phdr->version != 0x0) { | 62 | if (phdr->tag != 0x87 && phdr->version != 0x0) { |
63 | printf("Error: Wrong container header\n"); | 63 | printf("Error: Wrong container header\n"); |
64 | return -EFAULT; | 64 | return -EFAULT; |
65 | } | 65 | } |
66 | 66 | ||
67 | if (!phdr->num_images) { | 67 | if (!phdr->num_images) { |
68 | printf("Error: Wrong container, no image found\n"); | 68 | printf("Error: Wrong container, no image found\n"); |
69 | return -EFAULT; | 69 | return -EFAULT; |
70 | } | 70 | } |
71 | 71 | ||
72 | length = phdr->length_lsb + (phdr->length_msb << 8); | 72 | length = phdr->length_lsb + (phdr->length_msb << 8); |
73 | 73 | ||
74 | debug("container length %u\n", length); | 74 | debug("container length %u\n", length); |
75 | memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)addr, ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); | 75 | memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)addr, ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); |
76 | 76 | ||
77 | err = sc_seco_authenticate(-1, SC_MISC_AUTH_CONTAINER, SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); | 77 | err = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); |
78 | if (err) { | 78 | if (err) { |
79 | printf("Error: authenticate container hdr failed, return %d\n", err); | 79 | printf("Error: authenticate container hdr failed, return %d\n", err); |
80 | ret = -EIO; | 80 | ret = -EIO; |
81 | goto exit; | 81 | goto exit; |
82 | } | 82 | } |
83 | 83 | ||
84 | /* Copy images to dest address */ | 84 | /* Copy images to dest address */ |
85 | for (i=0; i < phdr->num_images; i++) { | 85 | for (i=0; i < phdr->num_images; i++) { |
86 | struct boot_img_t *img = (struct boot_img_t *)(addr + sizeof(struct container_hdr) + i * sizeof(struct boot_img_t)); | 86 | struct boot_img_t *img = (struct boot_img_t *)(addr + sizeof(struct container_hdr) + i * sizeof(struct boot_img_t)); |
87 | 87 | ||
88 | debug("img %d, dst 0x%llx, src 0x%lx, size 0x%x\n", i, img->dst, img->offset + addr, img->size); | 88 | debug("img %d, dst 0x%llx, src 0x%lx, size 0x%x\n", i, img->dst, img->offset + addr, img->size); |
89 | 89 | ||
90 | memcpy((void *)img->dst, (const void *)(img->offset + addr), img->size); | 90 | memcpy((void *)img->dst, (const void *)(img->offset + addr), img->size); |
91 | flush_dcache_range(img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), | 91 | flush_dcache_range(img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), |
92 | ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); | 92 | ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); |
93 | 93 | ||
94 | /* Find the memreg and set permission for seco pt */ | 94 | /* Find the memreg and set permission for seco pt */ |
95 | err = sc_rm_find_memreg(-1, &mr, | 95 | err = sc_rm_find_memreg(-1, &mr, |
96 | img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); | 96 | img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); |
97 | 97 | ||
98 | if (err) { | 98 | if (err) { |
99 | printf("Error: can't find memreg for image load address %d, error %d\n", i, err); | 99 | printf("Error: can't find memreg for image load address %d, error %d\n", i, err); |
100 | ret = -ENOMEM; | 100 | ret = -ENOMEM; |
101 | goto exit; | 101 | goto exit; |
102 | } | 102 | } |
103 | 103 | ||
104 | err = sc_rm_get_memreg_info(-1, mr, &start, &end); | 104 | err = sc_rm_get_memreg_info(-1, mr, &start, &end); |
105 | if (!err) | 105 | if (!err) |
106 | debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); | 106 | debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); |
107 | 107 | ||
108 | err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, SC_RM_PERM_FULL); | 108 | err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, SC_RM_PERM_FULL); |
109 | if (err) { | 109 | if (err) { |
110 | printf("Error: set permission failed for img %d, error %d\n", i, err); | 110 | printf("Error: set permission failed for img %d, error %d\n", i, err); |
111 | ret = -EPERM; | 111 | ret = -EPERM; |
112 | goto exit; | 112 | goto exit; |
113 | } | 113 | } |
114 | 114 | ||
115 | err = sc_seco_authenticate(-1, SC_MISC_VERIFY_IMAGE, (1 << i)); | 115 | err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, (1 << i)); |
116 | if (err) { | 116 | if (err) { |
117 | printf("Error: authenticate img %d failed, return %d\n", i, err); | 117 | printf("Error: authenticate img %d failed, return %d\n", i, err); |
118 | ret = -EIO; | 118 | ret = -EIO; |
119 | } | 119 | } |
120 | 120 | ||
121 | err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, SC_RM_PERM_NONE); | 121 | err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, SC_RM_PERM_NONE); |
122 | if (err) { | 122 | if (err) { |
123 | printf("Error: remove permission failed for img %d, error %d\n", i, err); | 123 | printf("Error: remove permission failed for img %d, error %d\n", i, err); |
124 | ret = -EPERM; | 124 | ret = -EPERM; |
125 | } | 125 | } |
126 | 126 | ||
127 | if (ret) | 127 | if (ret) |
128 | goto exit; | 128 | goto exit; |
129 | } | 129 | } |
130 | 130 | ||
131 | exit: | 131 | exit: |
132 | if (sc_seco_authenticate(-1, SC_MISC_REL_CONTAINER, 0) != SC_ERR_NONE) | 132 | if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0) != SC_ERR_NONE) |
133 | printf("Error: release container failed!\n"); | 133 | printf("Error: release container failed!\n"); |
134 | 134 | ||
135 | return ret; | 135 | return ret; |
136 | } | 136 | } |
137 | 137 | ||
138 | 138 | ||
139 | static int do_authenticate(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) | 139 | static int do_authenticate(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) |
140 | { | 140 | { |
141 | ulong addr; | 141 | ulong addr; |
142 | if (argc < 2) | 142 | if (argc < 2) |
143 | return CMD_RET_USAGE; | 143 | return CMD_RET_USAGE; |
144 | 144 | ||
145 | addr = simple_strtoul(argv[1], NULL, 16); | 145 | addr = simple_strtoul(argv[1], NULL, 16); |
146 | 146 | ||
147 | printf("Authenticate OS container at 0x%lx \n", addr); | 147 | printf("Authenticate OS container at 0x%lx \n", addr); |
148 | 148 | ||
149 | if (authenticate_os_container(addr)) | 149 | if (authenticate_os_container(addr)) |
150 | return CMD_RET_FAILURE; | 150 | return CMD_RET_FAILURE; |
151 | 151 | ||
152 | return CMD_RET_SUCCESS; | 152 | return CMD_RET_SUCCESS; |
153 | } | 153 | } |
154 | 154 | ||
155 | static void display_life_cycle(uint16_t lc) | 155 | static void display_life_cycle(uint16_t lc) |
156 | { | 156 | { |
157 | printf("Lifecycle: 0x%04X, ", lc); | 157 | printf("Lifecycle: 0x%04X, ", lc); |
158 | switch (lc) { | 158 | switch (lc) { |
159 | case 0x1: | 159 | case 0x1: |
160 | printf("Pristine\n\n"); | 160 | printf("Pristine\n\n"); |
161 | break; | 161 | break; |
162 | case 0x2: | 162 | case 0x2: |
163 | printf("Fab\n\n"); | 163 | printf("Fab\n\n"); |
164 | break; | 164 | break; |
165 | case 0x8: | 165 | case 0x8: |
166 | printf("Open\n\n"); | 166 | printf("Open\n\n"); |
167 | break; | 167 | break; |
168 | case 0x20: | 168 | case 0x20: |
169 | printf("NXP closed\n\n"); | 169 | printf("NXP closed\n\n"); |
170 | break; | 170 | break; |
171 | case 0x80: | 171 | case 0x80: |
172 | printf("OEM closed\n\n"); | 172 | printf("OEM closed\n\n"); |
173 | break; | 173 | break; |
174 | case 0x100: | 174 | case 0x100: |
175 | printf("Partial field return\n\n"); | 175 | printf("Partial field return\n\n"); |
176 | break; | 176 | break; |
177 | case 0x200: | 177 | case 0x200: |
178 | printf("Full field return\n\n"); | 178 | printf("Full field return\n\n"); |
179 | break; | 179 | break; |
180 | case 0x400: | 180 | case 0x400: |
181 | printf("No return\n\n"); | 181 | printf("No return\n\n"); |
182 | break; | 182 | break; |
183 | default: | 183 | default: |
184 | printf("Unknown\n\n"); | 184 | printf("Unknown\n\n"); |
185 | break; | 185 | break; |
186 | } | 186 | } |
187 | } | 187 | } |
188 | 188 | ||
189 | #define AHAB_AUTH_CONTAINER_REQ 0x87 | 189 | #define AHAB_AUTH_CONTAINER_REQ 0x87 |
190 | #define AHAB_VERIFY_IMAGE_REQ 0x88 | 190 | #define AHAB_VERIFY_IMAGE_REQ 0x88 |
191 | 191 | ||
192 | #define AHAB_NO_AUTHENTICATION_IND 0xee | 192 | #define AHAB_NO_AUTHENTICATION_IND 0xee |
193 | #define AHAB_BAD_KEY_HASH_IND 0xfa | 193 | #define AHAB_BAD_KEY_HASH_IND 0xfa |
194 | #define AHAB_INVALID_KEY_IND 0xf9 | 194 | #define AHAB_INVALID_KEY_IND 0xf9 |
195 | #define AHAB_BAD_SIGNATURE_IND 0xf0 | 195 | #define AHAB_BAD_SIGNATURE_IND 0xf0 |
196 | #define AHAB_BAD_HASH_IND 0xf1 | 196 | #define AHAB_BAD_HASH_IND 0xf1 |
197 | 197 | ||
198 | static void display_ahab_auth_event(uint32_t event) | 198 | static void display_ahab_auth_event(uint32_t event) |
199 | { | 199 | { |
200 | uint8_t cmd = (event >> 16) & 0xff; | 200 | uint8_t cmd = (event >> 16) & 0xff; |
201 | uint8_t resp_ind =(event >> 8) & 0xff; | 201 | uint8_t resp_ind =(event >> 8) & 0xff; |
202 | 202 | ||
203 | switch (cmd) { | 203 | switch (cmd) { |
204 | case AHAB_AUTH_CONTAINER_REQ: | 204 | case AHAB_AUTH_CONTAINER_REQ: |
205 | printf("\tCMD = AHAB_AUTH_CONTAINER_REQ (0x%02X)\n", cmd); | 205 | printf("\tCMD = AHAB_AUTH_CONTAINER_REQ (0x%02X)\n", cmd); |
206 | printf("\tIND = "); | 206 | printf("\tIND = "); |
207 | break; | 207 | break; |
208 | case AHAB_VERIFY_IMAGE_REQ: | 208 | case AHAB_VERIFY_IMAGE_REQ: |
209 | printf("\tCMD = AHAB_VERIFY_IMAGE_REQ (0x%02X)\n", cmd); | 209 | printf("\tCMD = AHAB_VERIFY_IMAGE_REQ (0x%02X)\n", cmd); |
210 | printf("\tIND = "); | 210 | printf("\tIND = "); |
211 | break; | 211 | break; |
212 | default: | 212 | default: |
213 | return; | 213 | return; |
214 | } | 214 | } |
215 | 215 | ||
216 | switch (resp_ind) { | 216 | switch (resp_ind) { |
217 | case AHAB_NO_AUTHENTICATION_IND: | 217 | case AHAB_NO_AUTHENTICATION_IND: |
218 | printf("AHAB_NO_AUTHENTICATION_IND (0x%02X)\n\n", resp_ind); | 218 | printf("AHAB_NO_AUTHENTICATION_IND (0x%02X)\n\n", resp_ind); |
219 | break; | 219 | break; |
220 | case AHAB_BAD_KEY_HASH_IND: | 220 | case AHAB_BAD_KEY_HASH_IND: |
221 | printf("AHAB_BAD_KEY_HASH_IND (0x%02X)\n\n", resp_ind); | 221 | printf("AHAB_BAD_KEY_HASH_IND (0x%02X)\n\n", resp_ind); |
222 | break; | 222 | break; |
223 | case AHAB_INVALID_KEY_IND: | 223 | case AHAB_INVALID_KEY_IND: |
224 | printf("AHAB_INVALID_KEY_IND (0x%02X)\n\n", resp_ind); | 224 | printf("AHAB_INVALID_KEY_IND (0x%02X)\n\n", resp_ind); |
225 | break; | 225 | break; |
226 | case AHAB_BAD_SIGNATURE_IND: | 226 | case AHAB_BAD_SIGNATURE_IND: |
227 | printf("AHAB_BAD_SIGNATURE_IND (0x%02X)\n\n", resp_ind); | 227 | printf("AHAB_BAD_SIGNATURE_IND (0x%02X)\n\n", resp_ind); |
228 | break; | 228 | break; |
229 | case AHAB_BAD_HASH_IND: | 229 | case AHAB_BAD_HASH_IND: |
230 | printf("AHAB_BAD_HASH_IND (0x%02X)\n\n", resp_ind); | 230 | printf("AHAB_BAD_HASH_IND (0x%02X)\n\n", resp_ind); |
231 | break; | 231 | break; |
232 | default: | 232 | default: |
233 | printf("Unknown Indicator (0x%02X)\n\n", resp_ind); | 233 | printf("Unknown Indicator (0x%02X)\n\n", resp_ind); |
234 | break; | 234 | break; |
235 | } | 235 | } |
236 | } | 236 | } |
237 | 237 | ||
238 | 238 | ||
239 | static int do_ahab_status(cmd_tbl_t *cmdtp, int flag, int argc, | 239 | static int do_ahab_status(cmd_tbl_t *cmdtp, int flag, int argc, |
240 | char * const argv[]) | 240 | char * const argv[]) |
241 | { | 241 | { |
242 | int err; | 242 | int err; |
243 | uint8_t idx = 0U; | 243 | uint8_t idx = 0U; |
244 | uint32_t event; | 244 | uint32_t event; |
245 | uint16_t lc; | 245 | uint16_t lc; |
246 | 246 | ||
247 | err = sc_seco_chip_info(-1, &lc, NULL, NULL, NULL); | 247 | err = sc_seco_chip_info(-1, &lc, NULL, NULL, NULL); |
248 | if (err != SC_ERR_NONE) { | 248 | if (err != SC_ERR_NONE) { |
249 | printf("Error in get lifecycle\n"); | 249 | printf("Error in get lifecycle\n"); |
250 | return -EIO; | 250 | return -EIO; |
251 | } | 251 | } |
252 | 252 | ||
253 | display_life_cycle(lc); | 253 | display_life_cycle(lc); |
254 | 254 | ||
255 | err = sc_seco_get_event(-1, idx, &event); | 255 | err = sc_seco_get_event(-1, idx, &event); |
256 | while (err == SC_ERR_NONE) { | 256 | while (err == SC_ERR_NONE) { |
257 | printf ("SECO Event[%u] = 0x%08X\n", idx, event); | 257 | printf ("SECO Event[%u] = 0x%08X\n", idx, event); |
258 | display_ahab_auth_event(event); | 258 | display_ahab_auth_event(event); |
259 | 259 | ||
260 | idx++; | 260 | idx++; |
261 | err = sc_seco_get_event(-1, idx, &event); | 261 | err = sc_seco_get_event(-1, idx, &event); |
262 | } | 262 | } |
263 | 263 | ||
264 | if (idx == 0) | 264 | if (idx == 0) |
265 | printf("No SECO Events Found!\n\n"); | 265 | printf("No SECO Events Found!\n\n"); |
266 | 266 | ||
267 | return 0; | 267 | return 0; |
268 | } | 268 | } |
269 | 269 | ||
270 | static int confirm_close(void) | 270 | static int confirm_close(void) |
271 | { | 271 | { |
272 | puts("Warning: Please ensure your sample is in NXP closed state, " | 272 | puts("Warning: Please ensure your sample is in NXP closed state, " |
273 | "OEM SRK hash has been fused, \n" | 273 | "OEM SRK hash has been fused, \n" |
274 | " and you are able to boot a signed image successfully " | 274 | " and you are able to boot a signed image successfully " |
275 | "without any SECO events reported.\n" | 275 | "without any SECO events reported.\n" |
276 | " If not, your sample will be unrecoverable.\n" | 276 | " If not, your sample will be unrecoverable.\n" |
277 | "\nReally perform this operation? <y/N>\n"); | 277 | "\nReally perform this operation? <y/N>\n"); |
278 | 278 | ||
279 | if (confirm_yesno()) | 279 | if (confirm_yesno()) |
280 | return 1; | 280 | return 1; |
281 | 281 | ||
282 | puts("Ahab close aborted\n"); | 282 | puts("Ahab close aborted\n"); |
283 | return 0; | 283 | return 0; |
284 | } | 284 | } |
285 | 285 | ||
286 | static int do_ahab_close(cmd_tbl_t *cmdtp, int flag, int argc, | 286 | static int do_ahab_close(cmd_tbl_t *cmdtp, int flag, int argc, |
287 | char * const argv[]) | 287 | char * const argv[]) |
288 | { | 288 | { |
289 | int err; | 289 | int err; |
290 | uint16_t lc; | 290 | uint16_t lc; |
291 | 291 | ||
292 | if (!confirm_close()) | 292 | if (!confirm_close()) |
293 | return -EACCES; | 293 | return -EACCES; |
294 | 294 | ||
295 | err = sc_seco_chip_info(-1, &lc, NULL, NULL, NULL); | 295 | err = sc_seco_chip_info(-1, &lc, NULL, NULL, NULL); |
296 | if (err != SC_ERR_NONE) { | 296 | if (err != SC_ERR_NONE) { |
297 | printf("Error in get lifecycle\n"); | 297 | printf("Error in get lifecycle\n"); |
298 | return -EIO; | 298 | return -EIO; |
299 | } | 299 | } |
300 | 300 | ||
301 | if (lc != 0x20) { | 301 | if (lc != 0x20) { |
302 | printf("Current lifecycle is NOT NXP closed, can't move to OEM closed\n"); | 302 | printf("Current lifecycle is NOT NXP closed, can't move to OEM closed\n"); |
303 | display_life_cycle(lc); | 303 | display_life_cycle(lc); |
304 | return -EPERM; | 304 | return -EPERM; |
305 | } | 305 | } |
306 | 306 | ||
307 | err = sc_seco_forward_lifecycle(-1, 16); | 307 | err = sc_seco_forward_lifecycle(-1, 16); |
308 | if (err != SC_ERR_NONE) { | 308 | if (err != SC_ERR_NONE) { |
309 | printf("Error in forward lifecycle to OEM closed\n"); | 309 | printf("Error in forward lifecycle to OEM closed\n"); |
310 | return -EIO; | 310 | return -EIO; |
311 | } | 311 | } |
312 | 312 | ||
313 | printf("Change to OEM closed successfully\n"); | 313 | printf("Change to OEM closed successfully\n"); |
314 | 314 | ||
315 | return 0; | 315 | return 0; |
316 | } | 316 | } |
317 | 317 | ||
318 | U_BOOT_CMD( | 318 | U_BOOT_CMD( |
319 | auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate, | 319 | auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate, |
320 | "autenticate OS container via AHAB", | 320 | "autenticate OS container via AHAB", |
321 | "addr\n" | 321 | "addr\n" |
322 | "addr - OS container hex address\n" | 322 | "addr - OS container hex address\n" |
323 | ); | 323 | ); |
324 | 324 | ||
325 | U_BOOT_CMD( | 325 | U_BOOT_CMD( |
326 | ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status, | 326 | ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status, |
327 | "display AHAB lifecycle and events from seco", | 327 | "display AHAB lifecycle and events from seco", |
328 | "" | 328 | "" |
329 | ); | 329 | ); |
330 | 330 | ||
331 | U_BOOT_CMD( | 331 | U_BOOT_CMD( |
332 | ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close, | 332 | ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close, |
333 | "Change AHAB lifecycle to OEM closed", | 333 | "Change AHAB lifecycle to OEM closed", |
334 | "" | 334 | "" |
335 | ); | 335 | ); |
336 | 336 |
arch/arm/mach-imx/imx8/parser.c
1 | // SPDX-License-Identifier: GPL-2.0+ | 1 | // SPDX-License-Identifier: GPL-2.0+ |
2 | /* | 2 | /* |
3 | * Copyright 2018 NXP | 3 | * Copyright 2018 NXP |
4 | */ | 4 | */ |
5 | #include <common.h> | 5 | #include <common.h> |
6 | #include <spl.h> | 6 | #include <spl.h> |
7 | #include <errno.h> | 7 | #include <errno.h> |
8 | #include <asm/io.h> | 8 | #include <asm/io.h> |
9 | #include <dm.h> | 9 | #include <dm.h> |
10 | #include <mmc.h> | 10 | #include <mmc.h> |
11 | #include <spi_flash.h> | 11 | #include <spi_flash.h> |
12 | #include <nand.h> | 12 | #include <nand.h> |
13 | #include <asm/arch/image.h> | 13 | #include <asm/arch/image.h> |
14 | #include <asm/arch/sys_proto.h> | 14 | #include <asm/arch/sys_proto.h> |
15 | #include <asm/arch/sci/sci.h> | 15 | #include <asm/arch/sci/sci.h> |
16 | #include <asm/mach-imx/boot_mode.h> | 16 | #include <asm/mach-imx/boot_mode.h> |
17 | 17 | ||
18 | #define MMC_DEV 0 | 18 | #define MMC_DEV 0 |
19 | #define QSPI_DEV 1 | 19 | #define QSPI_DEV 1 |
20 | #define NAND_DEV 2 | 20 | #define NAND_DEV 2 |
21 | #define RAM_DEV 3 | 21 | #define RAM_DEV 3 |
22 | 22 | ||
23 | #define SEC_SECURE_RAM_BASE (0x31800000UL) | 23 | #define SEC_SECURE_RAM_BASE (0x31800000UL) |
24 | #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) | 24 | #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) |
25 | #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE (0x60000000UL) | 25 | #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE (0x60000000UL) |
26 | 26 | ||
27 | #define SECO_PT 2U | 27 | #define SECO_PT 2U |
28 | 28 | ||
29 | DECLARE_GLOBAL_DATA_PTR; | 29 | DECLARE_GLOBAL_DATA_PTR; |
30 | 30 | ||
31 | #if defined(CONFIG_IMX_TRUSTY_OS) | 31 | #if defined(CONFIG_IMX_TRUSTY_OS) |
32 | /* Pre-declaration of check_rpmb_blob. */ | 32 | /* Pre-declaration of check_rpmb_blob. */ |
33 | int check_rpmb_blob(struct mmc *mmc); | 33 | int check_rpmb_blob(struct mmc *mmc); |
34 | #endif | 34 | #endif |
35 | 35 | ||
36 | static int current_dev_type = MMC_DEV; | 36 | static int current_dev_type = MMC_DEV; |
37 | static int start_offset; | 37 | static int start_offset; |
38 | static void *device; | 38 | static void *device; |
39 | 39 | ||
40 | static int read(u32 start, u32 len, void *load_addr) | 40 | static int read(u32 start, u32 len, void *load_addr) |
41 | { | 41 | { |
42 | int ret = -ENODEV; | 42 | int ret = -ENODEV; |
43 | 43 | ||
44 | if (current_dev_type != NAND_DEV && current_dev_type != RAM_DEV | 44 | if (current_dev_type != NAND_DEV && current_dev_type != RAM_DEV |
45 | && !device) { | 45 | && !device) { |
46 | debug("No device selected\n"); | 46 | debug("No device selected\n"); |
47 | return ret; | 47 | return ret; |
48 | } | 48 | } |
49 | 49 | ||
50 | #ifdef CONFIG_SPL_MMC_SUPPORT | 50 | #ifdef CONFIG_SPL_MMC_SUPPORT |
51 | if (current_dev_type == MMC_DEV) { | 51 | if (current_dev_type == MMC_DEV) { |
52 | struct mmc *mmc = (struct mmc *)device; | 52 | struct mmc *mmc = (struct mmc *)device; |
53 | unsigned long count; | 53 | unsigned long count; |
54 | 54 | ||
55 | ret = 0; | 55 | ret = 0; |
56 | 56 | ||
57 | count = blk_dread(mmc_get_blk_desc(mmc), | 57 | count = blk_dread(mmc_get_blk_desc(mmc), |
58 | start / mmc->read_bl_len, | 58 | start / mmc->read_bl_len, |
59 | len / mmc->read_bl_len, | 59 | len / mmc->read_bl_len, |
60 | load_addr); | 60 | load_addr); |
61 | if (count == 0) { | 61 | if (count == 0) { |
62 | debug("Read container image failed\n"); | 62 | debug("Read container image failed\n"); |
63 | return -EIO; | 63 | return -EIO; |
64 | } | 64 | } |
65 | } | 65 | } |
66 | #endif | 66 | #endif |
67 | #ifdef CONFIG_SPL_SPI_LOAD | 67 | #ifdef CONFIG_SPL_SPI_LOAD |
68 | if (current_dev_type == QSPI_DEV) { | 68 | if (current_dev_type == QSPI_DEV) { |
69 | struct spi_flash *flash = (struct spi_flash *)device; | 69 | struct spi_flash *flash = (struct spi_flash *)device; |
70 | 70 | ||
71 | ret = spi_flash_read(flash, start, | 71 | ret = spi_flash_read(flash, start, |
72 | len, load_addr); | 72 | len, load_addr); |
73 | if (ret != 0) { | 73 | if (ret != 0) { |
74 | debug("Read container image from QSPI failed\n"); | 74 | debug("Read container image from QSPI failed\n"); |
75 | return -EIO; | 75 | return -EIO; |
76 | } | 76 | } |
77 | } | 77 | } |
78 | #endif | 78 | #endif |
79 | #ifdef CONFIG_SPL_NAND_SUPPORT | 79 | #ifdef CONFIG_SPL_NAND_SUPPORT |
80 | if (current_dev_type == NAND_DEV) { | 80 | if (current_dev_type == NAND_DEV) { |
81 | ret = nand_spl_load_image(start, len, load_addr); | 81 | ret = nand_spl_load_image(start, len, load_addr); |
82 | if (ret != 0) { | 82 | if (ret != 0) { |
83 | debug("Read container image from NAND failed\n"); | 83 | debug("Read container image from NAND failed\n"); |
84 | return -EIO; | 84 | return -EIO; |
85 | } | 85 | } |
86 | } | 86 | } |
87 | #endif | 87 | #endif |
88 | 88 | ||
89 | if (current_dev_type == RAM_DEV) { | 89 | if (current_dev_type == RAM_DEV) { |
90 | memcpy(load_addr, (const void *)(ulong)start, len); | 90 | memcpy(load_addr, (const void *)(ulong)start, len); |
91 | ret = 0; | 91 | ret = 0; |
92 | } | 92 | } |
93 | 93 | ||
94 | return ret; | 94 | return ret; |
95 | } | 95 | } |
96 | 96 | ||
97 | #ifdef CONFIG_AHAB_BOOT | 97 | #ifdef CONFIG_AHAB_BOOT |
98 | static int authenticate_image(struct boot_img_t *img, int image_index) | 98 | static int authenticate_image(struct boot_img_t *img, int image_index) |
99 | { | 99 | { |
100 | sc_faddr_t start, end; | 100 | sc_faddr_t start, end; |
101 | sc_rm_mr_t mr; | 101 | sc_rm_mr_t mr; |
102 | int err; | 102 | int err; |
103 | int ret = 0; | 103 | int ret = 0; |
104 | 104 | ||
105 | debug("img %d, dst 0x%llx, src 0x%x, size 0x%x\n", | 105 | debug("img %d, dst 0x%llx, src 0x%x, size 0x%x\n", |
106 | image_index, img->dst, img->offset, img->size); | 106 | image_index, img->dst, img->offset, img->size); |
107 | 107 | ||
108 | /* Find the memreg and set permission for seco pt */ | 108 | /* Find the memreg and set permission for seco pt */ |
109 | err = sc_rm_find_memreg(-1, &mr, | 109 | err = sc_rm_find_memreg(-1, &mr, |
110 | img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), | 110 | img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), |
111 | ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); | 111 | ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); |
112 | 112 | ||
113 | if (err) { | 113 | if (err) { |
114 | printf("can't find memreg for image load address %d, error %d\n", | 114 | printf("can't find memreg for image load address %d, error %d\n", |
115 | image_index, err); | 115 | image_index, err); |
116 | return -ENOMEM; | 116 | return -ENOMEM; |
117 | } | 117 | } |
118 | 118 | ||
119 | err = sc_rm_get_memreg_info(-1, mr, &start, &end); | 119 | err = sc_rm_get_memreg_info(-1, mr, &start, &end); |
120 | if (!err) | 120 | if (!err) |
121 | debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); | 121 | debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); |
122 | 122 | ||
123 | err = sc_rm_set_memreg_permissions(-1, mr, | 123 | err = sc_rm_set_memreg_permissions(-1, mr, |
124 | SECO_PT, SC_RM_PERM_FULL); | 124 | SECO_PT, SC_RM_PERM_FULL); |
125 | if (err) { | 125 | if (err) { |
126 | printf("set permission failed for img %d, error %d\n", | 126 | printf("set permission failed for img %d, error %d\n", |
127 | image_index, err); | 127 | image_index, err); |
128 | return -EPERM; | 128 | return -EPERM; |
129 | } | 129 | } |
130 | 130 | ||
131 | err = sc_seco_authenticate(-1, SC_MISC_VERIFY_IMAGE, | 131 | err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, |
132 | 1 << image_index); | 132 | 1 << image_index); |
133 | if (err) { | 133 | if (err) { |
134 | printf("authenticate img %d failed, return %d\n", | 134 | printf("authenticate img %d failed, return %d\n", |
135 | image_index, err); | 135 | image_index, err); |
136 | ret = -EIO; | 136 | ret = -EIO; |
137 | } | 137 | } |
138 | 138 | ||
139 | err = sc_rm_set_memreg_permissions(-1, mr, | 139 | err = sc_rm_set_memreg_permissions(-1, mr, |
140 | SECO_PT, SC_RM_PERM_NONE); | 140 | SECO_PT, SC_RM_PERM_NONE); |
141 | if (err) { | 141 | if (err) { |
142 | printf("remove permission failed for img %d, error %d\n", | 142 | printf("remove permission failed for img %d, error %d\n", |
143 | image_index, err); | 143 | image_index, err); |
144 | ret = -EPERM; | 144 | ret = -EPERM; |
145 | } | 145 | } |
146 | 146 | ||
147 | return ret; | 147 | return ret; |
148 | } | 148 | } |
149 | #endif | 149 | #endif |
150 | 150 | ||
151 | static struct boot_img_t *read_auth_image(struct container_hdr *container, | 151 | static struct boot_img_t *read_auth_image(struct container_hdr *container, |
152 | int image_index) | 152 | int image_index) |
153 | { | 153 | { |
154 | struct boot_img_t *images; | 154 | struct boot_img_t *images; |
155 | 155 | ||
156 | if (image_index > container->num_images) { | 156 | if (image_index > container->num_images) { |
157 | debug("Invalid image number\n"); | 157 | debug("Invalid image number\n"); |
158 | return NULL; | 158 | return NULL; |
159 | } | 159 | } |
160 | 160 | ||
161 | images = (struct boot_img_t *) | 161 | images = (struct boot_img_t *) |
162 | ((uint8_t *)container + sizeof(struct container_hdr)); | 162 | ((uint8_t *)container + sizeof(struct container_hdr)); |
163 | 163 | ||
164 | if (read(images[image_index].offset + start_offset, | 164 | if (read(images[image_index].offset + start_offset, |
165 | images[image_index].size, | 165 | images[image_index].size, |
166 | (void *)images[image_index].entry) < 0) { | 166 | (void *)images[image_index].entry) < 0) { |
167 | return NULL; | 167 | return NULL; |
168 | } | 168 | } |
169 | 169 | ||
170 | #ifdef CONFIG_AHAB_BOOT | 170 | #ifdef CONFIG_AHAB_BOOT |
171 | if (authenticate_image(&images[image_index], image_index)) { | 171 | if (authenticate_image(&images[image_index], image_index)) { |
172 | printf("Failed to authenticate image %d\n", image_index); | 172 | printf("Failed to authenticate image %d\n", image_index); |
173 | return NULL; | 173 | return NULL; |
174 | } | 174 | } |
175 | #endif | 175 | #endif |
176 | 176 | ||
177 | return &images[image_index]; | 177 | return &images[image_index]; |
178 | } | 178 | } |
179 | 179 | ||
180 | static int read_auth_container(struct spl_image_info *spl_image) | 180 | static int read_auth_container(struct spl_image_info *spl_image) |
181 | { | 181 | { |
182 | struct container_hdr *container = NULL; | 182 | struct container_hdr *container = NULL; |
183 | uint16_t length; | 183 | uint16_t length; |
184 | int ret; | 184 | int ret; |
185 | int i; | 185 | int i; |
186 | 186 | ||
187 | container = malloc(CONTAINER_HDR_ALIGNMENT); | 187 | container = malloc(CONTAINER_HDR_ALIGNMENT); |
188 | if (!container) | 188 | if (!container) |
189 | return -ENOMEM; | 189 | return -ENOMEM; |
190 | 190 | ||
191 | ret = read(start_offset, CONTAINER_HDR_ALIGNMENT, (void *)container); | 191 | ret = read(start_offset, CONTAINER_HDR_ALIGNMENT, (void *)container); |
192 | if (ret) { | 192 | if (ret) { |
193 | printf("Error in read container %d\n", ret); | 193 | printf("Error in read container %d\n", ret); |
194 | goto out; | 194 | goto out; |
195 | } | 195 | } |
196 | 196 | ||
197 | if (container->tag != 0x87 && container->version != 0x0) { | 197 | if (container->tag != 0x87 && container->version != 0x0) { |
198 | printf("Wrong container header\n"); | 198 | printf("Wrong container header\n"); |
199 | ret = -EFAULT; | 199 | ret = -EFAULT; |
200 | goto out; | 200 | goto out; |
201 | } | 201 | } |
202 | 202 | ||
203 | if (!container->num_images) { | 203 | if (!container->num_images) { |
204 | printf("Wrong container, no image found\n"); | 204 | printf("Wrong container, no image found\n"); |
205 | ret = -EFAULT; | 205 | ret = -EFAULT; |
206 | goto out; | 206 | goto out; |
207 | } | 207 | } |
208 | 208 | ||
209 | length = container->length_lsb + (container->length_msb << 8); | 209 | length = container->length_lsb + (container->length_msb << 8); |
210 | 210 | ||
211 | debug("container length %u\n", length); | 211 | debug("container length %u\n", length); |
212 | 212 | ||
213 | if (length > CONTAINER_HDR_ALIGNMENT) { | 213 | if (length > CONTAINER_HDR_ALIGNMENT) { |
214 | length = ALIGN(length, CONTAINER_HDR_ALIGNMENT); | 214 | length = ALIGN(length, CONTAINER_HDR_ALIGNMENT); |
215 | 215 | ||
216 | free(container); | 216 | free(container); |
217 | container = malloc(length); | 217 | container = malloc(length); |
218 | if (!container) | 218 | if (!container) |
219 | return -ENOMEM; | 219 | return -ENOMEM; |
220 | 220 | ||
221 | ret = read(start_offset, length, (void *)container); | 221 | ret = read(start_offset, length, (void *)container); |
222 | if (ret) { | 222 | if (ret) { |
223 | printf("Error in read full container %d\n", ret); | 223 | printf("Error in read full container %d\n", ret); |
224 | goto out; | 224 | goto out; |
225 | } | 225 | } |
226 | } | 226 | } |
227 | 227 | ||
228 | #ifdef CONFIG_AHAB_BOOT | 228 | #ifdef CONFIG_AHAB_BOOT |
229 | memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, | 229 | memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, |
230 | ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); | 230 | ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); |
231 | 231 | ||
232 | ret = sc_seco_authenticate(-1, SC_MISC_AUTH_CONTAINER, | 232 | ret = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, |
233 | SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); | 233 | SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); |
234 | if (ret) { | 234 | if (ret) { |
235 | printf("authenticate container hdr failed, return %d\n", ret); | 235 | printf("authenticate container hdr failed, return %d\n", ret); |
236 | ret = -EFAULT; | 236 | ret = -EFAULT; |
237 | goto out; | 237 | goto out; |
238 | } | 238 | } |
239 | #endif | 239 | #endif |
240 | 240 | ||
241 | for (i = 0; i < container->num_images; i++) { | 241 | for (i = 0; i < container->num_images; i++) { |
242 | struct boot_img_t *image = read_auth_image(container, i); | 242 | struct boot_img_t *image = read_auth_image(container, i); |
243 | 243 | ||
244 | if (!image) { | 244 | if (!image) { |
245 | ret = -EINVAL; | 245 | ret = -EINVAL; |
246 | goto end_auth; | 246 | goto end_auth; |
247 | } | 247 | } |
248 | 248 | ||
249 | if (i == 0) { | 249 | if (i == 0) { |
250 | spl_image->load_addr = image->dst; | 250 | spl_image->load_addr = image->dst; |
251 | spl_image->entry_point = image->entry; | 251 | spl_image->entry_point = image->entry; |
252 | } | 252 | } |
253 | } | 253 | } |
254 | 254 | ||
255 | #if defined(CONFIG_SPL_BUILD) && \ | 255 | #if defined(CONFIG_SPL_BUILD) && \ |
256 | defined(CONFIG_DUAL_BOOTLOADER) && defined(CONFIG_IMX_TRUSTY_OS) | 256 | defined(CONFIG_DUAL_BOOTLOADER) && defined(CONFIG_IMX_TRUSTY_OS) |
257 | /* Everything checks out, get the sw_version now. */ | 257 | /* Everything checks out, get the sw_version now. */ |
258 | spl_image->rbindex = (uint64_t)container->sw_version; | 258 | spl_image->rbindex = (uint64_t)container->sw_version; |
259 | #endif | 259 | #endif |
260 | 260 | ||
261 | end_auth: | 261 | end_auth: |
262 | #ifdef CONFIG_AHAB_BOOT | 262 | #ifdef CONFIG_AHAB_BOOT |
263 | if (sc_seco_authenticate(-1, SC_MISC_REL_CONTAINER, 0) != SC_ERR_NONE) | 263 | if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0) != SC_ERR_NONE) |
264 | printf("Error: release container failed!\n"); | 264 | printf("Error: release container failed!\n"); |
265 | #endif | 265 | #endif |
266 | out: | 266 | out: |
267 | free(container); | 267 | free(container); |
268 | 268 | ||
269 | return ret; | 269 | return ret; |
270 | } | 270 | } |
271 | 271 | ||
272 | int mmc_load_image_parse_container(struct spl_image_info *spl_image, | 272 | int mmc_load_image_parse_container(struct spl_image_info *spl_image, |
273 | struct mmc *mmc, unsigned long sector) | 273 | struct mmc *mmc, unsigned long sector) |
274 | { | 274 | { |
275 | int ret = 0; | 275 | int ret = 0; |
276 | 276 | ||
277 | current_dev_type = MMC_DEV; | 277 | current_dev_type = MMC_DEV; |
278 | device = mmc; | 278 | device = mmc; |
279 | 279 | ||
280 | start_offset = sector * mmc->read_bl_len; | 280 | start_offset = sector * mmc->read_bl_len; |
281 | 281 | ||
282 | ret = read_auth_container(spl_image); | 282 | ret = read_auth_container(spl_image); |
283 | 283 | ||
284 | if (!ret) | 284 | if (!ret) |
285 | { | 285 | { |
286 | /* Images loaded, now check the rpmb keyblob for Trusty OS. | 286 | /* Images loaded, now check the rpmb keyblob for Trusty OS. |
287 | * Skip this step when the dual bootloader feature is enabled | 287 | * Skip this step when the dual bootloader feature is enabled |
288 | * since the blob should be checked earlier. | 288 | * since the blob should be checked earlier. |
289 | */ | 289 | */ |
290 | #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_DUAL_BOOTLOADER) | 290 | #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_DUAL_BOOTLOADER) |
291 | ret = check_rpmb_blob(mmc); | 291 | ret = check_rpmb_blob(mmc); |
292 | #endif | 292 | #endif |
293 | #if defined(CONFIG_IMX8_TRUSTY_XEN) | 293 | #if defined(CONFIG_IMX8_TRUSTY_XEN) |
294 | struct mmc *rpmb_mmc; | 294 | struct mmc *rpmb_mmc; |
295 | 295 | ||
296 | rpmb_mmc = find_mmc_device(0); | 296 | rpmb_mmc = find_mmc_device(0); |
297 | if (ret = mmc_init(rpmb_mmc)) | 297 | if (ret = mmc_init(rpmb_mmc)) |
298 | printf("mmc init failed %s\n", __func__); | 298 | printf("mmc init failed %s\n", __func__); |
299 | else | 299 | else |
300 | ret = check_rpmb_blob(rpmb_mmc); | 300 | ret = check_rpmb_blob(rpmb_mmc); |
301 | #endif | 301 | #endif |
302 | } | 302 | } |
303 | return ret; | 303 | return ret; |
304 | } | 304 | } |
305 | 305 | ||
306 | int spi_load_image_parse_container(struct spl_image_info *spl_image, | 306 | int spi_load_image_parse_container(struct spl_image_info *spl_image, |
307 | struct spi_flash *flash, | 307 | struct spi_flash *flash, |
308 | unsigned long offset) | 308 | unsigned long offset) |
309 | { | 309 | { |
310 | int ret = 0; | 310 | int ret = 0; |
311 | 311 | ||
312 | current_dev_type = QSPI_DEV; | 312 | current_dev_type = QSPI_DEV; |
313 | device = flash; | 313 | device = flash; |
314 | 314 | ||
315 | start_offset = offset; | 315 | start_offset = offset; |
316 | 316 | ||
317 | ret = read_auth_container(spl_image); | 317 | ret = read_auth_container(spl_image); |
318 | 318 | ||
319 | return ret; | 319 | return ret; |
320 | } | 320 | } |
321 | 321 | ||
322 | int nand_load_image_parse_container(struct spl_image_info *spl_image, | 322 | int nand_load_image_parse_container(struct spl_image_info *spl_image, |
323 | unsigned long offset) | 323 | unsigned long offset) |
324 | { | 324 | { |
325 | int ret = 0; | 325 | int ret = 0; |
326 | 326 | ||
327 | current_dev_type = NAND_DEV; | 327 | current_dev_type = NAND_DEV; |
328 | device = NULL; | 328 | device = NULL; |
329 | 329 | ||
330 | start_offset = offset; | 330 | start_offset = offset; |
331 | 331 | ||
332 | ret = read_auth_container(spl_image); | 332 | ret = read_auth_container(spl_image); |
333 | 333 | ||
334 | return ret; | 334 | return ret; |
335 | } | 335 | } |
336 | 336 | ||
337 | int sdp_load_image_parse_container(struct spl_image_info *spl_image, | 337 | int sdp_load_image_parse_container(struct spl_image_info *spl_image, |
338 | unsigned long offset) | 338 | unsigned long offset) |
339 | { | 339 | { |
340 | int ret = 0; | 340 | int ret = 0; |
341 | 341 | ||
342 | current_dev_type = RAM_DEV; | 342 | current_dev_type = RAM_DEV; |
343 | device = NULL; | 343 | device = NULL; |
344 | 344 | ||
345 | start_offset = offset; | 345 | start_offset = offset; |
346 | 346 | ||
347 | ret = read_auth_container(spl_image); | 347 | ret = read_auth_container(spl_image); |
348 | 348 | ||
349 | return ret; | 349 | return ret; |
350 | } | 350 | } |
351 | 351 | ||
352 | int __weak nor_load_image_parse_container(struct spl_image_info *spl_image, | 352 | int __weak nor_load_image_parse_container(struct spl_image_info *spl_image, |
353 | unsigned long offset) | 353 | unsigned long offset) |
354 | { | 354 | { |
355 | int ret = 0; | 355 | int ret = 0; |
356 | 356 | ||
357 | current_dev_type = RAM_DEV; | 357 | current_dev_type = RAM_DEV; |
358 | device = NULL; | 358 | device = NULL; |
359 | 359 | ||
360 | start_offset = offset; | 360 | start_offset = offset; |
361 | 361 | ||
362 | ret = read_auth_container(spl_image); | 362 | ret = read_auth_container(spl_image); |
363 | 363 | ||
364 | return ret; | 364 | return ret; |
365 | } | 365 | } |
366 | 366 |
drivers/video/imx/hdp_load.c
1 | /* | 1 | /* |
2 | * Copyright 2017-2018 NXP | 2 | * Copyright 2017-2018 NXP |
3 | * | 3 | * |
4 | * SPDX-License-Identifier: GPL-2.0+ | 4 | * SPDX-License-Identifier: GPL-2.0+ |
5 | */ | 5 | */ |
6 | 6 | ||
7 | #include <common.h> | 7 | #include <common.h> |
8 | #include <command.h> | 8 | #include <command.h> |
9 | 9 | ||
10 | #include "API_General.h" | 10 | #include "API_General.h" |
11 | #include "scfw_utils.h" | 11 | #include "scfw_utils.h" |
12 | 12 | ||
13 | DECLARE_GLOBAL_DATA_PTR; | 13 | DECLARE_GLOBAL_DATA_PTR; |
14 | 14 | ||
15 | #define ON 1 | 15 | #define ON 1 |
16 | #define OFF 0 | 16 | #define OFF 0 |
17 | 17 | ||
18 | static void display_set_power(int onoff) | 18 | static void display_set_power(int onoff) |
19 | { | 19 | { |
20 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_DC_0, onoff); | 20 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_DC_0, onoff); |
21 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_HDMI, onoff); | 21 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_HDMI, onoff); |
22 | } | 22 | } |
23 | 23 | ||
24 | static void display_set_clocks(void) | 24 | static void display_set_clocks(void) |
25 | { | 25 | { |
26 | const sc_pm_clock_rate_t pll = 800000000; | 26 | const sc_pm_clock_rate_t pll = 800000000; |
27 | const sc_pm_clock_rate_t hdmi_core_clock = pll / 4; /* 200 Mhz */ | 27 | const sc_pm_clock_rate_t hdmi_core_clock = pll / 4; /* 200 Mhz */ |
28 | const sc_pm_clock_rate_t hdmi_bus_clock = pll / 8; /* 100 Mhz */ | 28 | const sc_pm_clock_rate_t hdmi_bus_clock = pll / 8; /* 100 Mhz */ |
29 | 29 | ||
30 | SC_PM_SET_RESOURCE_POWER_MODE(-1, | 30 | SC_PM_SET_RESOURCE_POWER_MODE(-1, |
31 | SC_R_HDMI_PLL_0, SC_PM_PW_MODE_OFF); | 31 | SC_R_HDMI_PLL_0, SC_PM_PW_MODE_OFF); |
32 | SC_PM_SET_CLOCK_RATE(-1, | 32 | SC_PM_SET_CLOCK_RATE(-1, |
33 | SC_R_HDMI_PLL_0, SC_PM_CLK_PLL, pll); | 33 | SC_R_HDMI_PLL_0, SC_PM_CLK_PLL, pll); |
34 | SC_PM_SET_RESOURCE_POWER_MODE(-1, | 34 | SC_PM_SET_RESOURCE_POWER_MODE(-1, |
35 | SC_R_HDMI_PLL_0, SC_PM_PW_MODE_ON); | 35 | SC_R_HDMI_PLL_0, SC_PM_PW_MODE_ON); |
36 | 36 | ||
37 | /* HDMI DI Bus Clock */ | 37 | /* HDMI DI Bus Clock */ |
38 | SC_PM_SET_CLOCK_RATE(-1, | 38 | SC_PM_SET_CLOCK_RATE(-1, |
39 | SC_R_HDMI, SC_PM_CLK_MISC4, hdmi_bus_clock); | 39 | SC_R_HDMI, SC_PM_CLK_MISC4, hdmi_bus_clock); |
40 | /* HDMI DI Core Clock */ | 40 | /* HDMI DI Core Clock */ |
41 | SC_PM_SET_CLOCK_RATE(-1, | 41 | SC_PM_SET_CLOCK_RATE(-1, |
42 | SC_R_HDMI, SC_PM_CLK_MISC2, hdmi_core_clock); | 42 | SC_R_HDMI, SC_PM_CLK_MISC2, hdmi_core_clock); |
43 | } | 43 | } |
44 | 44 | ||
45 | static void display_enable_clocks(int enable) | 45 | static void display_enable_clocks(int enable) |
46 | { | 46 | { |
47 | SC_PM_CLOCK_ENABLE(-1, SC_R_HDMI_PLL_0, SC_PM_CLK_PLL, enable); | 47 | SC_PM_CLOCK_ENABLE(-1, SC_R_HDMI_PLL_0, SC_PM_CLK_PLL, enable); |
48 | SC_PM_CLOCK_ENABLE(-1, SC_R_HDMI, SC_PM_CLK_MISC2, enable); | 48 | SC_PM_CLOCK_ENABLE(-1, SC_R_HDMI, SC_PM_CLK_MISC2, enable); |
49 | SC_PM_CLOCK_ENABLE(-1, SC_R_HDMI, SC_PM_CLK_MISC4, enable); | 49 | SC_PM_CLOCK_ENABLE(-1, SC_R_HDMI, SC_PM_CLK_MISC4, enable); |
50 | if (enable == OFF) | 50 | if (enable == OFF) |
51 | SC_PM_SET_RESOURCE_POWER_MODE(-1, | 51 | SC_PM_SET_RESOURCE_POWER_MODE(-1, |
52 | SC_R_HDMI_PLL_0, SC_PM_PW_MODE_OFF); | 52 | SC_R_HDMI_PLL_0, SC_PM_PW_MODE_OFF); |
53 | } | 53 | } |
54 | 54 | ||
55 | int do_hdp(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) | 55 | int do_hdp(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) |
56 | { | 56 | { |
57 | if (argc < 2) | 57 | if (argc < 2) |
58 | return 0; | 58 | return 0; |
59 | 59 | ||
60 | if (strncmp(argv[1], "tracescfw", 9) == 0) { | 60 | if (strncmp(argv[1], "tracescfw", 9) == 0) { |
61 | g_debug_scfw = 1; | 61 | g_debug_scfw = 1; |
62 | printf("Enabled SCFW API tracing\n"); | 62 | printf("Enabled SCFW API tracing\n"); |
63 | } else if (strncmp(argv[1], "load", 4) == 0) { | 63 | } else if (strncmp(argv[1], "load", 4) == 0) { |
64 | unsigned long address = 0; | 64 | unsigned long address = 0; |
65 | unsigned long offset = 0x2000; | 65 | unsigned long offset = 0x2000; |
66 | const int iram_size = 0x10000; | 66 | const int iram_size = 0x10000; |
67 | const int dram_size = 0x8000; | 67 | const int dram_size = 0x8000; |
68 | const char *s; | 68 | const char *s; |
69 | 69 | ||
70 | if (argc > 2) { | 70 | if (argc > 2) { |
71 | address = simple_strtoul(argv[2], NULL, 0); | 71 | address = simple_strtoul(argv[2], NULL, 0); |
72 | if (argc > 3) | 72 | if (argc > 3) |
73 | offset = simple_strtoul(argv[3], NULL, 0); | 73 | offset = simple_strtoul(argv[3], NULL, 0); |
74 | } else { | 74 | } else { |
75 | printf("Missing address\n"); | 75 | printf("Missing address\n"); |
76 | } | 76 | } |
77 | 77 | ||
78 | printf("Loading hdp firmware from 0x%016lx offset 0x%016lx\n", | 78 | printf("Loading hdp firmware from 0x%016lx offset 0x%016lx\n", |
79 | address, offset); | 79 | address, offset); |
80 | display_set_power(SC_PM_PW_MODE_ON); | 80 | display_set_power(SC_PM_PW_MODE_ON); |
81 | display_set_clocks(); | 81 | display_set_clocks(); |
82 | display_enable_clocks(ON); | 82 | display_enable_clocks(ON); |
83 | cdn_api_loadfirmware((unsigned char *)(address + offset), | 83 | cdn_api_loadfirmware((unsigned char *)(address + offset), |
84 | iram_size, | 84 | iram_size, |
85 | (unsigned char *)(address + offset + | 85 | (unsigned char *)(address + offset + |
86 | iram_size), | 86 | iram_size), |
87 | dram_size); | 87 | dram_size); |
88 | 88 | ||
89 | s = env_get("hdp_authenticate_fw"); | 89 | s = env_get("hdp_authenticate_fw"); |
90 | if (s && !strcmp(s, "yes")) | 90 | if (s && !strcmp(s, "yes")) |
91 | SC_MISC_AUTH(-1, SC_MISC_SECO_AUTH_HDMI_TX_FW, 0); | 91 | SC_MISC_AUTH(-1, SC_SECO_AUTH_HDMI_TX_FW, 0); |
92 | 92 | ||
93 | display_enable_clocks(OFF); | 93 | display_enable_clocks(OFF); |
94 | printf("Loading hdp firmware Complete\n"); | 94 | printf("Loading hdp firmware Complete\n"); |
95 | 95 | ||
96 | /* do not turn off hdmi power or firmware load will be lost */ | 96 | /* do not turn off hdmi power or firmware load will be lost */ |
97 | } else { | 97 | } else { |
98 | printf("test error argc %d\n", argc); | 98 | printf("test error argc %d\n", argc); |
99 | } | 99 | } |
100 | 100 | ||
101 | return 0; | 101 | return 0; |
102 | } | 102 | } |
103 | 103 | ||
104 | /***************************************************/ | 104 | /***************************************************/ |
105 | U_BOOT_CMD( | 105 | U_BOOT_CMD( |
106 | hdp, CONFIG_SYS_MAXARGS, 1, do_hdp, | 106 | hdp, CONFIG_SYS_MAXARGS, 1, do_hdp, |
107 | "load hdmi firmware ", | 107 | "load hdmi firmware ", |
108 | "[<command>] ...\n" | 108 | "[<command>] ...\n" |
109 | "hdpload [address] [<offset>]\n" | 109 | "hdpload [address] [<offset>]\n" |
110 | " address - address where the binary image starts\n" | 110 | " address - address where the binary image starts\n" |
111 | " <offset> - IRAM offset in the binary image (8192 default)\n" | 111 | " <offset> - IRAM offset in the binary image (8192 default)\n" |
112 | "\n" | 112 | "\n" |
113 | " if \"hdp_authenticate_fw\" is set to \"yes\", the seco\n" | 113 | " if \"hdp_authenticate_fw\" is set to \"yes\", the seco\n" |
114 | " will authenticate the firmware and load HDCP keys.\n" | 114 | " will authenticate the firmware and load HDCP keys.\n" |
115 | "\n" | 115 | "\n" |
116 | "tracescfw - Trace SCFW API calls for video commands\n" | 116 | "tracescfw - Trace SCFW API calls for video commands\n" |
117 | ); | 117 | ); |
118 | 118 |
drivers/video/imx/hdprx_load.c
1 | /* | 1 | /* |
2 | * Copyright 2018 NXP | 2 | * Copyright 2018 NXP |
3 | * | 3 | * |
4 | * SPDX-License-Identifier: GPL-2.0+ | 4 | * SPDX-License-Identifier: GPL-2.0+ |
5 | */ | 5 | */ |
6 | 6 | ||
7 | #include <common.h> | 7 | #include <common.h> |
8 | #include <command.h> | 8 | #include <command.h> |
9 | 9 | ||
10 | #include "API_General.h" | 10 | #include "API_General.h" |
11 | #include "scfw_utils.h" | 11 | #include "scfw_utils.h" |
12 | 12 | ||
13 | DECLARE_GLOBAL_DATA_PTR; | 13 | DECLARE_GLOBAL_DATA_PTR; |
14 | 14 | ||
15 | #define ON 1 | 15 | #define ON 1 |
16 | #define OFF 0 | 16 | #define OFF 0 |
17 | 17 | ||
18 | static void hdmi_rx_set_power(int onoff) | 18 | static void hdmi_rx_set_power(int onoff) |
19 | { | 19 | { |
20 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_ISI_CH0, onoff); | 20 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_ISI_CH0, onoff); |
21 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_HDMI_RX, onoff); | 21 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_HDMI_RX, onoff); |
22 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_HDMI_RX_BYPASS, onoff); | 22 | SC_PM_SET_RESOURCE_POWER_MODE(-1, SC_R_HDMI_RX_BYPASS, onoff); |
23 | } | 23 | } |
24 | 24 | ||
25 | int do_hdprx(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) | 25 | int do_hdprx(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) |
26 | { | 26 | { |
27 | if (argc < 2) | 27 | if (argc < 2) |
28 | return 0; | 28 | return 0; |
29 | 29 | ||
30 | if (strncmp(argv[1], "tracescfw", 9) == 0) { | 30 | if (strncmp(argv[1], "tracescfw", 9) == 0) { |
31 | g_debug_scfw = 1; | 31 | g_debug_scfw = 1; |
32 | printf("Enabled SCFW API tracing\n"); | 32 | printf("Enabled SCFW API tracing\n"); |
33 | } else if (strncmp(argv[1], "load", 4) == 0) { | 33 | } else if (strncmp(argv[1], "load", 4) == 0) { |
34 | unsigned long address = 0; | 34 | unsigned long address = 0; |
35 | unsigned long offset = 0x2000; | 35 | unsigned long offset = 0x2000; |
36 | const int iram_size = 0x10000; | 36 | const int iram_size = 0x10000; |
37 | const int dram_size = 0x8000; | 37 | const int dram_size = 0x8000; |
38 | const char *s; | 38 | const char *s; |
39 | 39 | ||
40 | if (argc > 2) { | 40 | if (argc > 2) { |
41 | address = simple_strtoul(argv[2], NULL, 0); | 41 | address = simple_strtoul(argv[2], NULL, 0); |
42 | if (argc > 3) | 42 | if (argc > 3) |
43 | offset = simple_strtoul(argv[3], NULL, 0); | 43 | offset = simple_strtoul(argv[3], NULL, 0); |
44 | } else { | 44 | } else { |
45 | printf("Missing address\n"); | 45 | printf("Missing address\n"); |
46 | } | 46 | } |
47 | 47 | ||
48 | printf("Loading hdprx firmware from 0x%016lx offset 0x%016lx\n", | 48 | printf("Loading hdprx firmware from 0x%016lx offset 0x%016lx\n", |
49 | address, offset); | 49 | address, offset); |
50 | hdmi_rx_set_power(SC_PM_PW_MODE_ON); | 50 | hdmi_rx_set_power(SC_PM_PW_MODE_ON); |
51 | hdp_rx_loadfirmware((unsigned char *)(address + offset), | 51 | hdp_rx_loadfirmware((unsigned char *)(address + offset), |
52 | iram_size, | 52 | iram_size, |
53 | (unsigned char *)(address + offset + | 53 | (unsigned char *)(address + offset + |
54 | iram_size), | 54 | iram_size), |
55 | dram_size); | 55 | dram_size); |
56 | 56 | ||
57 | s = env_get("hdprx_authenticate_fw"); | 57 | s = env_get("hdprx_authenticate_fw"); |
58 | if (s && !strcmp(s, "yes")) | 58 | if (s && !strcmp(s, "yes")) |
59 | SC_MISC_AUTH(-1, SC_MISC_SECO_AUTH_HDMI_RX_FW, 0); | 59 | SC_MISC_AUTH(-1, SC_SECO_AUTH_HDMI_RX_FW, 0); |
60 | printf("Loading hdp rx firmware Complete\n"); | 60 | printf("Loading hdp rx firmware Complete\n"); |
61 | /* do not turn off hdmi power or firmware load will be lost */ | 61 | /* do not turn off hdmi power or firmware load will be lost */ |
62 | } else { | 62 | } else { |
63 | printf("test error argc %d\n", argc); | 63 | printf("test error argc %d\n", argc); |
64 | } | 64 | } |
65 | 65 | ||
66 | return 0; | 66 | return 0; |
67 | } | 67 | } |
68 | 68 | ||
69 | /***************************************************/ | 69 | /***************************************************/ |
70 | U_BOOT_CMD( | 70 | U_BOOT_CMD( |
71 | hdprx, CONFIG_SYS_MAXARGS, 1, do_hdprx, | 71 | hdprx, CONFIG_SYS_MAXARGS, 1, do_hdprx, |
72 | "load hdmi rx firmware ", | 72 | "load hdmi rx firmware ", |
73 | "[<command>] ...\n" | 73 | "[<command>] ...\n" |
74 | "hdpload [address] [<offset>]\n" | 74 | "hdpload [address] [<offset>]\n" |
75 | " address - address where the binary image starts\n" | 75 | " address - address where the binary image starts\n" |
76 | " <offset> - IRAM offset in the binary image (8192 default)\n" | 76 | " <offset> - IRAM offset in the binary image (8192 default)\n" |
77 | "\n" | 77 | "\n" |
78 | " if \"hdprx_authenticate_fw\" is set to \"yes\", the seco\n" | 78 | " if \"hdprx_authenticate_fw\" is set to \"yes\", the seco\n" |
79 | " will authenticate the firmware and load HDCP keys.\n" | 79 | " will authenticate the firmware and load HDCP keys.\n" |
80 | "\n" | 80 | "\n" |
81 | "tracescfw - Trace SCFW API calls for video commands\n" | 81 | "tracescfw - Trace SCFW API calls for video commands\n" |
82 | ); | 82 | ); |
83 | 83 |