MLK-18264 imx8: ahab: Fix verify image issue

The DDR memory is not assigned to SECO partition. When XRDC is enabled, SECO can't access the memory where the kernel image is loaded. So we have to explicitly set the memory access permission for SECO. Signed-off-by: Ye Li <ye.li@nxp.com> Acked-by: Peng Fan <peng.fan@nxp.com>

MLK-18264 imx8: ahab: Fix verify image issue
The DDR memory is not assigned to SECO partition. When XRDC is enabled, SECO can't access the memory where the kernel image is loaded. So we have to explicitly set the memory access permission for SECO. Signed-off-by: Ye Li <ye.li@nxp.com> Acked-by: Peng Fan <peng.fan@nxp.com>
Ye Li
1 parent b02221d7cb
Showing 1 changed file with 36 additions and 3 deletions Side-by-side Diff
arch/arm/mach-imx/imx8/ahab.c
@@ -23,6 +23,8 @@
 #define SEC_SECURE_RAM_END_BASE         (SEC_SECURE_RAM_BASE + 0xFFFFUL)
 #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE  (0x60000000UL)
  
+#define SECO_PT                 2U
+
 struct container_hdr {
 	uint8_t version;
 	uint16_t length;
@@ -52,6 +54,8 @@
 	int i, ret = 0;
 	sc_ipc_t ipcHndl = gd->arch.ipc_channel_handle;
 	sc_err_t err;
+	sc_rm_mr_t mr;
+	sc_faddr_t start, end;
  
 	if (addr % 4)
 		return -EINVAL;
@@ -73,7 +77,7 @@
 	err = sc_misc_seco_authenticate(ipcHndl, SC_MISC_AUTH_CONTAINER, SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE);
 	if (err) {
 		printf("authenticate container hdr failed, return %d\n", err);
-		ret = EIO;
+		ret = -EIO;
 		goto exit;
 	}
  
  
  
@@ -87,12 +91,41 @@
 		flush_dcache_range(img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1),
 				ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE));
  
+		/* Find the memreg and set permission for seco pt */
+		err = sc_rm_find_memreg(ipcHndl, &mr,
+			img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE));
+
+		if (err) {
+			printf("can't find memreg for image load address %d, error %d\n", i, err);
+			ret = -ENOMEM;
+			goto exit;
+		}
+
+		err = sc_rm_get_memreg_info(ipcHndl, mr, &start, &end);
+		if (!err)
+			debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end);
+
+		err = sc_rm_set_memreg_permissions(ipcHndl, mr, SECO_PT, SC_RM_PERM_FULL);
+		if (err) {
+			printf("set permission failed for img %d, error %d\n", i, err);
+			ret = -EPERM;
+			goto exit;
+		}
+
 		err = sc_misc_seco_authenticate(ipcHndl, SC_MISC_VERIFY_IMAGE, (1 << i));
 		if (err) {
 			printf("authenticate img %d failed, return %d\n", i, err);
-			ret = EIO;
-			goto exit;
+			ret = -EIO;
 		}
+
+		err = sc_rm_set_memreg_permissions(ipcHndl, mr, SECO_PT, SC_RM_PERM_NONE);
+		if (err) {
+			printf("remove permission failed for img %d, error %d\n", i, err);
+			ret = -EPERM;
+		}
+
+		if (ret)
+			goto exit;
 	}
  
 exit:
...	...	@@ -23,6 +23,8 @@
23	23	#define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL)
24	24	#define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE (0x60000000UL)
25	25
	26	+#define SECO_PT 2U
	27	+
26	28	struct container_hdr {
27	29	uint8_t version;
28	30	uint16_t length;
...	...	@@ -52,6 +54,8 @@
52	54	int i, ret = 0;
53	55	sc_ipc_t ipcHndl = gd->arch.ipc_channel_handle;
54	56	sc_err_t err;
	57	+ sc_rm_mr_t mr;
	58	+ sc_faddr_t start, end;
55	59
56	60	if (addr % 4)
57	61	return -EINVAL;
...	...	@@ -73,7 +77,7 @@
73	77	err = sc_misc_seco_authenticate(ipcHndl, SC_MISC_AUTH_CONTAINER, SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE);
74	78	if (err) {
75	79	printf("authenticate container hdr failed, return %d\n", err);
76		- ret = EIO;
	80	+ ret = -EIO;
77	81	goto exit;
78	82	}
79	83
80	84
81	85
...	...	@@ -87,12 +91,41 @@
87	91	flush_dcache_range(img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1),
88	92	ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE));
89	93
	94	+ /* Find the memreg and set permission for seco pt */
	95	+ err = sc_rm_find_memreg(ipcHndl, &mr,
	96	+ img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE));
	97	+
	98	+ if (err) {
	99	+ printf("can't find memreg for image load address %d, error %d\n", i, err);
	100	+ ret = -ENOMEM;
	101	+ goto exit;
	102	+ }
	103	+
	104	+ err = sc_rm_get_memreg_info(ipcHndl, mr, &start, &end);
	105	+ if (!err)
	106	+ debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end);
	107	+
	108	+ err = sc_rm_set_memreg_permissions(ipcHndl, mr, SECO_PT, SC_RM_PERM_FULL);
	109	+ if (err) {
	110	+ printf("set permission failed for img %d, error %d\n", i, err);
	111	+ ret = -EPERM;
	112	+ goto exit;
	113	+ }
	114	+
90	115	err = sc_misc_seco_authenticate(ipcHndl, SC_MISC_VERIFY_IMAGE, (1 << i));
91	116	if (err) {
92	117	printf("authenticate img %d failed, return %d\n", i, err);
93		- ret = EIO;
94		- goto exit;
	118	+ ret = -EIO;
95	119	}
	120	+
	121	+ err = sc_rm_set_memreg_permissions(ipcHndl, mr, SECO_PT, SC_RM_PERM_NONE);
	122	+ if (err) {
	123	+ printf("remove permission failed for img %d, error %d\n", i, err);
	124	+ ret = -EPERM;
	125	+ }
	126	+
	127	+ if (ret)
	128	+ goto exit;
96	129	}
97	130
98	131	exit: