Commit aa350b6d848d446f98701baec7b13aac338033c9
1 parent
b02221d7cb
Exists in
smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga
and in
5 other branches
MLK-18264 imx8: ahab: Fix verify image issue
The DDR memory is not assigned to SECO partition. When XRDC is enabled, SECO can't access the memory where the kernel image is loaded. So we have to explicitly set the memory access permission for SECO. Signed-off-by: Ye Li <ye.li@nxp.com> Acked-by: Peng Fan <peng.fan@nxp.com>
Showing 1 changed file with 36 additions and 3 deletions Side-by-side Diff
arch/arm/mach-imx/imx8/ahab.c
... | ... | @@ -23,6 +23,8 @@ |
23 | 23 | #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) |
24 | 24 | #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE (0x60000000UL) |
25 | 25 | |
26 | +#define SECO_PT 2U | |
27 | + | |
26 | 28 | struct container_hdr { |
27 | 29 | uint8_t version; |
28 | 30 | uint16_t length; |
... | ... | @@ -52,6 +54,8 @@ |
52 | 54 | int i, ret = 0; |
53 | 55 | sc_ipc_t ipcHndl = gd->arch.ipc_channel_handle; |
54 | 56 | sc_err_t err; |
57 | + sc_rm_mr_t mr; | |
58 | + sc_faddr_t start, end; | |
55 | 59 | |
56 | 60 | if (addr % 4) |
57 | 61 | return -EINVAL; |
... | ... | @@ -73,7 +77,7 @@ |
73 | 77 | err = sc_misc_seco_authenticate(ipcHndl, SC_MISC_AUTH_CONTAINER, SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); |
74 | 78 | if (err) { |
75 | 79 | printf("authenticate container hdr failed, return %d\n", err); |
76 | - ret = EIO; | |
80 | + ret = -EIO; | |
77 | 81 | goto exit; |
78 | 82 | } |
79 | 83 | |
80 | 84 | |
81 | 85 | |
... | ... | @@ -87,12 +91,41 @@ |
87 | 91 | flush_dcache_range(img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), |
88 | 92 | ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); |
89 | 93 | |
94 | + /* Find the memreg and set permission for seco pt */ | |
95 | + err = sc_rm_find_memreg(ipcHndl, &mr, | |
96 | + img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE)); | |
97 | + | |
98 | + if (err) { | |
99 | + printf("can't find memreg for image load address %d, error %d\n", i, err); | |
100 | + ret = -ENOMEM; | |
101 | + goto exit; | |
102 | + } | |
103 | + | |
104 | + err = sc_rm_get_memreg_info(ipcHndl, mr, &start, &end); | |
105 | + if (!err) | |
106 | + debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); | |
107 | + | |
108 | + err = sc_rm_set_memreg_permissions(ipcHndl, mr, SECO_PT, SC_RM_PERM_FULL); | |
109 | + if (err) { | |
110 | + printf("set permission failed for img %d, error %d\n", i, err); | |
111 | + ret = -EPERM; | |
112 | + goto exit; | |
113 | + } | |
114 | + | |
90 | 115 | err = sc_misc_seco_authenticate(ipcHndl, SC_MISC_VERIFY_IMAGE, (1 << i)); |
91 | 116 | if (err) { |
92 | 117 | printf("authenticate img %d failed, return %d\n", i, err); |
93 | - ret = EIO; | |
94 | - goto exit; | |
118 | + ret = -EIO; | |
95 | 119 | } |
120 | + | |
121 | + err = sc_rm_set_memreg_permissions(ipcHndl, mr, SECO_PT, SC_RM_PERM_NONE); | |
122 | + if (err) { | |
123 | + printf("remove permission failed for img %d, error %d\n", i, err); | |
124 | + ret = -EPERM; | |
125 | + } | |
126 | + | |
127 | + if (ret) | |
128 | + goto exit; | |
96 | 129 | } |
97 | 130 | |
98 | 131 | exit: |