Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit b2ca8907d92434300e081e0f23ec589a2de1be9f

Authored by Breno Matheus Lima
Committed by Stefano Babic
1 parent d01806a8fc
Exists in smarc_8mq_lf_v2020.04 and in 11 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0

imx: hab: Convert non-NULL IVT DCD pointer warning to an error 

The following NXP application notes and manual recommend to ensure the
IVT DCD pointer is Null prior to calling HAB API authenticate_image()
function:

- AN12263: HABv4 RVT Guidelines and Recommendations
- AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using
  HABv4
- CST docs: High Assurance Boot Version 4 Application Programming
  Interface Reference Manual

Commit ca89df7dd46f ("imx: hab: Convert DCD non-NULL error to warning")
converted DCD non-NULL error to warning due to the lack of documentation
at the time of first patch submission. We have warned U-Boot users since
v2018.03, and it makes sense now to follow the NXP recommendation to
ensure the IVT DCD pointer is Null.

DCD commands should only be present in the initial boot image loaded by
the SoC ROM. Starting in HAB v4.3.7 the HAB code  will generate an error
if a DCD pointer is present in an image being authenticated by calling the
HAB RVT API. Older versions of HAB will process and run DCD if it is
present, and this could lead to an incorrect authentication boot flow.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>

Showing 1 changed file with 4 additions and 2 deletions Inline Diff

arch/arm/mach-imx/hab.c
Diff comments   View file @ b2ca890
1 // SPDX-License-Identifier: GPL-2.0+ 1 // SPDX-License-Identifier: GPL-2.0+
2 /* 2 /*
3 * Copyright (C) 2010-2015 Freescale Semiconductor, Inc. 3 * Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
4 */ 4 */
5 5
6 #include <common.h> 6 #include <common.h>
7 #include <config.h> 7 #include <config.h>
8 #include <fuse.h> 8 #include <fuse.h>
9 #include <mapmem.h> 9 #include <mapmem.h>
10 #include <image.h> 10 #include <image.h>
11 #include <asm/io.h> 11 #include <asm/io.h>
12 #include <asm/system.h> 12 #include <asm/system.h>
13 #include <asm/arch/clock.h> 13 #include <asm/arch/clock.h>
14 #include <asm/arch/sys_proto.h> 14 #include <asm/arch/sys_proto.h>
15 #include <asm/mach-imx/hab.h> 15 #include <asm/mach-imx/hab.h>
16 16
17 #define ALIGN_SIZE 0x1000 17 #define ALIGN_SIZE 0x1000
18 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 18 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
19 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 19 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0
20 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 20 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18
21 #define IS_HAB_ENABLED_BIT \ 21 #define IS_HAB_ENABLED_BIT \
22 (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ 22 (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \
23 (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) 23 (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
24 24
25 static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) 25 static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
26 { 26 {
27 printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, 27 printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
28 ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); 28 ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
29 29
30 return 1; 30 return 1;
31 } 31 }
32 32
33 static int verify_ivt_header(struct ivt_header *ivt_hdr) 33 static int verify_ivt_header(struct ivt_header *ivt_hdr)
34 { 34 {
35 int result = 0; 35 int result = 0;
36 36
37 if (ivt_hdr->magic != IVT_HEADER_MAGIC) 37 if (ivt_hdr->magic != IVT_HEADER_MAGIC)
38 result = ivt_header_error("bad magic", ivt_hdr); 38 result = ivt_header_error("bad magic", ivt_hdr);
39 39
40 if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) 40 if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
41 result = ivt_header_error("bad length", ivt_hdr); 41 result = ivt_header_error("bad length", ivt_hdr);
42 42
43 if (ivt_hdr->version != IVT_HEADER_V1 && 43 if (ivt_hdr->version != IVT_HEADER_V1 &&
44 ivt_hdr->version != IVT_HEADER_V2) 44 ivt_hdr->version != IVT_HEADER_V2)
45 result = ivt_header_error("bad version", ivt_hdr); 45 result = ivt_header_error("bad version", ivt_hdr);
46 46
47 return result; 47 return result;
48 } 48 }
49 49
50 #if !defined(CONFIG_SPL_BUILD) 50 #if !defined(CONFIG_SPL_BUILD)
51 51
52 #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ 52 #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
53 53
54 struct record { 54 struct record {
55 uint8_t tag; /* Tag */ 55 uint8_t tag; /* Tag */
56 uint8_t len[2]; /* Length */ 56 uint8_t len[2]; /* Length */
57 uint8_t par; /* Version */ 57 uint8_t par; /* Version */
58 uint8_t contents[MAX_RECORD_BYTES];/* Record Data */ 58 uint8_t contents[MAX_RECORD_BYTES];/* Record Data */
59 bool any_rec_flag; 59 bool any_rec_flag;
60 }; 60 };
61 61
62 static char *rsn_str[] = { 62 static char *rsn_str[] = {
63 "RSN = HAB_RSN_ANY (0x00)\n", 63 "RSN = HAB_RSN_ANY (0x00)\n",
64 "RSN = HAB_ENG_FAIL (0x30)\n", 64 "RSN = HAB_ENG_FAIL (0x30)\n",
65 "RSN = HAB_INV_ADDRESS (0x22)\n", 65 "RSN = HAB_INV_ADDRESS (0x22)\n",
66 "RSN = HAB_INV_ASSERTION (0x0C)\n", 66 "RSN = HAB_INV_ASSERTION (0x0C)\n",
67 "RSN = HAB_INV_CALL (0x28)\n", 67 "RSN = HAB_INV_CALL (0x28)\n",
68 "RSN = HAB_INV_CERTIFICATE (0x21)\n", 68 "RSN = HAB_INV_CERTIFICATE (0x21)\n",
69 "RSN = HAB_INV_COMMAND (0x06)\n", 69 "RSN = HAB_INV_COMMAND (0x06)\n",
70 "RSN = HAB_INV_CSF (0x11)\n", 70 "RSN = HAB_INV_CSF (0x11)\n",
71 "RSN = HAB_INV_DCD (0x27)\n", 71 "RSN = HAB_INV_DCD (0x27)\n",
72 "RSN = HAB_INV_INDEX (0x0F)\n", 72 "RSN = HAB_INV_INDEX (0x0F)\n",
73 "RSN = HAB_INV_IVT (0x05)\n", 73 "RSN = HAB_INV_IVT (0x05)\n",
74 "RSN = HAB_INV_KEY (0x1D)\n", 74 "RSN = HAB_INV_KEY (0x1D)\n",
75 "RSN = HAB_INV_RETURN (0x1E)\n", 75 "RSN = HAB_INV_RETURN (0x1E)\n",
76 "RSN = HAB_INV_SIGNATURE (0x18)\n", 76 "RSN = HAB_INV_SIGNATURE (0x18)\n",
77 "RSN = HAB_INV_SIZE (0x17)\n", 77 "RSN = HAB_INV_SIZE (0x17)\n",
78 "RSN = HAB_MEM_FAIL (0x2E)\n", 78 "RSN = HAB_MEM_FAIL (0x2E)\n",
79 "RSN = HAB_OVR_COUNT (0x2B)\n", 79 "RSN = HAB_OVR_COUNT (0x2B)\n",
80 "RSN = HAB_OVR_STORAGE (0x2D)\n", 80 "RSN = HAB_OVR_STORAGE (0x2D)\n",
81 "RSN = HAB_UNS_ALGORITHM (0x12)\n", 81 "RSN = HAB_UNS_ALGORITHM (0x12)\n",
82 "RSN = HAB_UNS_COMMAND (0x03)\n", 82 "RSN = HAB_UNS_COMMAND (0x03)\n",
83 "RSN = HAB_UNS_ENGINE (0x0A)\n", 83 "RSN = HAB_UNS_ENGINE (0x0A)\n",
84 "RSN = HAB_UNS_ITEM (0x24)\n", 84 "RSN = HAB_UNS_ITEM (0x24)\n",
85 "RSN = HAB_UNS_KEY (0x1B)\n", 85 "RSN = HAB_UNS_KEY (0x1B)\n",
86 "RSN = HAB_UNS_PROTOCOL (0x14)\n", 86 "RSN = HAB_UNS_PROTOCOL (0x14)\n",
87 "RSN = HAB_UNS_STATE (0x09)\n", 87 "RSN = HAB_UNS_STATE (0x09)\n",
88 "RSN = INVALID\n", 88 "RSN = INVALID\n",
89 NULL 89 NULL
90 }; 90 };
91 91
92 static char *sts_str[] = { 92 static char *sts_str[] = {
93 "STS = HAB_SUCCESS (0xF0)\n", 93 "STS = HAB_SUCCESS (0xF0)\n",
94 "STS = HAB_FAILURE (0x33)\n", 94 "STS = HAB_FAILURE (0x33)\n",
95 "STS = HAB_WARNING (0x69)\n", 95 "STS = HAB_WARNING (0x69)\n",
96 "STS = INVALID\n", 96 "STS = INVALID\n",
97 NULL 97 NULL
98 }; 98 };
99 99
100 static char *eng_str[] = { 100 static char *eng_str[] = {
101 "ENG = HAB_ENG_ANY (0x00)\n", 101 "ENG = HAB_ENG_ANY (0x00)\n",
102 "ENG = HAB_ENG_SCC (0x03)\n", 102 "ENG = HAB_ENG_SCC (0x03)\n",
103 "ENG = HAB_ENG_RTIC (0x05)\n", 103 "ENG = HAB_ENG_RTIC (0x05)\n",
104 "ENG = HAB_ENG_SAHARA (0x06)\n", 104 "ENG = HAB_ENG_SAHARA (0x06)\n",
105 "ENG = HAB_ENG_CSU (0x0A)\n", 105 "ENG = HAB_ENG_CSU (0x0A)\n",
106 "ENG = HAB_ENG_SRTC (0x0C)\n", 106 "ENG = HAB_ENG_SRTC (0x0C)\n",
107 "ENG = HAB_ENG_DCP (0x1B)\n", 107 "ENG = HAB_ENG_DCP (0x1B)\n",
108 "ENG = HAB_ENG_CAAM (0x1D)\n", 108 "ENG = HAB_ENG_CAAM (0x1D)\n",
109 "ENG = HAB_ENG_SNVS (0x1E)\n", 109 "ENG = HAB_ENG_SNVS (0x1E)\n",
110 "ENG = HAB_ENG_OCOTP (0x21)\n", 110 "ENG = HAB_ENG_OCOTP (0x21)\n",
111 "ENG = HAB_ENG_DTCP (0x22)\n", 111 "ENG = HAB_ENG_DTCP (0x22)\n",
112 "ENG = HAB_ENG_ROM (0x36)\n", 112 "ENG = HAB_ENG_ROM (0x36)\n",
113 "ENG = HAB_ENG_HDCP (0x24)\n", 113 "ENG = HAB_ENG_HDCP (0x24)\n",
114 "ENG = HAB_ENG_RTL (0x77)\n", 114 "ENG = HAB_ENG_RTL (0x77)\n",
115 "ENG = HAB_ENG_SW (0xFF)\n", 115 "ENG = HAB_ENG_SW (0xFF)\n",
116 "ENG = INVALID\n", 116 "ENG = INVALID\n",
117 NULL 117 NULL
118 }; 118 };
119 119
120 static char *ctx_str[] = { 120 static char *ctx_str[] = {
121 "CTX = HAB_CTX_ANY(0x00)\n", 121 "CTX = HAB_CTX_ANY(0x00)\n",
122 "CTX = HAB_CTX_FAB (0xFF)\n", 122 "CTX = HAB_CTX_FAB (0xFF)\n",
123 "CTX = HAB_CTX_ENTRY (0xE1)\n", 123 "CTX = HAB_CTX_ENTRY (0xE1)\n",
124 "CTX = HAB_CTX_TARGET (0x33)\n", 124 "CTX = HAB_CTX_TARGET (0x33)\n",
125 "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", 125 "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
126 "CTX = HAB_CTX_DCD (0xDD)\n", 126 "CTX = HAB_CTX_DCD (0xDD)\n",
127 "CTX = HAB_CTX_CSF (0xCF)\n", 127 "CTX = HAB_CTX_CSF (0xCF)\n",
128 "CTX = HAB_CTX_COMMAND (0xC0)\n", 128 "CTX = HAB_CTX_COMMAND (0xC0)\n",
129 "CTX = HAB_CTX_AUT_DAT (0xDB)\n", 129 "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
130 "CTX = HAB_CTX_ASSERT (0xA0)\n", 130 "CTX = HAB_CTX_ASSERT (0xA0)\n",
131 "CTX = HAB_CTX_EXIT (0xEE)\n", 131 "CTX = HAB_CTX_EXIT (0xEE)\n",
132 "CTX = INVALID\n", 132 "CTX = INVALID\n",
133 NULL 133 NULL
134 }; 134 };
135 135
136 static uint8_t hab_statuses[5] = { 136 static uint8_t hab_statuses[5] = {
137 HAB_STS_ANY, 137 HAB_STS_ANY,
138 HAB_FAILURE, 138 HAB_FAILURE,
139 HAB_WARNING, 139 HAB_WARNING,
140 HAB_SUCCESS, 140 HAB_SUCCESS,
141 -1 141 -1
142 }; 142 };
143 143
144 static uint8_t hab_reasons[26] = { 144 static uint8_t hab_reasons[26] = {
145 HAB_RSN_ANY, 145 HAB_RSN_ANY,
146 HAB_ENG_FAIL, 146 HAB_ENG_FAIL,
147 HAB_INV_ADDRESS, 147 HAB_INV_ADDRESS,
148 HAB_INV_ASSERTION, 148 HAB_INV_ASSERTION,
149 HAB_INV_CALL, 149 HAB_INV_CALL,
150 HAB_INV_CERTIFICATE, 150 HAB_INV_CERTIFICATE,
151 HAB_INV_COMMAND, 151 HAB_INV_COMMAND,
152 HAB_INV_CSF, 152 HAB_INV_CSF,
153 HAB_INV_DCD, 153 HAB_INV_DCD,
154 HAB_INV_INDEX, 154 HAB_INV_INDEX,
155 HAB_INV_IVT, 155 HAB_INV_IVT,
156 HAB_INV_KEY, 156 HAB_INV_KEY,
157 HAB_INV_RETURN, 157 HAB_INV_RETURN,
158 HAB_INV_SIGNATURE, 158 HAB_INV_SIGNATURE,
159 HAB_INV_SIZE, 159 HAB_INV_SIZE,
160 HAB_MEM_FAIL, 160 HAB_MEM_FAIL,
161 HAB_OVR_COUNT, 161 HAB_OVR_COUNT,
162 HAB_OVR_STORAGE, 162 HAB_OVR_STORAGE,
163 HAB_UNS_ALGORITHM, 163 HAB_UNS_ALGORITHM,
164 HAB_UNS_COMMAND, 164 HAB_UNS_COMMAND,
165 HAB_UNS_ENGINE, 165 HAB_UNS_ENGINE,
166 HAB_UNS_ITEM, 166 HAB_UNS_ITEM,
167 HAB_UNS_KEY, 167 HAB_UNS_KEY,
168 HAB_UNS_PROTOCOL, 168 HAB_UNS_PROTOCOL,
169 HAB_UNS_STATE, 169 HAB_UNS_STATE,
170 -1 170 -1
171 }; 171 };
172 172
173 static uint8_t hab_contexts[12] = { 173 static uint8_t hab_contexts[12] = {
174 HAB_CTX_ANY, 174 HAB_CTX_ANY,
175 HAB_CTX_FAB, 175 HAB_CTX_FAB,
176 HAB_CTX_ENTRY, 176 HAB_CTX_ENTRY,
177 HAB_CTX_TARGET, 177 HAB_CTX_TARGET,
178 HAB_CTX_AUTHENTICATE, 178 HAB_CTX_AUTHENTICATE,
179 HAB_CTX_DCD, 179 HAB_CTX_DCD,
180 HAB_CTX_CSF, 180 HAB_CTX_CSF,
181 HAB_CTX_COMMAND, 181 HAB_CTX_COMMAND,
182 HAB_CTX_AUT_DAT, 182 HAB_CTX_AUT_DAT,
183 HAB_CTX_ASSERT, 183 HAB_CTX_ASSERT,
184 HAB_CTX_EXIT, 184 HAB_CTX_EXIT,
185 -1 185 -1
186 }; 186 };
187 187
188 static uint8_t hab_engines[16] = { 188 static uint8_t hab_engines[16] = {
189 HAB_ENG_ANY, 189 HAB_ENG_ANY,
190 HAB_ENG_SCC, 190 HAB_ENG_SCC,
191 HAB_ENG_RTIC, 191 HAB_ENG_RTIC,
192 HAB_ENG_SAHARA, 192 HAB_ENG_SAHARA,
193 HAB_ENG_CSU, 193 HAB_ENG_CSU,
194 HAB_ENG_SRTC, 194 HAB_ENG_SRTC,
195 HAB_ENG_DCP, 195 HAB_ENG_DCP,
196 HAB_ENG_CAAM, 196 HAB_ENG_CAAM,
197 HAB_ENG_SNVS, 197 HAB_ENG_SNVS,
198 HAB_ENG_OCOTP, 198 HAB_ENG_OCOTP,
199 HAB_ENG_DTCP, 199 HAB_ENG_DTCP,
200 HAB_ENG_ROM, 200 HAB_ENG_ROM,
201 HAB_ENG_HDCP, 201 HAB_ENG_HDCP,
202 HAB_ENG_RTL, 202 HAB_ENG_RTL,
203 HAB_ENG_SW, 203 HAB_ENG_SW,
204 -1 204 -1
205 }; 205 };
206 206
207 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) 207 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
208 { 208 {
209 uint8_t idx = 0; 209 uint8_t idx = 0;
210 uint8_t element = list[idx]; 210 uint8_t element = list[idx];
211 while (element != -1) { 211 while (element != -1) {
212 if (element == tgt) 212 if (element == tgt)
213 return idx; 213 return idx;
214 element = list[++idx]; 214 element = list[++idx];
215 } 215 }
216 return -1; 216 return -1;
217 } 217 }
218 218
219 static void process_event_record(uint8_t *event_data, size_t bytes) 219 static void process_event_record(uint8_t *event_data, size_t bytes)
220 { 220 {
221 struct record *rec = (struct record *)event_data; 221 struct record *rec = (struct record *)event_data;
222 222
223 printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]); 223 printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]);
224 printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]); 224 printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]);
225 printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]); 225 printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]);
226 printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); 226 printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
227 } 227 }
228 228
229 static void display_event(uint8_t *event_data, size_t bytes) 229 static void display_event(uint8_t *event_data, size_t bytes)
230 { 230 {
231 uint32_t i; 231 uint32_t i;
232 232
233 if (!(event_data && bytes > 0)) 233 if (!(event_data && bytes > 0))
234 return; 234 return;
235 235
236 for (i = 0; i < bytes; i++) { 236 for (i = 0; i < bytes; i++) {
237 if (i == 0) 237 if (i == 0)
238 printf("\t0x%02x", event_data[i]); 238 printf("\t0x%02x", event_data[i]);
239 else if ((i % 8) == 0) 239 else if ((i % 8) == 0)
240 printf("\n\t0x%02x", event_data[i]); 240 printf("\n\t0x%02x", event_data[i]);
241 else 241 else
242 printf(" 0x%02x", event_data[i]); 242 printf(" 0x%02x", event_data[i]);
243 } 243 }
244 244
245 process_event_record(event_data, bytes); 245 process_event_record(event_data, bytes);
246 } 246 }
247 247
248 static int get_hab_status(void) 248 static int get_hab_status(void)
249 { 249 {
250 uint32_t index = 0; /* Loop index */ 250 uint32_t index = 0; /* Loop index */
251 uint8_t event_data[128]; /* Event data buffer */ 251 uint8_t event_data[128]; /* Event data buffer */
252 size_t bytes = sizeof(event_data); /* Event size in bytes */ 252 size_t bytes = sizeof(event_data); /* Event size in bytes */
253 enum hab_config config = 0; 253 enum hab_config config = 0;
254 enum hab_state state = 0; 254 enum hab_state state = 0;
255 hab_rvt_report_event_t *hab_rvt_report_event; 255 hab_rvt_report_event_t *hab_rvt_report_event;
256 hab_rvt_report_status_t *hab_rvt_report_status; 256 hab_rvt_report_status_t *hab_rvt_report_status;
257 257
258 hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT; 258 hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT;
259 hab_rvt_report_status = 259 hab_rvt_report_status =
260 (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS; 260 (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS;
261 261
262 if (imx_hab_is_enabled()) 262 if (imx_hab_is_enabled())
263 puts("\nSecure boot enabled\n"); 263 puts("\nSecure boot enabled\n");
264 else 264 else
265 puts("\nSecure boot disabled\n"); 265 puts("\nSecure boot disabled\n");
266 266
267 /* Check HAB status */ 267 /* Check HAB status */
268 if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { 268 if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
269 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", 269 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
270 config, state); 270 config, state);
271 271
272 /* Display HAB Error events */ 272 /* Display HAB Error events */
273 while (hab_rvt_report_event(HAB_FAILURE, index, event_data, 273 while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
274 &bytes) == HAB_SUCCESS) { 274 &bytes) == HAB_SUCCESS) {
275 puts("\n"); 275 puts("\n");
276 printf("--------- HAB Event %d -----------------\n", 276 printf("--------- HAB Event %d -----------------\n",
277 index + 1); 277 index + 1);
278 puts("event data:\n"); 278 puts("event data:\n");
279 display_event(event_data, bytes); 279 display_event(event_data, bytes);
280 puts("\n"); 280 puts("\n");
281 bytes = sizeof(event_data); 281 bytes = sizeof(event_data);
282 index++; 282 index++;
283 } 283 }
284 } 284 }
285 /* Display message if no HAB events are found */ 285 /* Display message if no HAB events are found */
286 else { 286 else {
287 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", 287 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
288 config, state); 288 config, state);
289 puts("No HAB Events Found!\n\n"); 289 puts("No HAB Events Found!\n\n");
290 } 290 }
291 return 0; 291 return 0;
292 } 292 }
293 293
294 static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, 294 static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
295 char * const argv[]) 295 char * const argv[])
296 { 296 {
297 if ((argc != 1)) { 297 if ((argc != 1)) {
298 cmd_usage(cmdtp); 298 cmd_usage(cmdtp);
299 return 1; 299 return 1;
300 } 300 }
301 301
302 get_hab_status(); 302 get_hab_status();
303 303
304 return 0; 304 return 0;
305 } 305 }
306 306
307 static ulong get_image_ivt_offset(ulong img_addr) 307 static ulong get_image_ivt_offset(ulong img_addr)
308 { 308 {
309 const void *buf; 309 const void *buf;
310 310
311 buf = map_sysmem(img_addr, 0); 311 buf = map_sysmem(img_addr, 0);
312 switch (genimg_get_format(buf)) { 312 switch (genimg_get_format(buf)) {
313 #if defined(CONFIG_IMAGE_FORMAT_LEGACY) 313 #if defined(CONFIG_IMAGE_FORMAT_LEGACY)
314 case IMAGE_FORMAT_LEGACY: 314 case IMAGE_FORMAT_LEGACY:
315 return (image_get_image_size((image_header_t *)img_addr) 315 return (image_get_image_size((image_header_t *)img_addr)
316 + 0x1000 - 1) & ~(0x1000 - 1); 316 + 0x1000 - 1) & ~(0x1000 - 1);
317 #endif 317 #endif
318 #if IMAGE_ENABLE_FIT 318 #if IMAGE_ENABLE_FIT
319 case IMAGE_FORMAT_FIT: 319 case IMAGE_FORMAT_FIT:
320 return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1); 320 return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);
321 #endif 321 #endif
322 default: 322 default:
323 return 0; 323 return 0;
324 } 324 }
325 } 325 }
326 326
327 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, 327 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
328 char * const argv[]) 328 char * const argv[])
329 { 329 {
330 ulong addr, length, ivt_offset; 330 ulong addr, length, ivt_offset;
331 int rcode = 0; 331 int rcode = 0;
332 332
333 if (argc < 3) 333 if (argc < 3)
334 return CMD_RET_USAGE; 334 return CMD_RET_USAGE;
335 335
336 addr = simple_strtoul(argv[1], NULL, 16); 336 addr = simple_strtoul(argv[1], NULL, 16);
337 length = simple_strtoul(argv[2], NULL, 16); 337 length = simple_strtoul(argv[2], NULL, 16);
338 if (argc == 3) 338 if (argc == 3)
339 ivt_offset = get_image_ivt_offset(addr); 339 ivt_offset = get_image_ivt_offset(addr);
340 else 340 else
341 ivt_offset = simple_strtoul(argv[3], NULL, 16); 341 ivt_offset = simple_strtoul(argv[3], NULL, 16);
342 342
343 rcode = imx_hab_authenticate_image(addr, length, ivt_offset); 343 rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
344 if (rcode == 0) 344 if (rcode == 0)
345 rcode = CMD_RET_SUCCESS; 345 rcode = CMD_RET_SUCCESS;
346 else 346 else
347 rcode = CMD_RET_FAILURE; 347 rcode = CMD_RET_FAILURE;
348 348
349 return rcode; 349 return rcode;
350 } 350 }
351 351
352 static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, 352 static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
353 char * const argv[]) 353 char * const argv[])
354 { 354 {
355 hab_rvt_failsafe_t *hab_rvt_failsafe; 355 hab_rvt_failsafe_t *hab_rvt_failsafe;
356 356
357 if (argc != 1) { 357 if (argc != 1) {
358 cmd_usage(cmdtp); 358 cmd_usage(cmdtp);
359 return 1; 359 return 1;
360 } 360 }
361 361
362 hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE; 362 hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE;
363 hab_rvt_failsafe(); 363 hab_rvt_failsafe();
364 364
365 return 0; 365 return 0;
366 } 366 }
367 367
368 static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag, 368 static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
369 int argc, char * const argv[]) 369 int argc, char * const argv[])
370 { 370 {
371 int ret = CMD_RET_FAILURE; 371 int ret = CMD_RET_FAILURE;
372 372
373 if (argc != 4) { 373 if (argc != 4) {
374 ret = CMD_RET_USAGE; 374 ret = CMD_RET_USAGE;
375 goto error; 375 goto error;
376 } 376 }
377 377
378 if (!imx_hab_is_enabled()) { 378 if (!imx_hab_is_enabled()) {
379 printf("error: secure boot disabled\n"); 379 printf("error: secure boot disabled\n");
380 goto error; 380 goto error;
381 } 381 }
382 382
383 if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) { 383 if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
384 fprintf(stderr, "authentication fail -> %s %s %s %s\n", 384 fprintf(stderr, "authentication fail -> %s %s %s %s\n",
385 argv[0], argv[1], argv[2], argv[3]); 385 argv[0], argv[1], argv[2], argv[3]);
386 do_hab_failsafe(0, 0, 1, NULL); 386 do_hab_failsafe(0, 0, 1, NULL);
387 }; 387 };
388 ret = CMD_RET_SUCCESS; 388 ret = CMD_RET_SUCCESS;
389 error: 389 error:
390 return ret; 390 return ret;
391 } 391 }
392 392
393 U_BOOT_CMD( 393 U_BOOT_CMD(
394 hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, 394 hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
395 "display HAB status", 395 "display HAB status",
396 "" 396 ""
397 ); 397 );
398 398
399 U_BOOT_CMD( 399 U_BOOT_CMD(
400 hab_auth_img, 4, 0, do_authenticate_image, 400 hab_auth_img, 4, 0, do_authenticate_image,
401 "authenticate image via HAB", 401 "authenticate image via HAB",
402 "addr length ivt_offset\n" 402 "addr length ivt_offset\n"
403 "addr - image hex address\n" 403 "addr - image hex address\n"
404 "length - image hex length\n" 404 "length - image hex length\n"
405 "ivt_offset - hex offset of IVT in the image" 405 "ivt_offset - hex offset of IVT in the image"
406 ); 406 );
407 407
408 U_BOOT_CMD( 408 U_BOOT_CMD(
409 hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, 409 hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe,
410 "run BootROM failsafe routine", 410 "run BootROM failsafe routine",
411 "" 411 ""
412 ); 412 );
413 413
414 U_BOOT_CMD( 414 U_BOOT_CMD(
415 hab_auth_img_or_fail, 4, 0, 415 hab_auth_img_or_fail, 4, 0,
416 do_authenticate_image_or_failover, 416 do_authenticate_image_or_failover,
417 "authenticate image via HAB on failure drop to USB BootROM mode", 417 "authenticate image via HAB on failure drop to USB BootROM mode",
418 "addr length ivt_offset\n" 418 "addr length ivt_offset\n"
419 "addr - image hex address\n" 419 "addr - image hex address\n"
420 "length - image hex length\n" 420 "length - image hex length\n"
421 "ivt_offset - hex offset of IVT in the image" 421 "ivt_offset - hex offset of IVT in the image"
422 ); 422 );
423 423
424 #endif /* !defined(CONFIG_SPL_BUILD) */ 424 #endif /* !defined(CONFIG_SPL_BUILD) */
425 425
426 /* Get CSF Header length */ 426 /* Get CSF Header length */
427 static int get_hab_hdr_len(struct hab_hdr *hdr) 427 static int get_hab_hdr_len(struct hab_hdr *hdr)
428 { 428 {
429 return (size_t)((hdr->len[0] << 8) + (hdr->len[1])); 429 return (size_t)((hdr->len[0] << 8) + (hdr->len[1]));
430 } 430 }
431 431
432 /* Check whether addr lies between start and 432 /* Check whether addr lies between start and
433 * end and is within the length of the image 433 * end and is within the length of the image
434 */ 434 */
435 static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end) 435 static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end)
436 { 436 {
437 size_t csf_size = (size_t)((end + 1) - addr); 437 size_t csf_size = (size_t)((end + 1) - addr);
438 438
439 return (addr && (addr >= start) && (addr <= end) && 439 return (addr && (addr >= start) && (addr <= end) &&
440 (csf_size >= bytes)); 440 (csf_size >= bytes));
441 } 441 }
442 442
443 /* Get Length of each command in CSF */ 443 /* Get Length of each command in CSF */
444 static int get_csf_cmd_hdr_len(u8 *csf_hdr) 444 static int get_csf_cmd_hdr_len(u8 *csf_hdr)
445 { 445 {
446 if (*csf_hdr == HAB_CMD_HDR) 446 if (*csf_hdr == HAB_CMD_HDR)
447 return sizeof(struct hab_hdr); 447 return sizeof(struct hab_hdr);
448 448
449 return get_hab_hdr_len((struct hab_hdr *)csf_hdr); 449 return get_hab_hdr_len((struct hab_hdr *)csf_hdr);
450 } 450 }
451 451
452 /* Check if CSF is valid */ 452 /* Check if CSF is valid */
453 static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes) 453 static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes)
454 { 454 {
455 u8 *start = (u8 *)start_addr; 455 u8 *start = (u8 *)start_addr;
456 u8 *csf_hdr; 456 u8 *csf_hdr;
457 u8 *end; 457 u8 *end;
458 458
459 size_t csf_hdr_len; 459 size_t csf_hdr_len;
460 size_t cmd_hdr_len; 460 size_t cmd_hdr_len;
461 size_t offset = 0; 461 size_t offset = 0;
462 462
463 if (bytes != 0) 463 if (bytes != 0)
464 end = start + bytes - 1; 464 end = start + bytes - 1;
465 else 465 else
466 end = start; 466 end = start;
467 467
468 /* Verify if CSF pointer content is zero */ 468 /* Verify if CSF pointer content is zero */
469 if (!ivt->csf) { 469 if (!ivt->csf) {
470 puts("Error: CSF pointer is NULL\n"); 470 puts("Error: CSF pointer is NULL\n");
471 return false; 471 return false;
472 } 472 }
473 473
474 csf_hdr = (u8 *)ivt->csf; 474 csf_hdr = (u8 *)ivt->csf;
475 475
476 /* Verify if CSF Header exist */ 476 /* Verify if CSF Header exist */
477 if (*csf_hdr != HAB_CMD_HDR) { 477 if (*csf_hdr != HAB_CMD_HDR) {
478 puts("Error: CSF header command not found\n"); 478 puts("Error: CSF header command not found\n");
479 return false; 479 return false;
480 } 480 }
481 481
482 csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr); 482 csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr);
483 483
484 /* Check if the CSF lies within the image bounds */ 484 /* Check if the CSF lies within the image bounds */
485 if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) { 485 if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) {
486 puts("Error: CSF lies outside the image bounds\n"); 486 puts("Error: CSF lies outside the image bounds\n");
487 return false; 487 return false;
488 } 488 }
489 489
490 do { 490 do {
491 struct hab_hdr *cmd; 491 struct hab_hdr *cmd;
492 492
493 cmd = (struct hab_hdr *)&csf_hdr[offset]; 493 cmd = (struct hab_hdr *)&csf_hdr[offset];
494 494
495 switch (cmd->tag) { 495 switch (cmd->tag) {
496 case (HAB_CMD_WRT_DAT): 496 case (HAB_CMD_WRT_DAT):
497 puts("Error: Deprecated write command found\n"); 497 puts("Error: Deprecated write command found\n");
498 return false; 498 return false;
499 case (HAB_CMD_CHK_DAT): 499 case (HAB_CMD_CHK_DAT):
500 puts("Error: Deprecated check command found\n"); 500 puts("Error: Deprecated check command found\n");
501 return false; 501 return false;
502 case (HAB_CMD_SET): 502 case (HAB_CMD_SET):
503 if (cmd->par == HAB_PAR_MID) { 503 if (cmd->par == HAB_PAR_MID) {
504 puts("Error: Deprecated Set MID command found\n"); 504 puts("Error: Deprecated Set MID command found\n");
505 return false; 505 return false;
506 } 506 }
507 default: 507 default:
508 break; 508 break;
509 } 509 }
510 510
511 cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]); 511 cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]);
512 if (!cmd_hdr_len) { 512 if (!cmd_hdr_len) {
513 puts("Error: Invalid command length\n"); 513 puts("Error: Invalid command length\n");
514 return false; 514 return false;
515 } 515 }
516 offset += cmd_hdr_len; 516 offset += cmd_hdr_len;
517 517
518 } while (offset < csf_hdr_len); 518 } while (offset < csf_hdr_len);
519 519
520 return true; 520 return true;
521 } 521 }
522 522
523 bool imx_hab_is_enabled(void) 523 bool imx_hab_is_enabled(void)
524 { 524 {
525 struct imx_sec_config_fuse_t *fuse = 525 struct imx_sec_config_fuse_t *fuse =
526 (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; 526 (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
527 uint32_t reg; 527 uint32_t reg;
528 int ret; 528 int ret;
529 529
530 ret = fuse_read(fuse->bank, fuse->word, &reg); 530 ret = fuse_read(fuse->bank, fuse->word, &reg);
531 if (ret) { 531 if (ret) {
532 puts("\nSecure boot fuse read error\n"); 532 puts("\nSecure boot fuse read error\n");
533 return ret; 533 return ret;
534 } 534 }
535 535
536 return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; 536 return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
537 } 537 }
538 538
539 int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, 539 int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
540 uint32_t ivt_offset) 540 uint32_t ivt_offset)
541 { 541 {
542 uint32_t load_addr = 0; 542 uint32_t load_addr = 0;
543 size_t bytes; 543 size_t bytes;
544 uint32_t ivt_addr = 0; 544 uint32_t ivt_addr = 0;
545 int result = 1; 545 int result = 1;
546 ulong start; 546 ulong start;
547 hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; 547 hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
548 hab_rvt_entry_t *hab_rvt_entry; 548 hab_rvt_entry_t *hab_rvt_entry;
549 hab_rvt_exit_t *hab_rvt_exit; 549 hab_rvt_exit_t *hab_rvt_exit;
550 hab_rvt_check_target_t *hab_rvt_check_target; 550 hab_rvt_check_target_t *hab_rvt_check_target;
551 struct ivt *ivt; 551 struct ivt *ivt;
552 struct ivt_header *ivt_hdr; 552 struct ivt_header *ivt_hdr;
553 enum hab_status status; 553 enum hab_status status;
554 554
555 hab_rvt_authenticate_image = 555 hab_rvt_authenticate_image =
556 (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE; 556 (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE;
557 hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY; 557 hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY;
558 hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT; 558 hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT;
559 hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET; 559 hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET;
560 560
561 if (!imx_hab_is_enabled()) { 561 if (!imx_hab_is_enabled()) {
562 puts("hab fuse not enabled\n"); 562 puts("hab fuse not enabled\n");
563 return 0; 563 return 0;
564 } 564 }
565 565
566 printf("\nAuthenticate image from DDR location 0x%x...\n", 566 printf("\nAuthenticate image from DDR location 0x%x...\n",
567 ddr_start); 567 ddr_start);
568 568
569 hab_caam_clock_enable(1); 569 hab_caam_clock_enable(1);
570 570
571 /* Calculate IVT address header */ 571 /* Calculate IVT address header */
572 ivt_addr = ddr_start + ivt_offset; 572 ivt_addr = ddr_start + ivt_offset;
573 ivt = (struct ivt *)ivt_addr; 573 ivt = (struct ivt *)ivt_addr;
574 ivt_hdr = &ivt->hdr; 574 ivt_hdr = &ivt->hdr;
575 575
576 /* Verify IVT header bugging out on error */ 576 /* Verify IVT header bugging out on error */
577 if (verify_ivt_header(ivt_hdr)) 577 if (verify_ivt_header(ivt_hdr))
578 goto hab_authentication_exit; 578 goto hab_authentication_exit;
579 579
580 /* Verify IVT body */ 580 /* Verify IVT body */
581 if (ivt->self != ivt_addr) { 581 if (ivt->self != ivt_addr) {
582 printf("ivt->self 0x%08x pointer is 0x%08x\n", 582 printf("ivt->self 0x%08x pointer is 0x%08x\n",
583 ivt->self, ivt_addr); 583 ivt->self, ivt_addr);
584 goto hab_authentication_exit; 584 goto hab_authentication_exit;
585 } 585 }
586 586
587 /* Verify if IVT DCD pointer is NULL */ 587 /* Verify if IVT DCD pointer is NULL */
588 if (ivt->dcd) 588 if (ivt->dcd) {
589 puts("Warning: DCD pointer should be NULL\n"); 589 puts("Error: DCD pointer must be NULL\n");
590 goto hab_authentication_exit;
591 }
590 592
591 start = ddr_start; 593 start = ddr_start;
592 bytes = image_size; 594 bytes = image_size;
593 595
594 /* Verify CSF */ 596 /* Verify CSF */
595 if (!csf_is_valid(ivt, start, bytes)) 597 if (!csf_is_valid(ivt, start, bytes))
596 goto hab_authentication_exit; 598 goto hab_authentication_exit;
597 599
598 if (hab_rvt_entry() != HAB_SUCCESS) { 600 if (hab_rvt_entry() != HAB_SUCCESS) {
599 puts("hab entry function fail\n"); 601 puts("hab entry function fail\n");
600 goto hab_exit_failure_print_status; 602 goto hab_exit_failure_print_status;
601 } 603 }
602 604
603 status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); 605 status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
604 if (status != HAB_SUCCESS) { 606 if (status != HAB_SUCCESS) {
605 printf("HAB check target 0x%08x-0x%08x fail\n", 607 printf("HAB check target 0x%08x-0x%08x fail\n",
606 ddr_start, ddr_start + bytes); 608 ddr_start, ddr_start + bytes);
607 goto hab_exit_failure_print_status; 609 goto hab_exit_failure_print_status;
608 } 610 }
609 #ifdef DEBUG 611 #ifdef DEBUG
610 printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); 612 printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
611 printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, 613 printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
612 ivt->dcd, ivt->csf); 614 ivt->dcd, ivt->csf);
613 puts("Dumping IVT\n"); 615 puts("Dumping IVT\n");
614 print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); 616 print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
615 617
616 puts("Dumping CSF Header\n"); 618 puts("Dumping CSF Header\n");
617 print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); 619 print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0);
618 620
619 #if !defined(CONFIG_SPL_BUILD) 621 #if !defined(CONFIG_SPL_BUILD)
620 get_hab_status(); 622 get_hab_status();
621 #endif 623 #endif
622 624
623 puts("\nCalling authenticate_image in ROM\n"); 625 puts("\nCalling authenticate_image in ROM\n");
624 printf("\tivt_offset = 0x%x\n", ivt_offset); 626 printf("\tivt_offset = 0x%x\n", ivt_offset);
625 printf("\tstart = 0x%08lx\n", start); 627 printf("\tstart = 0x%08lx\n", start);
626 printf("\tbytes = 0x%x\n", bytes); 628 printf("\tbytes = 0x%x\n", bytes);
627 #endif 629 #endif
628 /* 630 /*
629 * If the MMU is enabled, we have to notify the ROM 631 * If the MMU is enabled, we have to notify the ROM
630 * code, or it won't flush the caches when needed. 632 * code, or it won't flush the caches when needed.
631 * This is done, by setting the "pu_irom_mmu_enabled" 633 * This is done, by setting the "pu_irom_mmu_enabled"
632 * word to 1. You can find its address by looking in 634 * word to 1. You can find its address by looking in
633 * the ROM map. This is critical for 635 * the ROM map. This is critical for
634 * authenticate_image(). If MMU is enabled, without 636 * authenticate_image(). If MMU is enabled, without
635 * setting this bit, authentication will fail and may 637 * setting this bit, authentication will fail and may
636 * crash. 638 * crash.
637 */ 639 */
638 /* Check MMU enabled */ 640 /* Check MMU enabled */
639 if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { 641 if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
640 if (is_mx6dq()) { 642 if (is_mx6dq()) {
641 /* 643 /*
642 * This won't work on Rev 1.0.0 of 644 * This won't work on Rev 1.0.0 of
643 * i.MX6Q/D, since their ROM doesn't 645 * i.MX6Q/D, since their ROM doesn't
644 * do cache flushes. don't think any 646 * do cache flushes. don't think any
645 * exist, so we ignore them. 647 * exist, so we ignore them.
646 */ 648 */
647 if (!is_mx6dqp()) 649 if (!is_mx6dqp())
648 writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); 650 writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
649 } else if (is_mx6sdl()) { 651 } else if (is_mx6sdl()) {
650 writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); 652 writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
651 } else if (is_mx6sl()) { 653 } else if (is_mx6sl()) {
652 writel(1, MX6SL_PU_IROM_MMU_EN_VAR); 654 writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
653 } 655 }
654 } 656 }
655 657
656 load_addr = (uint32_t)hab_rvt_authenticate_image( 658 load_addr = (uint32_t)hab_rvt_authenticate_image(
657 HAB_CID_UBOOT, 659 HAB_CID_UBOOT,
658 ivt_offset, (void **)&start, 660 ivt_offset, (void **)&start,
659 (size_t *)&bytes, NULL); 661 (size_t *)&bytes, NULL);
660 if (hab_rvt_exit() != HAB_SUCCESS) { 662 if (hab_rvt_exit() != HAB_SUCCESS) {
661 puts("hab exit function fail\n"); 663 puts("hab exit function fail\n");
662 load_addr = 0; 664 load_addr = 0;
663 } 665 }
664 666
665 hab_exit_failure_print_status: 667 hab_exit_failure_print_status:
666 #if !defined(CONFIG_SPL_BUILD) 668 #if !defined(CONFIG_SPL_BUILD)
667 get_hab_status(); 669 get_hab_status();
668 #endif 670 #endif
669 671
670 hab_authentication_exit: 672 hab_authentication_exit:
671 673
672 if (load_addr != 0) 674 if (load_addr != 0)
673 result = 0; 675 result = 0;
674 676
675 return result; 677 return result;
676 } 678 }
677 679