imx: hab: Simplify the mechanism
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.
Signed-off-by: Marek Vasut <marex@denx.de>
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index cb9801b..6c13b00 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -20,6 +20,7 @@
#include <asm/mach-imx/boot_mode.h>
#include <g_dnl.h>
#include <linux/libfdt.h>
+#include <memalign.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -315,47 +316,21 @@
size = ALIGN(size, 0x1000);
size += CONFIG_CSF_SIZE;
- return size;
-}
+ if (size > CONFIG_SYS_BOOTM_LEN)
+ panic("spl: ERROR: image too big\n");
-void board_spl_fit_post_load(const void *fit)
-{
- u32 offset = ALIGN(fdt_totalsize(fit), 0x1000);
-
- if (imx_hab_authenticate_image((uintptr_t)fit,
- offset + IVT_SIZE + CSF_PAD_SIZE,
- offset)) {
- panic("spl: ERROR: image authentication unsuccessful\n");
- }
+ return size;
}
#endif
void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len)
{
- int align_len = ARCH_DMA_MINALIGN - 1;
-
- /* Some devices like SDP, NOR, NAND, SPI are using bl_len =1, so their fit address
- * is different with SD/MMC, this cause mismatch with signed address. Thus, adjust
- * the bl_len to align with SD/MMC.
- */
- if (bl_len < 512)
- bl_len = 512;
-
- return (void *)((CONFIG_TEXT_BASE - fit_size - bl_len -
- align_len) & ~align_len);
-}
+#if defined(CONFIG_SPL_LOAD_FIT_ADDRESS)
+ return (void *)CONFIG_SPL_LOAD_FIT_ADDRESS;
+#else
+ return (void *)(CONFIG_TEXT_BASE + CONFIG_SYS_BOOTM_LEN);
#endif
-
-#if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
-int dram_init_banksize(void)
-{
- gd->bd->bi_dram[0].start = CFG_SYS_SDRAM_BASE;
- gd->bd->bi_dram[0].size = imx_ddr_size();
-
- return 0;
}
-#endif
-
/*
* read the address where the IVT header must sit
* from IVT image header, loaded from SPL into
@@ -365,7 +340,6 @@
void *spl_load_simple_fit_fix_load(const void *fit)
{
struct ivt *ivt;
- unsigned long new;
unsigned long offset;
unsigned long size;
u8 *tmp = (u8 *)fit;
@@ -375,16 +349,23 @@
size = board_spl_fit_size_align(size);
tmp += offset;
ivt = (struct ivt *)tmp;
- if (ivt->hdr.magic != IVT_HEADER_MAGIC) {
- debug("no IVT header found\n");
- return (void *)fit;
- }
+
debug("%s: ivt: %p offset: %lx size: %lx\n", __func__, ivt, offset, size);
debug("%s: ivt self: %x\n", __func__, ivt->self);
- new = ivt->self;
- new -= offset;
- debug("%s: new %lx\n", __func__, new);
- memcpy((void *)new, fit, size);
+
+ if (imx_hab_authenticate_image((uintptr_t)fit, (uintptr_t)ivt, offset))
+ panic("spl: ERROR: image authentication unsuccessful\n");
- return (void *)new;
+ return (void *)fit;
}
+#endif /* CONFIG_IMX_HAB */
+
+#if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
+int dram_init_banksize(void)
+{
+ gd->bd->bi_dram[0].start = CFG_SYS_SDRAM_BASE;
+ gd->bd->bi_dram[0].size = imx_ddr_size();
+
+ return 0;
+}
+#endif