blob: 51af02859033147ac023c86630d520545d955c36 [file] [log] [blame]
Tom Rini10e47792018-05-06 17:58:06 -04001// SPDX-License-Identifier: GPL-2.0+
Tom Rini108ee582016-03-16 09:10:08 -04002/*
3 * K2HK: secure kernel command file
4 *
5 * (C) Copyright 2012-2014
6 * Texas Instruments Incorporated, <www.ti.com>
Tom Rini108ee582016-03-16 09:10:08 -04007 */
8
9#include <common.h>
10#include <command.h>
11#include <mach/mon.h>
Vitaly Andrianov1b3b2442017-04-07 10:00:03 -050012#include <spl.h>
Tom Rini108ee582016-03-16 09:10:08 -040013asm(".arch_extension sec\n\t");
14
Madan Srinivase8856102017-07-17 12:59:15 -050015int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr)
Tom Rini108ee582016-03-16 09:10:08 -040016{
17 int result;
18
19 __asm__ __volatile__ (
20 "stmfd r13!, {lr}\n"
21 "mov r0, %1\n"
22 "mov r1, %2\n"
23 "mov r2, %3\n"
Madan Srinivase8856102017-07-17 12:59:15 -050024 "mov r3, %4\n"
Tom Rini108ee582016-03-16 09:10:08 -040025 "blx r0\n"
Srinivas, Madan39354af2017-07-17 13:02:02 -050026 "mov %0, r0\n"
Tom Rini108ee582016-03-16 09:10:08 -040027 "ldmfd r13!, {lr}\n"
28 : "=&r" (result)
Madan Srinivase8856102017-07-17 12:59:15 -050029 : "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr)
30 : "cc", "r0", "r1", "r2", "r3", "memory");
Tom Rini108ee582016-03-16 09:10:08 -040031 return result;
32}
33
34int mon_power_on(int core_id, void *ep)
35{
36 int result;
37
38 asm volatile (
39 "stmfd r13!, {lr}\n"
40 "mov r1, %1\n"
41 "mov r2, %2\n"
42 "mov r0, #0\n"
43 "smc #0\n"
Srinivas, Madan39354af2017-07-17 13:02:02 -050044 "mov %0, r0\n"
Tom Rini108ee582016-03-16 09:10:08 -040045 "ldmfd r13!, {lr}\n"
46 : "=&r" (result)
47 : "r" (core_id), "r" (ep)
48 : "cc", "r0", "r1", "r2", "memory");
49 return result;
50}
51
52int mon_power_off(int core_id)
53{
54 int result;
55
56 asm volatile (
57 "stmfd r13!, {lr}\n"
58 "mov r1, %1\n"
59 "mov r0, #1\n"
60 "smc #1\n"
Srinivas, Madan39354af2017-07-17 13:02:02 -050061 "mov %0, r0\n"
Tom Rini108ee582016-03-16 09:10:08 -040062 "ldmfd r13!, {lr}\n"
63 : "=&r" (result)
64 : "r" (core_id)
65 : "cc", "r0", "r1", "memory");
66 return result;
67}
Vitaly Andrianov1b3b2442017-04-07 10:00:03 -050068
69#ifdef CONFIG_TI_SECURE_DEVICE
70#define KS2_HS_SEC_HEADER_LEN 0x60
71#define KS2_HS_SEC_TAG_OFFSET 0x34
72#define KS2_AUTH_CMD 130
73
74/**
75 * k2_hs_bm_auth() - Invokes security functions using a
76 * proprietary TI interface. This binary and source for
77 * this is available in the secure development package or
78 * SECDEV. For details on how to access this please refer
79 * doc/README.ti-secure
80 *
81 * @cmd: Secure monitor command
82 * @arg1: Argument for command
83 *
84 * returns non-zero value on success, zero on error
85 */
86static int k2_hs_bm_auth(int cmd, void *arg1)
87{
88 int result;
89
90 asm volatile (
91 "stmfd r13!, {r4-r12, lr}\n"
92 "mov r0, %1\n"
93 "mov r1, %2\n"
94 "smc #2\n"
Srinivas, Madan39354af2017-07-17 13:02:02 -050095 "mov %0, r0\n"
Vitaly Andrianov1b3b2442017-04-07 10:00:03 -050096 "ldmfd r13!, {r4-r12, lr}\n"
97 : "=&r" (result)
98 : "r" (cmd), "r" (arg1)
99 : "cc", "r0", "r1", "memory");
100
101 return result;
102}
103
104void board_fit_image_post_process(void **p_image, size_t *p_size)
105{
106 int result = 0;
107 void *image = *p_image;
108
109 if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) {
110 printf("No signature found in image!\n");
111 hang();
112 }
113
114 result = k2_hs_bm_auth(KS2_AUTH_CMD, image);
115 if (result == 0) {
116 printf("Authentication failed!\n");
117 hang();
118 }
119
120 /*
Andrew F. Davis5564f232017-06-29 08:38:25 -0500121 * Overwrite the image headers after authentication
122 * and decryption. Update size to reflect removal
123 * of header.
124 */
Vitaly Andrianov1b3b2442017-04-07 10:00:03 -0500125 *p_size -= KS2_HS_SEC_HEADER_LEN;
Andrew F. Davis5564f232017-06-29 08:38:25 -0500126 memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size);
Vitaly Andrianov1b3b2442017-04-07 10:00:03 -0500127
128 /*
129 * Output notification of successful authentication to re-assure the
130 * user that the secure code is being processed as expected. However
131 * suppress any such log output in case of building for SPL and booting
132 * via YMODEM. This is done to avoid disturbing the YMODEM serial
133 * protocol transactions.
134 */
135 if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
136 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
137 spl_boot_device() == BOOT_DEVICE_UART))
138 printf("Authentication passed\n");
139}
140#endif