Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 2b24ddef8b40f1b2e49cad2cb6ab138195a9eb24 / . / arch / arm / mach-imx / imx8ulp / ahab.c
blob: 87c4c66a08744cd2f5f34224f975afd811b99b70 [file] [log] [blame]
Ye Lic408ed32022-07-26 16:40:49 +0800[diff] [blame]1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright 2020 NXP
4 */
5
6#include <common.h>
7#include <command.h>
8#include <errno.h>
9#include <asm/io.h>
10#include <asm/mach-imx/s400_api.h>
11#include <asm/mach-imx/sys_proto.h>
12#include <asm/arch-imx/cpu.h>
13#include <asm/arch/sys_proto.h>
14#include <asm/mach-imx/image.h>
15#include <console.h>
16#include <cpu_func.h>
17#include <asm/mach-imx/ahab.h>
18#include <asm/global_data.h>
19
20DECLARE_GLOBAL_DATA_PTR;
21
22#define IMG_CONTAINER_BASE (0x22010000UL)
23#define IMG_CONTAINER_END_BASE (IMG_CONTAINER_BASE + 0xFFFFUL)
24
25#define AHAB_NO_AUTHENTICATION_IND 0xee
26#define AHAB_BAD_KEY_HASH_IND 0xfa
27#define AHAB_INVALID_KEY_IND 0xf9
28#define AHAB_BAD_SIGNATURE_IND 0xf0
29#define AHAB_BAD_HASH_IND 0xf1
30
31static void display_ahab_auth_ind(u32 event)
32{
33 u8 resp_ind = (event >> 8) & 0xff;
34
35 switch (resp_ind) {
36 case AHAB_NO_AUTHENTICATION_IND:
37 printf("AHAB_NO_AUTHENTICATION_IND (0x%02X)\n\n", resp_ind);
38 break;
39 case AHAB_BAD_KEY_HASH_IND:
40 printf("AHAB_BAD_KEY_HASH_IND (0x%02X)\n\n", resp_ind);
41 break;
42 case AHAB_INVALID_KEY_IND:
43 printf("AHAB_INVALID_KEY_IND (0x%02X)\n\n", resp_ind);
44 break;
45 case AHAB_BAD_SIGNATURE_IND:
46 printf("AHAB_BAD_SIGNATURE_IND (0x%02X)\n\n", resp_ind);
47 break;
48 case AHAB_BAD_HASH_IND:
49 printf("AHAB_BAD_HASH_IND (0x%02X)\n\n", resp_ind);
50 break;
51 default:
52 printf("Unknown Indicator (0x%02X)\n\n", resp_ind);
53 break;
54 }
55}
56
57int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
58{
59 int err;
60 u32 resp;
61
62 memcpy((void *)IMG_CONTAINER_BASE, (const void *)container,
63 ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
64
65 flush_dcache_range(IMG_CONTAINER_BASE,
66 IMG_CONTAINER_BASE + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE) - 1);
67
68 err = ahab_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp);
69 if (err) {
70 printf("Authenticate container hdr failed, return %d, resp 0x%x\n",
71 err, resp);
72 display_ahab_auth_ind(resp);
73 }
74
75 return err;
76}
77
78int ahab_auth_release(void)
79{
80 int err;
81 u32 resp;
82
83 err = ahab_release_container(&resp);
84 if (err) {
85 printf("Error: release container failed, resp 0x%x!\n", resp);
86 display_ahab_auth_ind(resp);
87 }
88
89 return err;
90}
91
92int ahab_verify_cntr_image(struct boot_img_t *img, int image_index)
93{
94 int err;
95 u32 resp;
96
97 err = ahab_verify_image(image_index, &resp);
98 if (err) {
99 printf("Authenticate img %d failed, return %d, resp 0x%x\n",
100 image_index, err, resp);
101 display_ahab_auth_ind(resp);
102 return -EIO;
103 }
104
105 return 0;
106}
107
108static inline bool check_in_dram(ulong addr)
109{
110 int i;
111 struct bd_info *bd = gd->bd;
112
113 for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
114 if (bd->bi_dram[i].size) {
115 if (addr >= bd->bi_dram[i].start &&
116 addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
117 return true;
118 }
119 }
120
121 return false;
122}
123
124int authenticate_os_container(ulong addr)
125{
126 struct container_hdr *phdr;
127 int i, ret = 0;
128 int err;
129 u16 length;
130 struct boot_img_t *img;
131 unsigned long s, e;
132
133 if (addr % 4) {
134 puts("Error: Image's address is not 4 byte aligned\n");
135 return -EINVAL;
136 }
137
138 if (!check_in_dram(addr)) {
139 puts("Error: Image's address is invalid\n");
140 return -EINVAL;
141 }
142
143 phdr = (struct container_hdr *)addr;
144 if (phdr->tag != 0x87 || phdr->version != 0x0) {
145 printf("Error: Wrong container header\n");
146 return -EFAULT;
147 }
148
149 if (!phdr->num_images) {
150 printf("Error: Wrong container, no image found\n");
151 return -EFAULT;
152 }
153
154 length = phdr->length_lsb + (phdr->length_msb << 8);
155
156 debug("container length %u\n", length);
157
158 err = ahab_auth_cntr_hdr(phdr, length);
159 if (err) {
160 ret = -EIO;
161 goto exit;
162 }
163
164 debug("Verify images\n");
165
166 /* Copy images to dest address */
167 for (i = 0; i < phdr->num_images; i++) {
168 img = (struct boot_img_t *)(addr +
169 sizeof(struct container_hdr) +
170 i * sizeof(struct boot_img_t));
171
172 debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
173 i, (uint32_t)img->dst, img->offset + addr, img->size);
174
175 memcpy((void *)img->dst, (const void *)(img->offset + addr), img->size);
176
177 s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
178 e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
179
180 flush_dcache_range(s, e);
181
182 ret = ahab_verify_cntr_image(img, i);
183 if (ret)
184 goto exit;
185 }
186
187exit:
188 debug("ahab_auth_release, 0x%x\n", ret);
189 ahab_auth_release();
190
191 return ret;
192}
193
194static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc,
195 char *const argv[])
196{
197 ulong addr;
198
199 if (argc < 2)
200 return CMD_RET_USAGE;
201
202 addr = simple_strtoul(argv[1], NULL, 16);
203
204 printf("Authenticate OS container at 0x%lx\n", addr);
205
206 if (authenticate_os_container(addr))
207 return CMD_RET_FAILURE;
208
209 return CMD_RET_SUCCESS;
210}
211
212static void display_life_cycle(u32 lc)
213{
214 printf("Lifecycle: 0x%08X, ", lc);
215 switch (lc) {
216 case 0x1:
217 printf("BLANK\n\n");
218 break;
219 case 0x2:
220 printf("FAB\n\n");
221 break;
222 case 0x4:
223 printf("NXP Provisioned\n\n");
224 break;
225 case 0x8:
226 printf("OEM Open\n\n");
227 break;
228 case 0x10:
229 printf("OEM Secure World Closed\n\n");
230 break;
231 case 0x20:
232 printf("OEM closed\n\n");
233 break;
234 case 0x40:
235 printf("Field Return OEM\n\n");
236 break;
237 case 0x80:
238 printf("Field Return NXP\n\n");
239 break;
240 case 0x100:
241 printf("OEM Locked\n\n");
242 break;
243 case 0x200:
244 printf("BRICKED\n\n");
245 break;
246 default:
247 printf("Unknown\n\n");
248 break;
249 }
250}
251
252static int confirm_close(void)
253{
254 puts("Warning: Please ensure your sample is in NXP closed state, "
255 "OEM SRK hash has been fused, \n"
256 " and you are able to boot a signed image successfully "
257 "without any SECO events reported.\n"
258 " If not, your sample will be unrecoverable.\n"
259 "\nReally perform this operation? <y/N>\n");
260
261 if (confirm_yesno())
262 return 1;
263
264 puts("Ahab close aborted\n");
265 return 0;
266}
267
268static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
269 char *const argv[])
270{
271 int err;
272 u32 resp;
273
274 if (!confirm_close())
275 return -EACCES;
276
277 err = ahab_forward_lifecycle(8, &resp);
278 if (err != 0) {
279 printf("Error in forward lifecycle to OEM closed\n");
280 return -EIO;
281 }
282
283 printf("Change to OEM closed successfully\n");
284
285 return 0;
286}
287
288int ahab_dump(void)
289{
290 u32 buffer[32];
291 int ret, i = 0;
292
293 do {
294 ret = ahab_dump_buffer(buffer, 32);
295 if (ret < 0) {
296 printf("Error in dump AHAB log\n");
297 return -EIO;
298 }
299
300 if (ret == 1)
301 break;
302
303 for (i = 0; i < ret; i++)
304 printf("0x%x\n", buffer[i]);
305 } while (ret >= 21);
306
307 return 0;
308}
309
310static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
311{
312 return ahab_dump();
313}
314
315static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
316{
317 u32 lc;
318
319 lc = readl(FSB_BASE_ADDR + 0x41c);
320 lc &= 0x3f;
321
322 display_life_cycle(lc);
323 return 0;
324}
325
326U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
327 "autenticate OS container via AHAB",
328 "addr\n"
329 "addr - OS container hex address\n"
330);
331
332U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
333 "Change AHAB lifecycle to OEM closed",
334 ""
335);
336
337U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump,
338 "Dump AHAB log for debug",
339 ""
340);
341
342U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status,
343 "display AHAB lifecycle only",
344 ""
345);