+// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
- *
- * SPDX-License-Identifier: GPL-2.0+
*/
#include <common.h>
#include <config.h>
#include <fuse.h>
+#include <mapmem.h>
+#include <image.h>
#include <asm/io.h>
#include <asm/system.h>
#include <asm/arch/clock.h>
#include <asm/arch/sys_proto.h>
#include <asm/mach-imx/hab.h>
-/* -------- start of HAB API updates ------------*/
-
-#define hab_rvt_report_event_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \
- ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \
-)
-
-#define hab_rvt_report_status_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\
- ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \
-)
-
-#define hab_rvt_authenticate_image_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \
-)
-
-#define hab_rvt_entry_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \
- ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \
-)
-
-#define hab_rvt_exit_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \
- ((hab_rvt_exit_t *)HAB_RVT_EXIT) \
-)
-
-static inline void hab_rvt_failsafe_new(void)
-{
-}
-
-#define hab_rvt_failsafe_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \
- ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \
-)
-
-static inline enum hab_status hab_rvt_check_target_new(enum hab_target target,
- const void *start,
- size_t bytes)
-{
- return HAB_SUCCESS;
-}
-
-#define hab_rvt_check_target_p \
-( \
- (is_mx6dqp()) ? \
- ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \
- (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
- ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \
- (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
- ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \
- ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \
-)
-
#define ALIGN_SIZE 0x1000
#define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
#define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0
hab_rvt_report_event_t *hab_rvt_report_event;
hab_rvt_report_status_t *hab_rvt_report_status;
- hab_rvt_report_event = hab_rvt_report_event_p;
- hab_rvt_report_status = hab_rvt_report_status_p;
+ hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT;
+ hab_rvt_report_status =
+ (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS;
if (imx_hab_is_enabled())
puts("\nSecure boot enabled\n");
return 0;
}
+static ulong get_image_ivt_offset(ulong img_addr)
+{
+ const void *buf;
+
+ buf = map_sysmem(img_addr, 0);
+ switch (genimg_get_format(buf)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+ case IMAGE_FORMAT_LEGACY:
+ return (image_get_image_size((image_header_t *)img_addr)
+ + 0x1000 - 1) & ~(0x1000 - 1);
+#endif
+#if IMAGE_ENABLE_FIT
+ case IMAGE_FORMAT_FIT:
+ return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);
+#endif
+ default:
+ return 0;
+ }
+}
+
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
ulong addr, length, ivt_offset;
int rcode = 0;
- if (argc < 4)
+ if (argc < 3)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
length = simple_strtoul(argv[2], NULL, 16);
- ivt_offset = simple_strtoul(argv[3], NULL, 16);
+ if (argc == 3)
+ ivt_offset = get_image_ivt_offset(addr);
+ else
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
if (rcode == 0)
return 1;
}
- hab_rvt_failsafe = hab_rvt_failsafe_p;
+ hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE;
hab_rvt_failsafe();
return 0;
}
+static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ int ret = CMD_RET_FAILURE;
+
+ if (argc != 4) {
+ ret = CMD_RET_USAGE;
+ goto error;
+ }
+
+ if (!imx_hab_is_enabled()) {
+ printf("error: secure boot disabled\n");
+ goto error;
+ }
+
+ if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
+ fprintf(stderr, "authentication fail -> %s %s %s %s\n",
+ argv[0], argv[1], argv[2], argv[3]);
+ do_hab_failsafe(0, 0, 1, NULL);
+ };
+ ret = CMD_RET_SUCCESS;
+error:
+ return ret;
+}
+
U_BOOT_CMD(
hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
"display HAB status",
""
);
+U_BOOT_CMD(
+ hab_auth_img_or_fail, 4, 0,
+ do_authenticate_image_or_failover,
+ "authenticate image via HAB on failure drop to USB BootROM mode",
+ "addr length ivt_offset\n"
+ "addr - image hex address\n"
+ "length - image hex length\n"
+ "ivt_offset - hex offset of IVT in the image"
+ );
+
#endif /* !defined(CONFIG_SPL_BUILD) */
/* Get CSF Header length */
}
do {
+ struct hab_hdr *cmd;
+
+ cmd = (struct hab_hdr *)&csf_hdr[offset];
+
+ switch (cmd->tag) {
+ case (HAB_CMD_WRT_DAT):
+ puts("Error: Deprecated write command found\n");
+ return false;
+ case (HAB_CMD_CHK_DAT):
+ puts("Error: Deprecated check command found\n");
+ return false;
+ case (HAB_CMD_SET):
+ if (cmd->par == HAB_PAR_MID) {
+ puts("Error: Deprecated Set MID command found\n");
+ return false;
+ }
+ default:
+ break;
+ }
+
cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]);
if (!cmd_hdr_len) {
puts("Error: Invalid command length\n");
struct ivt_header *ivt_hdr;
enum hab_status status;
- hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
- hab_rvt_entry = hab_rvt_entry_p;
- hab_rvt_exit = hab_rvt_exit_p;
- hab_rvt_check_target = hab_rvt_check_target_p;
+ hab_rvt_authenticate_image =
+ (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE;
+ hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY;
+ hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT;
+ hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET;
if (!imx_hab_is_enabled()) {
puts("hab fuse not enabled\n");
}
/* Verify if IVT DCD pointer is NULL */
- if (ivt->dcd) {
- puts("Error: DCD pointer must be NULL\n");
- goto hab_authentication_exit;
- }
+ if (ivt->dcd)
+ puts("Warning: DCD pointer should be NULL\n");
start = ddr_start;
bytes = image_size;