zynq: Kconfig: extend the bootstrap malloc() pool

[oweals/u-boot.git] / arch / arm / mach-imx / hab.c
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c

index c3fc699d023998002b46d2bcc9943e33c1a7a884..dbfd692fa353c726054b0daa6f7045a742319f62 100644 (file)
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -1,12 +1,13 @@
+// SPDX-License-Identifier: GPL-2.0+
  /*
   * Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
- *
- * SPDX-License-Identifier:    GPL-2.0+
   */
  
  #include <common.h>
  #include <config.h>
  #include <fuse.h>
+#include <mapmem.h>
+#include <image.h>
  #include <asm/io.h>
  #include <asm/system.h>
  #include <asm/arch/clock.h>
@@ -303,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
         return 0;
  }
  
+static ulong get_image_ivt_offset(ulong img_addr)
+{
+       const void *buf;
+
+       buf = map_sysmem(img_addr, 0);
+       switch (genimg_get_format(buf)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+       case IMAGE_FORMAT_LEGACY:
+               return (image_get_image_size((image_header_t *)img_addr)
+                       + 0x1000 - 1)  & ~(0x1000 - 1);
+#endif
+#if IMAGE_ENABLE_FIT
+       case IMAGE_FORMAT_FIT:
+               return (fit_get_size(buf) + 0x1000 - 1)  & ~(0x1000 - 1);
+#endif
+       default:
+               return 0;
+       }
+}
+
  static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
                                  char * const argv[])
  {
         ulong   addr, length, ivt_offset;
         int     rcode = 0;
  
-       if (argc < 4)
+       if (argc < 3)
                 return CMD_RET_USAGE;
  
         addr = simple_strtoul(argv[1], NULL, 16);
         length = simple_strtoul(argv[2], NULL, 16);
-       ivt_offset = simple_strtoul(argv[3], NULL, 16);
+       if (argc == 3)
+               ivt_offset = get_image_ivt_offset(addr);
+       else
+               ivt_offset = simple_strtoul(argv[3], NULL, 16);
  
         rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
         if (rcode == 0)
@@ -341,6 +365,31 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
         return 0;
  }
  
+static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
+                                            int argc, char * const argv[])
+{
+       int ret = CMD_RET_FAILURE;
+
+       if (argc != 4) {
+               ret = CMD_RET_USAGE;
+               goto error;
+       }
+
+       if (!imx_hab_is_enabled()) {
+               printf("error: secure boot disabled\n");
+               goto error;
+       }
+
+       if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
+               fprintf(stderr, "authentication fail -> %s %s %s %s\n",
+                       argv[0], argv[1], argv[2], argv[3]);
+               do_hab_failsafe(0, 0, 1, NULL);
+       };
+       ret = CMD_RET_SUCCESS;
+error:
+       return ret;
+}
+
  U_BOOT_CMD(
                 hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
                 "display HAB status",
@@ -362,6 +411,16 @@ U_BOOT_CMD(
                 ""
           );
  
+U_BOOT_CMD(
+               hab_auth_img_or_fail, 4, 0,
+               do_authenticate_image_or_failover,
+               "authenticate image via HAB on failure drop to USB BootROM mode",
+               "addr length ivt_offset\n"
+               "addr - image hex address\n"
+               "length - image hex length\n"
+               "ivt_offset - hex offset of IVT in the image"
+         );
+
  #endif /* !defined(CONFIG_SPL_BUILD) */
  
  /* Get CSF Header length */
@@ -526,10 +585,8 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
         }
  
         /* Verify if IVT DCD pointer is NULL */
-       if (ivt->dcd) {
-               puts("Error: DCD pointer must be NULL\n");
-               goto hab_authentication_exit;
-       }
+       if (ivt->dcd)
+               puts("Warning: DCD pointer should be NULL\n");
  
         start = ddr_start;
         bytes = image_size;