X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=arch%2Farm%2Fmach-imx%2Fhab.c;h=5f197775c13a28a216c653d1858cfbaeeecfe2b2;hb=c1ef486327cf3b79f3989139cae490a740fc7fe9;hp=079423a1e332f6ae2f7df339acfee911174c287b;hpb=b7c3cae7d35f003b8f4d15e8597eb638e5302796;p=oweals%2Fu-boot.git diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 079423a1e3..5f197775c1 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static inline void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \ +) + static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) @@ -96,8 +111,6 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool is_hab_enabled(void); - static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, @@ -135,73 +148,81 @@ struct record { bool any_rec_flag; }; -char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n", - "RSN = HAB_ENG_FAIL (0x30)\n", - "RSN = HAB_INV_ADDRESS (0x22)\n", - "RSN = HAB_INV_ASSERTION (0x0C)\n", - "RSN = HAB_INV_CALL (0x28)\n", - "RSN = HAB_INV_CERTIFICATE (0x21)\n", - "RSN = HAB_INV_COMMAND (0x06)\n", - "RSN = HAB_INV_CSF (0x11)\n", - "RSN = HAB_INV_DCD (0x27)\n", - "RSN = HAB_INV_INDEX (0x0F)\n", - "RSN = HAB_INV_IVT (0x05)\n", - "RSN = HAB_INV_KEY (0x1D)\n", - "RSN = HAB_INV_RETURN (0x1E)\n", - "RSN = HAB_INV_SIGNATURE (0x18)\n", - "RSN = HAB_INV_SIZE (0x17)\n", - "RSN = HAB_MEM_FAIL (0x2E)\n", - "RSN = HAB_OVR_COUNT (0x2B)\n", - "RSN = HAB_OVR_STORAGE (0x2D)\n", - "RSN = HAB_UNS_ALGORITHM (0x12)\n", - "RSN = HAB_UNS_COMMAND (0x03)\n", - "RSN = HAB_UNS_ENGINE (0x0A)\n", - "RSN = HAB_UNS_ITEM (0x24)\n", - "RSN = HAB_UNS_KEY (0x1B)\n", - "RSN = HAB_UNS_PROTOCOL (0x14)\n", - "RSN = HAB_UNS_STATE (0x09)\n", - "RSN = INVALID\n", - NULL}; - -char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n", - "STS = HAB_FAILURE (0x33)\n", - "STS = HAB_WARNING (0x69)\n", - "STS = INVALID\n", - NULL}; - -char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n", - "ENG = HAB_ENG_SCC (0x03)\n", - "ENG = HAB_ENG_RTIC (0x05)\n", - "ENG = HAB_ENG_SAHARA (0x06)\n", - "ENG = HAB_ENG_CSU (0x0A)\n", - "ENG = HAB_ENG_SRTC (0x0C)\n", - "ENG = HAB_ENG_DCP (0x1B)\n", - "ENG = HAB_ENG_CAAM (0x1D)\n", - "ENG = HAB_ENG_SNVS (0x1E)\n", - "ENG = HAB_ENG_OCOTP (0x21)\n", - "ENG = HAB_ENG_DTCP (0x22)\n", - "ENG = HAB_ENG_ROM (0x36)\n", - "ENG = HAB_ENG_HDCP (0x24)\n", - "ENG = HAB_ENG_RTL (0x77)\n", - "ENG = HAB_ENG_SW (0xFF)\n", - "ENG = INVALID\n", - NULL}; - -char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n", - "CTX = HAB_CTX_FAB (0xFF)\n", - "CTX = HAB_CTX_ENTRY (0xE1)\n", - "CTX = HAB_CTX_TARGET (0x33)\n", - "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", - "CTX = HAB_CTX_DCD (0xDD)\n", - "CTX = HAB_CTX_CSF (0xCF)\n", - "CTX = HAB_CTX_COMMAND (0xC0)\n", - "CTX = HAB_CTX_AUT_DAT (0xDB)\n", - "CTX = HAB_CTX_ASSERT (0xA0)\n", - "CTX = HAB_CTX_EXIT (0xEE)\n", - "CTX = INVALID\n", - NULL}; - -uint8_t hab_statuses[5] = { +static char *rsn_str[] = { + "RSN = HAB_RSN_ANY (0x00)\n", + "RSN = HAB_ENG_FAIL (0x30)\n", + "RSN = HAB_INV_ADDRESS (0x22)\n", + "RSN = HAB_INV_ASSERTION (0x0C)\n", + "RSN = HAB_INV_CALL (0x28)\n", + "RSN = HAB_INV_CERTIFICATE (0x21)\n", + "RSN = HAB_INV_COMMAND (0x06)\n", + "RSN = HAB_INV_CSF (0x11)\n", + "RSN = HAB_INV_DCD (0x27)\n", + "RSN = HAB_INV_INDEX (0x0F)\n", + "RSN = HAB_INV_IVT (0x05)\n", + "RSN = HAB_INV_KEY (0x1D)\n", + "RSN = HAB_INV_RETURN (0x1E)\n", + "RSN = HAB_INV_SIGNATURE (0x18)\n", + "RSN = HAB_INV_SIZE (0x17)\n", + "RSN = HAB_MEM_FAIL (0x2E)\n", + "RSN = HAB_OVR_COUNT (0x2B)\n", + "RSN = HAB_OVR_STORAGE (0x2D)\n", + "RSN = HAB_UNS_ALGORITHM (0x12)\n", + "RSN = HAB_UNS_COMMAND (0x03)\n", + "RSN = HAB_UNS_ENGINE (0x0A)\n", + "RSN = HAB_UNS_ITEM (0x24)\n", + "RSN = HAB_UNS_KEY (0x1B)\n", + "RSN = HAB_UNS_PROTOCOL (0x14)\n", + "RSN = HAB_UNS_STATE (0x09)\n", + "RSN = INVALID\n", + NULL +}; + +static char *sts_str[] = { + "STS = HAB_SUCCESS (0xF0)\n", + "STS = HAB_FAILURE (0x33)\n", + "STS = HAB_WARNING (0x69)\n", + "STS = INVALID\n", + NULL +}; + +static char *eng_str[] = { + "ENG = HAB_ENG_ANY (0x00)\n", + "ENG = HAB_ENG_SCC (0x03)\n", + "ENG = HAB_ENG_RTIC (0x05)\n", + "ENG = HAB_ENG_SAHARA (0x06)\n", + "ENG = HAB_ENG_CSU (0x0A)\n", + "ENG = HAB_ENG_SRTC (0x0C)\n", + "ENG = HAB_ENG_DCP (0x1B)\n", + "ENG = HAB_ENG_CAAM (0x1D)\n", + "ENG = HAB_ENG_SNVS (0x1E)\n", + "ENG = HAB_ENG_OCOTP (0x21)\n", + "ENG = HAB_ENG_DTCP (0x22)\n", + "ENG = HAB_ENG_ROM (0x36)\n", + "ENG = HAB_ENG_HDCP (0x24)\n", + "ENG = HAB_ENG_RTL (0x77)\n", + "ENG = HAB_ENG_SW (0xFF)\n", + "ENG = INVALID\n", + NULL +}; + +static char *ctx_str[] = { + "CTX = HAB_CTX_ANY(0x00)\n", + "CTX = HAB_CTX_FAB (0xFF)\n", + "CTX = HAB_CTX_ENTRY (0xE1)\n", + "CTX = HAB_CTX_TARGET (0x33)\n", + "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", + "CTX = HAB_CTX_DCD (0xDD)\n", + "CTX = HAB_CTX_CSF (0xCF)\n", + "CTX = HAB_CTX_COMMAND (0xC0)\n", + "CTX = HAB_CTX_AUT_DAT (0xDB)\n", + "CTX = HAB_CTX_ASSERT (0xA0)\n", + "CTX = HAB_CTX_EXIT (0xEE)\n", + "CTX = INVALID\n", + NULL +}; + +static uint8_t hab_statuses[5] = { HAB_STS_ANY, HAB_FAILURE, HAB_WARNING, @@ -209,7 +230,7 @@ uint8_t hab_statuses[5] = { -1 }; -uint8_t hab_reasons[26] = { +static uint8_t hab_reasons[26] = { HAB_RSN_ANY, HAB_ENG_FAIL, HAB_INV_ADDRESS, @@ -238,7 +259,7 @@ uint8_t hab_reasons[26] = { -1 }; -uint8_t hab_contexts[12] = { +static uint8_t hab_contexts[12] = { HAB_CTX_ANY, HAB_CTX_FAB, HAB_CTX_ENTRY, @@ -253,7 +274,7 @@ uint8_t hab_contexts[12] = { -1 }; -uint8_t hab_engines[16] = { +static uint8_t hab_engines[16] = { HAB_ENG_ANY, HAB_ENG_SCC, HAB_ENG_RTIC, @@ -284,7 +305,7 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) return -1; } -void process_event_record(uint8_t *event_data, size_t bytes) +static void process_event_record(uint8_t *event_data, size_t bytes) { struct record *rec = (struct record *)event_data; @@ -294,7 +315,7 @@ void process_event_record(uint8_t *event_data, size_t bytes) printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); } -void display_event(uint8_t *event_data, size_t bytes) +static void display_event(uint8_t *event_data, size_t bytes) { uint32_t i; @@ -313,7 +334,7 @@ void display_event(uint8_t *event_data, size_t bytes) process_event_record(event_data, bytes); } -int get_hab_status(void) +static int get_hab_status(void) { uint32_t index = 0; /* Loop index */ uint8_t event_data[128]; /* Event data buffer */ @@ -326,7 +347,7 @@ int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -358,7 +379,8 @@ int get_hab_status(void) return 0; } -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) { if ((argc != 1)) { cmd_usage(cmdtp); @@ -371,7 +393,7 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) + char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0; @@ -383,7 +405,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, length = simple_strtoul(argv[2], NULL, 16); ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, length, ivt_offset); + rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else @@ -392,6 +414,22 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, return rcode; } +static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + hab_rvt_failsafe_t *hab_rvt_failsafe; + + if (argc != 1) { + cmd_usage(cmdtp); + return 1; + } + + hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe(); + + return 0; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -407,10 +445,15 @@ U_BOOT_CMD( "ivt_offset - hex offset of IVT in the image" ); +U_BOOT_CMD( + hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, + "run BootROM failsafe routine", + "" + ); #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; @@ -426,8 +469,8 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset) +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; @@ -447,9 +490,9 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); - return result; + return 0; } printf("\nAuthenticate image from DDR location 0x%x...\n", @@ -478,14 +521,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (hab_rvt_entry() != HAB_SUCCESS) { puts("hab entry function fail\n"); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); if (status != HAB_SUCCESS) { printf("HAB check target 0x%08x-0x%08x fail\n", ddr_start, ddr_start + bytes); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); @@ -543,12 +586,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, load_addr = 0; } -hab_caam_clock_disable: - hab_caam_clock_enable(0); - +hab_exit_failure_print_status: #if !defined(CONFIG_SPL_BUILD) get_hab_status(); #endif + +hab_caam_clock_disable: + hab_caam_clock_enable(0); + if (load_addr != 0) result = 0;