1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright 2018-2019 NXP
9 #include <asm/arch/image.h>
10 #include <asm/arch/sci/sci.h>
12 #define SEC_SECURE_RAM_BASE 0x31800000UL
13 #define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL)
14 #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE 0x60000000UL
18 #ifdef CONFIG_AHAB_BOOT
19 static int authenticate_image(struct boot_img_t *img, int image_index)
21 sc_faddr_t start, end;
26 debug("img %d, dst 0x%llx, src 0x%x, size 0x%x\n",
27 image_index, img->dst, img->offset, img->size);
29 /* Find the memreg and set permission for seco pt */
30 err = sc_rm_find_memreg(-1, &mr,
31 img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1),
32 ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1);
35 printf("can't find memreg for image: %d, err %d\n",
40 err = sc_rm_get_memreg_info(-1, mr, &start, &end);
42 debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end);
44 err = sc_rm_set_memreg_permissions(-1, mr,
45 SECO_PT, SC_RM_PERM_FULL);
47 printf("set permission failed for img %d, error %d\n",
52 err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE,
55 printf("authenticate img %d failed, return %d\n",
60 err = sc_rm_set_memreg_permissions(-1, mr,
61 SECO_PT, SC_RM_PERM_NONE);
63 printf("remove permission failed for img %d, error %d\n",
72 static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image,
73 struct spl_load_info *info,
74 struct container_hdr *container,
78 struct boot_img_t *images;
82 if (image_index > container->num_images) {
83 debug("Invalid image number\n");
87 images = (struct boot_img_t *)((u8 *)container +
88 sizeof(struct container_hdr));
90 if (images[image_index].offset % info->bl_len) {
91 printf("%s: image%d offset not aligned to %u\n",
92 __func__, image_index, info->bl_len);
96 sectors = roundup(images[image_index].size, info->bl_len) /
98 sector = images[image_index].offset / info->bl_len +
101 debug("%s: container: %p sector: %lu sectors: %u\n", __func__,
102 container, sector, sectors);
103 if (info->read(info, sector, sectors,
104 (void *)images[image_index].entry) != sectors) {
105 printf("%s wrong\n", __func__);
109 #ifdef CONFIG_AHAB_BOOT
110 if (authenticate_image(&images[image_index], image_index)) {
111 printf("Failed to authenticate image %d\n", image_index);
116 return &images[image_index];
119 static int read_auth_container(struct spl_image_info *spl_image,
120 struct spl_load_info *info, ulong sector)
122 struct container_hdr *container = NULL;
125 int i, size, ret = 0;
127 size = roundup(CONTAINER_HDR_ALIGNMENT, info->bl_len);
128 sectors = size / info->bl_len;
131 * It will not override the ATF code, so safe to use it here,
134 container = (struct container_hdr *)spl_get_load_buffer(-size, size);
136 debug("%s: container: %p sector: %lu sectors: %u\n", __func__,
137 container, sector, sectors);
138 if (info->read(info, sector, sectors, container) != sectors)
141 if (container->tag != 0x87 && container->version != 0x0) {
142 printf("Wrong container header");
146 if (!container->num_images) {
147 printf("Wrong container, no image found");
151 length = container->length_lsb + (container->length_msb << 8);
152 debug("Container length %u\n", length);
154 if (length > CONTAINER_HDR_ALIGNMENT) {
155 size = roundup(length, info->bl_len);
156 sectors = size / info->bl_len;
158 container = (struct container_hdr *)spl_get_load_buffer(-size, size);
160 debug("%s: container: %p sector: %lu sectors: %u\n",
161 __func__, container, sector, sectors);
162 if (info->read(info, sector, sectors, container) !=
167 #ifdef CONFIG_AHAB_BOOT
168 memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container,
169 ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
171 ret = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER,
172 SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE);
174 printf("authenticate container hdr failed, return %d\n", ret);
179 for (i = 0; i < container->num_images; i++) {
180 struct boot_img_t *image = read_auth_image(spl_image, info,
190 spl_image->load_addr = image->dst;
191 spl_image->entry_point = image->entry;
196 #ifdef CONFIG_AHAB_BOOT
197 if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0))
198 printf("Error: release container failed!\n");
203 int spl_load_imx_container(struct spl_image_info *spl_image,
204 struct spl_load_info *info, ulong sector)
206 return read_auth_container(spl_image, info, sector);