+// SPDX-License-Identifier: GPL-2.0+
/*
*
* Common security related functions for OMAP devices
* Andreas Dannenberg <dannenberg@ti.com>
* Harinarayan Bhatta <harinarayan@ti.com>
* Andrew F. Davis <afd@ti.com>
- *
- * SPDX-License-Identifier: GPL-2.0+
*/
#include <common.h>
+#include <command.h>
+#include <cpu_func.h>
+#include <hang.h>
+#include <init.h>
+#include <log.h>
#include <stdarg.h>
#include <asm/arch/sys_proto.h>
#define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26)
#define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27)
+/* Offset of header size if image is signed as ISW */
+#define HEADER_SIZE_OFFSET (0x6D)
+
int tee_loaded = 0;
/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
u32 tee_arg0; /* argument to TEE jump function, in r0 */
};
-static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
+static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN) __section(".data");
u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
{
/* Perform cache writeback on input buffer */
flush_dcache_range(
- (u32)*image,
- (u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
+ rounddown((u32)*image, ARCH_DMA_MINALIGN),
+ roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
cert_addr = (uint32_t)*image;
sig_addr = find_sig_start((char *)*image, *size);
}
*size = sig_addr - cert_addr; /* Subtract out the signature size */
+ /* Subtract header if present */
+ if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0)
+ *size -= ((u32 *)*image)[HEADER_SIZE_OFFSET];
cert_size = *size;
/* Check if image load address is 32-bit aligned */
/* Perform cache writeback on output buffer */
flush_dcache_range(
- (u32)*image,
- (u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
+ rounddown((u32)*image, ARCH_DMA_MINALIGN),
+ roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
auth_exit:
if (result != 0) {
}
/*
- * Output notification of successful authentication as well the name of
- * the signing certificate used to re-assure the user that the secure
- * code is being processed as expected. However suppress any such log
- * output in case of building for SPL and booting via YMODEM. This is
- * done to avoid disturbing the YMODEM serial protocol transactions.
+ * Output notification of successful authentication to re-assure the
+ * user that the secure code is being processed as expected. However
+ * suppress any such log output in case of building for SPL and booting
+ * via YMODEM. This is done to avoid disturbing the YMODEM serial
+ * protocol transactions.
*/
if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
spl_boot_device() == BOOT_DEVICE_UART))
- printf("Authentication passed: %s\n", (char *)sig_addr);
+ printf("Authentication passed\n");
return result;
}
if ((hdr->magic != OPTEE_MAGIC) ||
(hdr->version != OPTEE_VERSION) ||
- (hdr->init_load_addr_hi != 0) ||
- (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) ||
- (tee_file_size > size) ||
- ((hdr->init_load_addr_lo + tee_file_size - 1) >
- (sec_mem_start + size - 1))) {
- printf("Error in TEE header. Check load address and sizes\n");
+ (tee_file_size > size)) {
+ printf("Error in TEE header. Check firewall and TEE sizes\n");
unmap_sysmem(hdr);
return CMD_RET_FAILURE;
}
debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
debug("tee_file_size = %d\n", tee_file_size);
-#if !defined(CONFIG_SYS_DCACHE_OFF)
+#if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF)
flush_dcache_range(
rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
/* Reuse the tee_info buffer for SMC params */
smc_cpu1_params = (u32 *)&tee_info;
smc_cpu1_params[0] = 0;
-#if !defined(CONFIG_SYS_DCACHE_OFF)
+#if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF)
flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
roundup(sizeof(u32), ARCH_DMA_MINALIGN));
#endif