summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--arch/arm/include/asm/mach-imx/hab.h3
-rw-r--r--arch/arm/mach-imx/hab.c73
-rw-r--r--arch/arm/mach-imx/spl.c35
3 files changed, 57 insertions, 54 deletions
diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 91dda4269e..b2a80319eb 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -148,6 +148,7 @@ typedef void hapi_clock_init_t(void);
/* ----------- end of HAB API updates ------------*/
-int authenticate_image(uint32_t ddr_start, uint32_t image_size);
+int authenticate_image(uint32_t ddr_start, uint32_t image_size,
+ uint32_t ivt_offset);
#endif
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 039a017314..2a40d065dd 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -78,37 +78,6 @@
(is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \
(is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
-/*
- * +------------+ 0x0 (DDR_UIMAGE_START) -
- * | Header | |
- * +------------+ 0x40 |
- * | | |
- * | | |
- * | | |
- * | | |
- * | Image Data | |
- * . | |
- * . | > Stuff to be authenticated ----+
- * . | | |
- * | | | |
- * | | | |
- * +------------+ | |
- * | | | |
- * | Fill Data | | |
- * | | | |
- * +------------+ Align to ALIGN_SIZE | |
- * | IVT | | |
- * +------------+ + IVT_SIZE - |
- * | | |
- * | CSF DATA | <---------------------------------------------------------+
- * | |
- * +------------+
- * | |
- * | Fill Data |
- * | |
- * +------------+ + CSF_PAD_SIZE
- */
-
static bool is_hab_enabled(void);
#if !defined(CONFIG_SPL_BUILD)
@@ -361,20 +330,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
- ulong addr, ivt_offset;
+ ulong addr, length, ivt_offset;
int rcode = 0;
- if (argc < 3)
+ if (argc < 4)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
- ivt_offset = simple_strtoul(argv[2], NULL, 16);
+ length = simple_strtoul(argv[2], NULL, 16);
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
- rcode = authenticate_image(addr, ivt_offset);
+ rcode = authenticate_image(addr, length, ivt_offset);
if (rcode == 0)
rcode = CMD_RET_SUCCESS;
else
rcode = CMD_RET_FAILURE;
+
return rcode;
}
@@ -385,10 +356,11 @@ U_BOOT_CMD(
);
U_BOOT_CMD(
- hab_auth_img, 3, 0, do_authenticate_image,
+ hab_auth_img, 4, 0, do_authenticate_image,
"authenticate image via HAB",
- "addr ivt_offset\n"
+ "addr length ivt_offset\n"
"addr - image hex address\n"
+ "length - image hex length\n"
"ivt_offset - hex offset of IVT in the image"
);
@@ -411,11 +383,12 @@ static bool is_hab_enabled(void)
return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
}
-int authenticate_image(uint32_t ddr_start, uint32_t image_size)
+int authenticate_image(uint32_t ddr_start, uint32_t image_size,
+ uint32_t ivt_offset)
{
uint32_t load_addr = 0;
size_t bytes;
- ptrdiff_t ivt_offset = 0;
+ uint32_t ivt_addr = 0;
int result = 1;
ulong start;
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
@@ -441,24 +414,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
goto hab_caam_clock_disable;
}
- /* If not already aligned, Align to ALIGN_SIZE */
- ivt_offset = (image_size + ALIGN_SIZE - 1) &
- ~(ALIGN_SIZE - 1);
-
+ /* Calculate IVT address header */
+ ivt_addr = ddr_start + ivt_offset;
start = ddr_start;
- bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
+ bytes = image_size;
#ifdef DEBUG
- printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
- ivt_offset, ddr_start + ivt_offset);
+ printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
puts("Dumping IVT\n");
- print_buffer(ddr_start + ivt_offset,
- (void *)(ddr_start + ivt_offset),
- 4, 0x8, 0);
+ print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
puts("Dumping CSF Header\n");
- print_buffer(ddr_start + ivt_offset + IVT_SIZE,
- (void *)(ddr_start + ivt_offset + IVT_SIZE),
- 4, 0x10, 0);
+ print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4,
+ 0x10, 0);
#if !defined(CONFIG_SPL_BUILD)
get_hab_status();
@@ -468,6 +435,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
printf("\tivt_offset = 0x%x\n", ivt_offset);
printf("\tstart = 0x%08lx\n", start);
printf("\tbytes = 0x%x\n", bytes);
+#else
+ (void)ivt_addr;
#endif
/*
* If the MMU is enabled, we have to notify the ROM
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 31b4b0fcfc..141579dbad 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -155,9 +155,41 @@ u32 spl_boot_mode(const u32 boot_device)
#if defined(CONFIG_SECURE_BOOT)
+/*
+ * +------------+ 0x0 (DDR_UIMAGE_START) -
+ * | Header | |
+ * +------------+ 0x40 |
+ * | | |
+ * | | |
+ * | | |
+ * | | |
+ * | Image Data | |
+ * . | |
+ * . | > Stuff to be authenticated ----+
+ * . | | |
+ * | | | |
+ * | | | |
+ * +------------+ | |
+ * | | | |
+ * | Fill Data | | |
+ * | | | |
+ * +------------+ Align to ALIGN_SIZE | |
+ * | IVT | | |
+ * +------------+ + IVT_SIZE - |
+ * | | |
+ * | CSF DATA | <---------------------------------------------------------+
+ * | |
+ * +------------+
+ * | |
+ * | Fill Data |
+ * | |
+ * +------------+ + CSF_PAD_SIZE
+ */
+
__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
{
typedef void __noreturn (*image_entry_noargs_t)(void);
+ uint32_t offset;
image_entry_noargs_t image_entry =
(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
@@ -166,8 +198,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
/* HAB looks for the CSF at the end of the authenticated data therefore,
* we need to subtract the size of the CSF from the actual filesize */
+ offset = spl_image->size - CONFIG_CSF_SIZE;
if (!authenticate_image(spl_image->load_addr,
- spl_image->size - CONFIG_CSF_SIZE)) {
+ offset + IVT_SIZE + CSF_PAD_SIZE, offset)) {
image_entry();
} else {
puts("spl: ERROR: image authentication unsuccessful\n");