| Age | Commit message (Collapse) | Author |
|---|
|
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Some of the fixups currently done for OMAP5 class boards are common to
other OMAP family devices, move these to fdt-common.c.
Signed-off-by: Andrew F. Davis <afd@ti.com>
|
|
secure_tee_install is used to install and initialize a secure TEE OS such as
Linaro OP-TEE into the secure world. This function takes in the address
where the signed TEE image is loaded as an argument. The signed TEE image
consists of a header (struct tee_header), TEE code+data followed by the
signature generated using image signing tool from TI security development
package (SECDEV). Refer to README.ti-secure for more information.
This function uses 2 new secure APIs.
1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
memory for TEE must be reserved before calling this function. This API
needs arguments filled into struct ppa_tee_load_info. The TEE image is
authenticated and if there are no errors, the control passes to the TEE
entry point.
2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
successfully loaded (on core 0) and transfers control to the same TEE
entry point.
The code at TEE entry point is expected perform OS initialization steps
and return back to non-secure world (U-Boot).
Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Create a few public APIs which rely on secure world ROM/HAL
APIs for their implementation. These are intended to be used
to reserve a portion of the EMIF memory and configure hardware
firewalls around that region to prevent public code from
manipulating or interfering with that memory.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Adds an API that verifies a signature attached to an image (binary
blob). This API is basically a entry to a secure ROM service provided by
the device and accessed via an SMC call, using a particular calling
convention.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Adds a generic C-callable API for making secure ROM calls on OMAP and
OMAP-compatible devices. This API provides the important function of
flushing the ROM call arguments to memory from the cache, so that the
secure world will have a coherent view of those arguments. Then is
simply calls the omap_smc_sec routine.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
