summaryrefslogtreecommitdiff
path: root/arch/arm/include/asm/omap_sec_common.h
AgeCommit message (Collapse)Author
2016-12-03arm: omap5: Add TEE loading supportHarinarayan Bhatta
secure_tee_install is used to install and initialize a secure TEE OS such as Linaro OP-TEE into the secure world. This function takes in the address where the signed TEE image is loaded as an argument. The signed TEE image consists of a header (struct tee_header), TEE code+data followed by the signature generated using image signing tool from TI security development package (SECDEV). Refer to README.ti-secure for more information. This function uses 2 new secure APIs. 1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected memory for TEE must be reserved before calling this function. This API needs arguments filled into struct ppa_tee_load_info. The TEE image is authenticated and if there are no errors, the control passes to the TEE entry point. 2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was successfully loaded (on core 0) and transfers control to the same TEE entry point. The code at TEE entry point is expected perform OS initialization steps and return back to non-secure world (U-Boot). Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-10-02arm: omap5: secure API for EMIF memory reservationsDaniel Allred
Create a few public APIs which rely on secure world ROM/HAL APIs for their implementation. These are intended to be used to reserve a portion of the EMIF memory and configure hardware firewalls around that region to prevent public code from manipulating or interfering with that memory. Signed-off-by: Daniel Allred <d-allred@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14arm: omap-common: secure ROM signature verify APIAndreas Dannenberg
Adds an API that verifies a signature attached to an image (binary blob). This API is basically a entry to a secure ROM service provided by the device and accessed via an SMC call, using a particular calling convention. Signed-off-by: Daniel Allred <d-allred@ti.com> Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14arm: omap-common: add secure rom call API for secure devicesAndreas Dannenberg
Adds a generic C-callable API for making secure ROM calls on OMAP and OMAP-compatible devices. This API provides the important function of flushing the ROM call arguments to memory from the cache, so that the secure world will have a coherent view of those arguments. Then is simply calls the omap_smc_sec routine. Signed-off-by: Daniel Allred <d-allred@ti.com> Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>