summaryrefslogtreecommitdiff
path: root/arch/arm/mach-omap2/sec-common.c
AgeCommit message (Collapse)Author
2018-01-28arm: mach-omap2: Pass args to secure ROM in SRAM in SPLAndrew F. Davis
When in early SPL we make some secure ROM calls that can effect DRAM, due to this it is more stable to store the args for these calls in SRAM, but uninitialized and zero'd globals are placed in BSS, located in DRAM. Force our args into the data section which is in SRAM during SPL. Signed-off-by: Andrew F. Davis <afd@ti.com>
2018-01-19arm: mach-omap2: Remove secure certificate name printingAndrew F. Davis
The signing certificate name is always 15 chars long, but need not be null terminated. One solution is then to use printf precision modifiers to only print this many chars ("%.15s"), but tiny printf does not support this, so lets just drop printing the cert name for now. Signed-off-by: Andrew F. Davis <afd@ti.com>
2018-01-19arm: am33xx: security: Fix size calculation on headerMadan Srinivas
Fix the size calculation in the verify boot. The header size should be subtracted from the image size, not be assigned to the image size. Fixes: 0830d72bb9f8 ("arm: am33xx: security: adds auth support for encrypted images") Signed-off-by: Madan Srinivas <madans@ti.com> Signed-off-by: Dan Murphy <dmurphy@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2017-09-29arm: am33xx: security: adds auth support for encrypted imagesMadan Srinivas
This patch adds support for authentication of both plain text and encrypted binaries. A new SECDEV package is needed to enable encryption of binaries by default for AM3x. The ROM authentication API detects encrypted images at runtime and automatically decrypts the image if the signature verification passes. Addition of encryption on AM3x results in a change in the image format. On AM4x, AM5x and, on AM3x devices signing clear test images, the signature is appended to the end of the binary. On AM3x, when the SECDEV package is used to create signed and encrypted images, the signature is added as a header to the start of the binary. So the binary size calculation has been updated to reflect this change. The signing tools and encrypted image format for AM3x cannot be changed to behave like AM4x and AM5x to maintain backward compatibility with older Sitara M-Shield releases. Signed-off-by: Madan Srinivas <madans@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com>
2017-09-15arm: mach-omap2: Relax checks on OP-TEE location to allow pageable imageHarinarayan Bhatta
When the OP-TEE image is built for secure paging the load address may be in SRAM, remove checks that prevent this. Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2017-07-31arm: mach-omap2: Align image address before cache operationsAndrew F. Davis
The image address passed to secure_boot_verify_image() may not be cacheline aligned, round the address down to the nearest cacheline. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2017-07-22arm: mach-omap2: Factor out common FDT fixup suportAndrew F. Davis
Some of the fixups currently done for OMAP5 class boards are common to other OMAP family devices, move these to fdt-common.c. Signed-off-by: Andrew F. Davis <afd@ti.com>
2017-07-22arm: mach-omap2: Move omap5/sec-fxns.c into sec-common.cAndrew F. Davis
TEE loading and firewall setup are common to all omap2 devices, move these function out of omap5 and into mach-omap2. This allows us to use these functions from other omap class devices. Signed-off-by: Andrew F. Davis <afd@ti.com>
2017-04-18arm: omap-common: add missing va_end()xypron.glpk@gmx.de
Each call of va_start must be matched by a call of va_end. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Tom Rini <trini@konsulko.com>
2017-02-27arm: mach-omap2: Flush cache after FIT post-processing imageAndrew F. Davis
After we authenticate/decrypt an image we need to flush the caches as they may still contain bits of the encrypted image. This will cause failures if we attempt to jump to this image. Reported-by: Yogesh Siraswar<yogeshs@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2017-01-14arm: omap-common: add secure ROM signature verify index for AM33xxAndrew F. Davis
On AM33xx devices the secure ROM uses a different call index for signature verification, the function and arguments are the same. Signed-off-by: Andrew F. Davis <afd@ti.com>
2016-11-21arm: Introduce arch/arm/mach-omap2 for OMAP2 derivative platformsTom Rini
This moves what was in arch/arm/cpu/armv7/omap-common in to arch/arm/mach-omap2 and moves arch/arm/cpu/armv7/{am33xx,omap3,omap4,omap5} in to arch/arm/mach-omap2 as subdirectories. All refernces to the former locations are updated to the current locations. For the logic to decide what our outputs are, consolidate the tests into a single config.mk rather than including 4. Signed-off-by: Tom Rini <trini@konsulko.com>