diff options
| author | Dan Douglass <dan.douglass@freescale.com> | 2012-11-12 10:01:31 -0600 |
|---|---|---|
| committer | Dan Douglass <dan.douglass@freescale.com> | 2012-11-12 13:43:06 -0600 |
| commit | ad21cbe117b2f275322be978f3d1a902b49412af (patch) | |
| tree | e039b6ea09dc6a11390d6f35d3f9f3eac3cbe2e5 /cpu | |
| parent | 552907b7a21ba7712f4c72da8a49c717486a22bd (diff) | |
| download | u-boot-imx-ad21cbe117b2f275322be978f3d1a902b49412af.zip u-boot-imx-ad21cbe117b2f275322be978f3d1a902b49412af.tar.gz u-boot-imx-ad21cbe117b2f275322be978f3d1a902b49412af.tar.bz2 | |
ENGR00233307 Need secure/encrypted boot for Widevine support.
* Adding the config option CONFIG_SECURE_BOOT to the SabreSD board,
but defaulting it to be disabled. Removed the CONFIG_SECURE_BOOT
key from mx6q_arm2_android.h so that it is only in one file,
include/configs/mx6q_arm2.h
* Fixed up an address alignment check in authenticate_image(). The
test would fail in the event the address is already aligned.
Also, added some debug code which can be enabled to assist in
testing secure images.
* Added support for authenticating an image when using booti.
* Adding support for secure boot to the Sabre SD board.
* Added support for encrypted boot to mx6q arm2 board linker script.
Signed-off-by: Dan Douglass <dan.douglass@freescale.com>
Diffstat (limited to 'cpu')
| -rw-r--r-- | cpu/arm_cortexa8/mx6/generic.c | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/cpu/arm_cortexa8/mx6/generic.c b/cpu/arm_cortexa8/mx6/generic.c index 191ab5e..72e7255 100644 --- a/cpu/arm_cortexa8/mx6/generic.c +++ b/cpu/arm_cortexa8/mx6/generic.c @@ -1361,6 +1361,29 @@ void hab_caam_clock_disable(void) writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0); } +#ifdef DEBUG_AUTHENTICATE_IMAGE +void dump_mem(uint32_t addr, int size) +{ + int i; + + for (i = 0; i < size; i += 4) { + if (i != 0) { + if (i % 16 == 0) + printf("\n"); + else + printf(" "); + } + + printf("0x%08x", *(uint32_t *)addr); + addr += 4; + } + + printf("\n"); + + return; +} +#endif + uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; @@ -1376,13 +1399,33 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(); if (hab_rvt_entry() == HAB_SUCCESS) { - /*Align to ALIGN_SIZE*/ - ivt_offset = image_size - image_size % ALIGN_SIZE - + ALIGN_SIZE; + + /* If not already aligned, Align to ALIGN_SIZE */ + if (image_size % ALIGN_SIZE) + ivt_offset = image_size - image_size % + ALIGN_SIZE + ALIGN_SIZE; + else + ivt_offset = image_size; start = ddr_start; bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; +#ifdef DEBUG_AUTHENTICATE_IMAGE + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + printf("Dumping IVT\n"); + dump_mem(ddr_start + ivt_offset, 0x20); + + printf("Dumping CSF Header\n"); + dump_mem(ddr_start + ivt_offset + 0x20, 0x40); + + get_hab_status(); + + printf("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n\tstart = 0x%08x" + "\n\tbytes = 0x%x\n", ivt_offset, start, bytes); +#endif + load_addr = (uint32_t)hab_rvt_authenticate_image( HAB_CID_UBOOT, ivt_offset, (void **)&start, |