summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--board/freescale/mx6q_arm2/flash_header.S2
-rw-r--r--board/freescale/mx6q_arm2/mx6q_arm2.c170
-rw-r--r--board/freescale/mx6sl_arm2/flash_header.S8
-rw-r--r--board/freescale/mx6sl_arm2/mx6sl_arm2.c9
-rw-r--r--board/freescale/mx6sl_arm2/u-boot.lds7
-rw-r--r--cpu/arm_cortexa8/mx6/generic.c177
-rw-r--r--include/configs/mx6dl_arm2.h2
-rw-r--r--include/configs/mx6sl_arm2.h2
8 files changed, 206 insertions, 171 deletions
diff --git a/board/freescale/mx6q_arm2/flash_header.S b/board/freescale/mx6q_arm2/flash_header.S
index b2e4167..ee67d52 100644
--- a/board/freescale/mx6q_arm2/flash_header.S
+++ b/board/freescale/mx6q_arm2/flash_header.S
@@ -52,7 +52,7 @@ self_ptr: .word ivt_header
#ifdef CONFIG_SECURE_BOOT
app_code_csf: .word __hab_data
#else
-app_code_csf: .word 0
+app_code_csf: .word 0x0
#endif
reserv2: .word 0x0
diff --git a/board/freescale/mx6q_arm2/mx6q_arm2.c b/board/freescale/mx6q_arm2/mx6q_arm2.c
index fa2b79c..1e0c8a1 100644
--- a/board/freescale/mx6q_arm2/mx6q_arm2.c
+++ b/board/freescale/mx6q_arm2/mx6q_arm2.c
@@ -1196,176 +1196,6 @@ int board_late_init(void)
return 0;
}
-#ifdef CONFIG_SECURE_BOOT
-/* -------- start of HAB API updates ------------*/
-#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT)
-#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS)
-#define hab_rvt_authenticate_image \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
-#define hab_rvt_entry ((hab_rvt_entry_t *) HAB_RVT_ENTRY)
-#define hab_rvt_exit ((hab_rvt_exit_t *) HAB_RVT_EXIT)
-#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
-
-/*
- * +------------+ 0x0 (0x10800000) -
- * | Header | |
- * +------------+ 0x40 |
- * | | |
- * | | |
- * | | |
- * | | |
- * | Image Data | |
- * . | |
- * . | > Stuff to be authenticated ------+
- * . | | |
- * | | | |
- * | | | |
- * +------------+ | |
- * | | | |
- * | Fill Data | | |
- * | | | |
- * +------------+ 0x003F_DFE0 | |
- * | IVT | | |
- * +------------+ 0x003F_E000 - |
- * | | |
- * | CSF DATA | <--------------------------------------------------------+
- * | |
- * +------------+
- * | |
- * | Fill Data |
- * | |
- * +------------+ 0x0040_0000
- */
-
-#define DDR_UIMAGE_START 0x10800000
-#define DDR_UIMAGE_LENGTH 0x400000
-#define DDR_IVT_OFFSET 0x3FDFE0
-#define DDR_UIMAGE_IVT_START (DDR_UIMAGE_START + DDR_IVT_OFFSET)
-
-#define OCOTP_CFG5_OFFSET 0x460
-
-int check_hab_enable(void)
-{
- u32 reg = 0;
- int result = 0;
-
- reg = readl(IMX_OTP_BASE + OCOTP_CFG5_OFFSET);
- if ((reg & 0x2) == 0x2)
- result = 1;
-
- return result;
-}
-
-void display_event(uint8_t *event_data, size_t bytes)
-{
- uint32_t i;
- if ((event_data) && (bytes > 0)) {
- for (i = 0; i < bytes; i++) {
- if (i == 0)
- printf("\t0x%02x", event_data[i]);
- else if ((i % 8) == 0)
- printf("\n\t0x%02x", event_data[i]);
- else
- printf(" 0x%02x", event_data[i]);
- }
- }
-}
-
-int get_hab_status(void)
-{
- uint32_t index = 0; /* Loop index */
- uint8_t event_data[128]; /* Event data buffer */
- size_t bytes = sizeof(event_data); /* Event size in bytes */
- hab_config_t config = 0;
- hab_state_t state = 0;
-
- /* Check HAB status */
- if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
- printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
- config, state);
-
- /* Display HAB Error events */
- while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
- &bytes) == HAB_SUCCESS) {
- printf("\n");
- printf("--------- HAB Event %d -----------------\n",
- index + 1);
- printf("event data:\n");
- display_event(event_data, bytes);
- printf("\n");
- bytes = sizeof(event_data);
- index++;
- }
- }
- /* Display message if no HAB events are found */
- else {
- printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
- config, state);
- printf("No HAB Events Found!\n\n");
- }
- return 0;
-}
-
-void hab_caam_clock_enable(void)
-{
- u32 reg = 0;
-
- reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */
- reg |= 0x3F00; /*CG4 ~ CG6, enable CAAM clocks*/
- writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0);
-}
-
-
-void hab_caam_clock_disable(void)
-{
- u32 reg = 0;
-
- reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */
- reg &= ~0x3F00; /*CG4 ~ CG6, disable CAAM clocks*/
- writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0);
-}
-
-uint32_t authenticate_image(ulong start)
-{
- uint32_t load_addr = 0;
- size_t bytes;
- ptrdiff_t ivt_offset = DDR_IVT_OFFSET;
- int result = 0;
-
- if (check_hab_enable() == 1) {
- printf("\nAuthenticate uImage from DDR location 0x%lx...\n",
- start);
-
- hab_caam_clock_enable();
-
- if (hab_rvt_entry() == HAB_SUCCESS) {
- start = DDR_UIMAGE_START;
- bytes = DDR_UIMAGE_LENGTH;
- load_addr = (uint32_t)hab_rvt_authenticate_image(
- HAB_CID_UBOOT,
- ivt_offset, (void **)&start,
- (size_t *)&bytes, NULL);
- if (hab_rvt_exit() != HAB_SUCCESS) {
- printf("hab exit function fail\n");
- load_addr = 0;
- }
- } else
- printf("hab entry function fail\n");
-
- hab_caam_clock_disable();
-
- get_hab_status();
- }
-
- if ((!check_hab_enable()) || (load_addr != 0))
- result = 1;
-
- return result;
-}
-/* ----------- end of HAB API updates ------------*/
-#endif
-
-
#ifdef CONFIG_MXC_FEC
static int phy_read(char *devname, unsigned char addr, unsigned char reg,
unsigned short *pdata)
diff --git a/board/freescale/mx6sl_arm2/flash_header.S b/board/freescale/mx6sl_arm2/flash_header.S
index 6519511..9421700 100644
--- a/board/freescale/mx6sl_arm2/flash_header.S
+++ b/board/freescale/mx6sl_arm2/flash_header.S
@@ -49,11 +49,19 @@ reserv1: .word 0x0
dcd_ptr: .word dcd_hdr
boot_data_ptr: .word boot_data
self_ptr: .word ivt_header
+#ifdef CONFIG_SECURE_BOOT
+app_code_csf: .word __hab_data
+#else
app_code_csf: .word 0x0
+#endif
reserv2: .word 0x0
boot_data: .word TEXT_BASE
+#ifdef CONFIG_SECURE_BOOT
+image_len: .word __hab_data_end - TEXT_BASE
+#else
image_len: .word _end_of_copy - TEXT_BASE + CONFIG_FLASH_HEADER_OFFSET
+#endif
plugin: .word 0x0
/* !!!! Need update Len field after adding ddr script !!!!!!!!!!!!!!!!!*/
diff --git a/board/freescale/mx6sl_arm2/mx6sl_arm2.c b/board/freescale/mx6sl_arm2/mx6sl_arm2.c
index 13428cb..5ccca45 100644
--- a/board/freescale/mx6sl_arm2/mx6sl_arm2.c
+++ b/board/freescale/mx6sl_arm2/mx6sl_arm2.c
@@ -25,6 +25,9 @@
#include <asm/arch/mx6.h>
#include <asm/arch/mx6_pins.h>
#include <asm/arch/mx6sl_pins.h>
+#if defined(CONFIG_SECURE_BOOT)
+#include <asm/arch/mx6_secure.h>
+#endif
#include <asm/arch/iomux-v3.h>
#include <asm/arch/regs-anadig.h>
#include <asm/errno.h>
@@ -1080,6 +1083,12 @@ int checkboard(void)
printf("UNKNOWN\n");
break;
}
+
+#ifdef CONFIG_SECURE_BOOT
+ if (check_hab_enable() == 1)
+ get_hab_status();
+#endif
+
return 0;
}
diff --git a/board/freescale/mx6sl_arm2/u-boot.lds b/board/freescale/mx6sl_arm2/u-boot.lds
index ae64f12..0bd13f6 100644
--- a/board/freescale/mx6sl_arm2/u-boot.lds
+++ b/board/freescale/mx6sl_arm2/u-boot.lds
@@ -66,6 +66,13 @@ SECTIONS
.u_boot_cmd : { *(.u_boot_cmd) }
__u_boot_cmd_end = .;
+ /* Original Size is 0x27..., enlarge to 0x2F000 */
+ . = TEXT_BASE + 0x2F000;
+ __hab_data = .;
+ . = . + 0x2000;
+ __hab_data_end = .;
+ /* End of Hab Data, Place it before BSS section */
+
. = ALIGN(4);
_end_of_copy = .; /* end_of ROM copy code here */
__bss_start = .;
diff --git a/cpu/arm_cortexa8/mx6/generic.c b/cpu/arm_cortexa8/mx6/generic.c
index a762498..c844594 100644
--- a/cpu/arm_cortexa8/mx6/generic.c
+++ b/cpu/arm_cortexa8/mx6/generic.c
@@ -47,6 +47,10 @@
#include <usb/regs-usbphy-mx6.h>
+#if defined(CONFIG_SECURE_BOOT)
+#include <asm/arch/mx6_secure.h>
+#endif
+
enum pll_clocks {
CPU_PLL1, /* System PLL */
BUS_PLL2, /* System Bus PLL*/
@@ -1208,6 +1212,179 @@ U_BOOT_CMD(
"");
#endif
+#ifdef CONFIG_SECURE_BOOT
+/* -------- start of HAB API updates ------------*/
+#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT)
+#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS)
+#define hab_rvt_authenticate_image \
+ ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
+#define hab_rvt_entry ((hab_rvt_entry_t *) HAB_RVT_ENTRY)
+#define hab_rvt_exit ((hab_rvt_exit_t *) HAB_RVT_EXIT)
+#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
+
+/*
+ * +------------+ 0x0 (DDR_UIMAGE_START) -
+ * | Header | |
+ * +------------+ 0x40 |
+ * | | |
+ * | | |
+ * | | |
+ * | | |
+ * | Image Data | |
+ * . | |
+ * . | > Stuff to be authenticated ----+
+ * . | | |
+ * | | | |
+ * | | | |
+ * +------------+ | |
+ * | | | |
+ * | Fill Data | | |
+ * | | | |
+ * +------------+ 0x003F_DFE0 | |
+ * | IVT | | |
+ * +------------+ 0x003F_E000 - |
+ * | | |
+ * | CSF DATA | <---------------------------------------------------------+
+ * | |
+ * +------------+
+ * | |
+ * | Fill Data |
+ * | |
+ * +------------+ 0x0040_0000
+ */
+
+#ifndef CONFIG_MX6SL
+#define DDR_UIMAGE_START 0x10800000
+#else
+#define DDR_UIMAGE_START 0x80800000
+#endif
+
+#define DDR_UIMAGE_LENGTH 0x400000
+#define DDR_IVT_OFFSET 0x3FDFE0
+#define OCOTP_CFG5_OFFSET 0x460
+
+int check_hab_enable(void)
+{
+ u32 reg = 0;
+ int result = 0;
+
+ reg = readl(IMX_OTP_BASE + OCOTP_CFG5_OFFSET);
+ if ((reg & 0x2) == 0x2)
+ result = 1;
+
+ return result;
+}
+
+void display_event(uint8_t *event_data, size_t bytes)
+{
+ uint32_t i;
+ if ((event_data) && (bytes > 0)) {
+ for (i = 0; i < bytes; i++) {
+ if (i == 0)
+ printf("\t0x%02x", event_data[i]);
+ else if ((i % 8) == 0)
+ printf("\n\t0x%02x", event_data[i]);
+ else
+ printf(" 0x%02x", event_data[i]);
+ }
+ }
+}
+
+int get_hab_status(void)
+{
+ uint32_t index = 0; /* Loop index */
+ uint8_t event_data[128]; /* Event data buffer */
+ size_t bytes = sizeof(event_data); /* Event size in bytes */
+ hab_config_t config = 0;
+ hab_state_t state = 0;
+
+ /* Check HAB status */
+ if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
+ printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+ config, state);
+
+ /* Display HAB Error events */
+ while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
+ &bytes) == HAB_SUCCESS) {
+ printf("\n");
+ printf("--------- HAB Event %d -----------------\n",
+ index + 1);
+ printf("event data:\n");
+ display_event(event_data, bytes);
+ printf("\n");
+ bytes = sizeof(event_data);
+ index++;
+ }
+ }
+ /* Display message if no HAB events are found */
+ else {
+ printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
+ config, state);
+ printf("No HAB Events Found!\n\n");
+ }
+ return 0;
+}
+
+void hab_caam_clock_enable(void)
+{
+ u32 reg = 0;
+
+ reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */
+ reg |= 0x3F00; /*CG4 ~ CG6, enable CAAM clocks*/
+ writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0);
+}
+
+
+void hab_caam_clock_disable(void)
+{
+ u32 reg = 0;
+
+ reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */
+ reg &= ~0x3F00; /*CG4 ~ CG6, disable CAAM clocks*/
+ writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0);
+}
+
+uint32_t authenticate_image(void)
+{
+ uint32_t load_addr = 0;
+ size_t bytes;
+ ptrdiff_t ivt_offset = DDR_IVT_OFFSET;
+ int result = 0;
+ ulong start;
+
+ if (check_hab_enable() == 1) {
+ printf("\nAuthenticate uImage from DDR location 0x%lx...\n",
+ DDR_UIMAGE_START);
+
+ hab_caam_clock_enable();
+
+ if (hab_rvt_entry() == HAB_SUCCESS) {
+ start = DDR_UIMAGE_START;
+ bytes = DDR_UIMAGE_LENGTH;
+ load_addr = (uint32_t)hab_rvt_authenticate_image(
+ HAB_CID_UBOOT,
+ ivt_offset, (void **)&start,
+ (size_t *)&bytes, NULL);
+ if (hab_rvt_exit() != HAB_SUCCESS) {
+ printf("hab exit function fail\n");
+ load_addr = 0;
+ }
+ } else
+ printf("hab entry function fail\n");
+
+ hab_caam_clock_disable();
+
+ get_hab_status();
+ }
+
+ if ((!check_hab_enable()) || (load_addr != 0))
+ result = 1;
+
+ return result;
+}
+/* ----------- end of HAB API updates ------------*/
+#endif
+
#ifdef CONFIG_ANDROID_RECOVERY
struct reco_envs supported_reco_envs[BOOT_DEV_NUM] = {
diff --git a/include/configs/mx6dl_arm2.h b/include/configs/mx6dl_arm2.h
index 15abcab..9b10aaa 100644
--- a/include/configs/mx6dl_arm2.h
+++ b/include/configs/mx6dl_arm2.h
@@ -35,6 +35,8 @@
#define CONFIG_FLASH_HEADER_OFFSET 0x400
#define CONFIG_MX6_CLK32 32768
+#define CONFIG_SECURE_BOOT
+
#define CONFIG_SKIP_RELOCATE_UBOOT
#define CONFIG_ARCH_CPU_INIT
diff --git a/include/configs/mx6sl_arm2.h b/include/configs/mx6sl_arm2.h
index a7117c4..ae23783 100644
--- a/include/configs/mx6sl_arm2.h
+++ b/include/configs/mx6sl_arm2.h
@@ -31,6 +31,8 @@
#define CONFIG_FLASH_HEADER_OFFSET 0x400
#define CONFIG_MX6_CLK32 32768
+#define CONFIG_SECURE_BOOT
+
#include <asm/arch/mx6.h>
#define CONFIG_SKIP_RELOCATE_UBOOT