xref: /openbmc/u-boot/arch/arm/mach-imx/hab.c (revision db4a2999)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
4  */
5 
6 #include <common.h>
7 #include <config.h>
8 #include <fuse.h>
9 #include <mapmem.h>
10 #include <image.h>
11 #include <asm/io.h>
12 #include <asm/system.h>
13 #include <asm/arch/clock.h>
14 #include <asm/arch/sys_proto.h>
15 #include <asm/mach-imx/hab.h>
16 
17 #define ALIGN_SIZE		0x1000
18 #define MX6DQ_PU_IROM_MMU_EN_VAR	0x009024a8
19 #define MX6DLS_PU_IROM_MMU_EN_VAR	0x00901dd0
20 #define MX6SL_PU_IROM_MMU_EN_VAR	0x00900a18
21 #define IS_HAB_ENABLED_BIT \
22 	(is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 :	\
23 	 (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
24 
ivt_header_error(const char * err_str,struct ivt_header * ivt_hdr)25 static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
26 {
27 	printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
28 	       ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
29 
30 	return 1;
31 }
32 
verify_ivt_header(struct ivt_header * ivt_hdr)33 static int verify_ivt_header(struct ivt_header *ivt_hdr)
34 {
35 	int result = 0;
36 
37 	if (ivt_hdr->magic != IVT_HEADER_MAGIC)
38 		result = ivt_header_error("bad magic", ivt_hdr);
39 
40 	if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
41 		result = ivt_header_error("bad length", ivt_hdr);
42 
43 	if (ivt_hdr->version != IVT_HEADER_V1 &&
44 	    ivt_hdr->version != IVT_HEADER_V2)
45 		result = ivt_header_error("bad version", ivt_hdr);
46 
47 	return result;
48 }
49 
50 #if !defined(CONFIG_SPL_BUILD)
51 
52 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
53 
54 struct record {
55 	uint8_t  tag;						/* Tag */
56 	uint8_t  len[2];					/* Length */
57 	uint8_t  par;						/* Version */
58 	uint8_t  contents[MAX_RECORD_BYTES];/* Record Data */
59 	bool	 any_rec_flag;
60 };
61 
62 static char *rsn_str[] = {
63 			  "RSN = HAB_RSN_ANY (0x00)\n",
64 			  "RSN = HAB_ENG_FAIL (0x30)\n",
65 			  "RSN = HAB_INV_ADDRESS (0x22)\n",
66 			  "RSN = HAB_INV_ASSERTION (0x0C)\n",
67 			  "RSN = HAB_INV_CALL (0x28)\n",
68 			  "RSN = HAB_INV_CERTIFICATE (0x21)\n",
69 			  "RSN = HAB_INV_COMMAND (0x06)\n",
70 			  "RSN = HAB_INV_CSF (0x11)\n",
71 			  "RSN = HAB_INV_DCD (0x27)\n",
72 			  "RSN = HAB_INV_INDEX (0x0F)\n",
73 			  "RSN = HAB_INV_IVT (0x05)\n",
74 			  "RSN = HAB_INV_KEY (0x1D)\n",
75 			  "RSN = HAB_INV_RETURN (0x1E)\n",
76 			  "RSN = HAB_INV_SIGNATURE (0x18)\n",
77 			  "RSN = HAB_INV_SIZE (0x17)\n",
78 			  "RSN = HAB_MEM_FAIL (0x2E)\n",
79 			  "RSN = HAB_OVR_COUNT (0x2B)\n",
80 			  "RSN = HAB_OVR_STORAGE (0x2D)\n",
81 			  "RSN = HAB_UNS_ALGORITHM (0x12)\n",
82 			  "RSN = HAB_UNS_COMMAND (0x03)\n",
83 			  "RSN = HAB_UNS_ENGINE (0x0A)\n",
84 			  "RSN = HAB_UNS_ITEM (0x24)\n",
85 			  "RSN = HAB_UNS_KEY (0x1B)\n",
86 			  "RSN = HAB_UNS_PROTOCOL (0x14)\n",
87 			  "RSN = HAB_UNS_STATE (0x09)\n",
88 			  "RSN = INVALID\n",
89 			  NULL
90 };
91 
92 static char *sts_str[] = {
93 			  "STS = HAB_SUCCESS (0xF0)\n",
94 			  "STS = HAB_FAILURE (0x33)\n",
95 			  "STS = HAB_WARNING (0x69)\n",
96 			  "STS = INVALID\n",
97 			  NULL
98 };
99 
100 static char *eng_str[] = {
101 			  "ENG = HAB_ENG_ANY (0x00)\n",
102 			  "ENG = HAB_ENG_SCC (0x03)\n",
103 			  "ENG = HAB_ENG_RTIC (0x05)\n",
104 			  "ENG = HAB_ENG_SAHARA (0x06)\n",
105 			  "ENG = HAB_ENG_CSU (0x0A)\n",
106 			  "ENG = HAB_ENG_SRTC (0x0C)\n",
107 			  "ENG = HAB_ENG_DCP (0x1B)\n",
108 			  "ENG = HAB_ENG_CAAM (0x1D)\n",
109 			  "ENG = HAB_ENG_SNVS (0x1E)\n",
110 			  "ENG = HAB_ENG_OCOTP (0x21)\n",
111 			  "ENG = HAB_ENG_DTCP (0x22)\n",
112 			  "ENG = HAB_ENG_ROM (0x36)\n",
113 			  "ENG = HAB_ENG_HDCP (0x24)\n",
114 			  "ENG = HAB_ENG_RTL (0x77)\n",
115 			  "ENG = HAB_ENG_SW (0xFF)\n",
116 			  "ENG = INVALID\n",
117 			  NULL
118 };
119 
120 static char *ctx_str[] = {
121 			  "CTX = HAB_CTX_ANY(0x00)\n",
122 			  "CTX = HAB_CTX_FAB (0xFF)\n",
123 			  "CTX = HAB_CTX_ENTRY (0xE1)\n",
124 			  "CTX = HAB_CTX_TARGET (0x33)\n",
125 			  "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
126 			  "CTX = HAB_CTX_DCD (0xDD)\n",
127 			  "CTX = HAB_CTX_CSF (0xCF)\n",
128 			  "CTX = HAB_CTX_COMMAND (0xC0)\n",
129 			  "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
130 			  "CTX = HAB_CTX_ASSERT (0xA0)\n",
131 			  "CTX = HAB_CTX_EXIT (0xEE)\n",
132 			  "CTX = INVALID\n",
133 			  NULL
134 };
135 
136 static uint8_t hab_statuses[5] = {
137 	HAB_STS_ANY,
138 	HAB_FAILURE,
139 	HAB_WARNING,
140 	HAB_SUCCESS,
141 	-1
142 };
143 
144 static uint8_t hab_reasons[26] = {
145 	HAB_RSN_ANY,
146 	HAB_ENG_FAIL,
147 	HAB_INV_ADDRESS,
148 	HAB_INV_ASSERTION,
149 	HAB_INV_CALL,
150 	HAB_INV_CERTIFICATE,
151 	HAB_INV_COMMAND,
152 	HAB_INV_CSF,
153 	HAB_INV_DCD,
154 	HAB_INV_INDEX,
155 	HAB_INV_IVT,
156 	HAB_INV_KEY,
157 	HAB_INV_RETURN,
158 	HAB_INV_SIGNATURE,
159 	HAB_INV_SIZE,
160 	HAB_MEM_FAIL,
161 	HAB_OVR_COUNT,
162 	HAB_OVR_STORAGE,
163 	HAB_UNS_ALGORITHM,
164 	HAB_UNS_COMMAND,
165 	HAB_UNS_ENGINE,
166 	HAB_UNS_ITEM,
167 	HAB_UNS_KEY,
168 	HAB_UNS_PROTOCOL,
169 	HAB_UNS_STATE,
170 	-1
171 };
172 
173 static uint8_t hab_contexts[12] = {
174 	HAB_CTX_ANY,
175 	HAB_CTX_FAB,
176 	HAB_CTX_ENTRY,
177 	HAB_CTX_TARGET,
178 	HAB_CTX_AUTHENTICATE,
179 	HAB_CTX_DCD,
180 	HAB_CTX_CSF,
181 	HAB_CTX_COMMAND,
182 	HAB_CTX_AUT_DAT,
183 	HAB_CTX_ASSERT,
184 	HAB_CTX_EXIT,
185 	-1
186 };
187 
188 static uint8_t hab_engines[16] = {
189 	HAB_ENG_ANY,
190 	HAB_ENG_SCC,
191 	HAB_ENG_RTIC,
192 	HAB_ENG_SAHARA,
193 	HAB_ENG_CSU,
194 	HAB_ENG_SRTC,
195 	HAB_ENG_DCP,
196 	HAB_ENG_CAAM,
197 	HAB_ENG_SNVS,
198 	HAB_ENG_OCOTP,
199 	HAB_ENG_DTCP,
200 	HAB_ENG_ROM,
201 	HAB_ENG_HDCP,
202 	HAB_ENG_RTL,
203 	HAB_ENG_SW,
204 	-1
205 };
206 
get_idx(uint8_t * list,uint8_t tgt)207 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
208 {
209 	uint8_t idx = 0;
210 	uint8_t element = list[idx];
211 	while (element != -1) {
212 		if (element == tgt)
213 			return idx;
214 		element = list[++idx];
215 	}
216 	return -1;
217 }
218 
process_event_record(uint8_t * event_data,size_t bytes)219 static void process_event_record(uint8_t *event_data, size_t bytes)
220 {
221 	struct record *rec = (struct record *)event_data;
222 
223 	printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]);
224 	printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]);
225 	printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]);
226 	printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
227 }
228 
display_event(uint8_t * event_data,size_t bytes)229 static void display_event(uint8_t *event_data, size_t bytes)
230 {
231 	uint32_t i;
232 
233 	if (!(event_data && bytes > 0))
234 		return;
235 
236 	for (i = 0; i < bytes; i++) {
237 		if (i == 0)
238 			printf("\t0x%02x", event_data[i]);
239 		else if ((i % 8) == 0)
240 			printf("\n\t0x%02x", event_data[i]);
241 		else
242 			printf(" 0x%02x", event_data[i]);
243 	}
244 
245 	process_event_record(event_data, bytes);
246 }
247 
get_hab_status(void)248 static int get_hab_status(void)
249 {
250 	uint32_t index = 0; /* Loop index */
251 	uint8_t event_data[128]; /* Event data buffer */
252 	size_t bytes = sizeof(event_data); /* Event size in bytes */
253 	enum hab_config config = 0;
254 	enum hab_state state = 0;
255 	hab_rvt_report_event_t *hab_rvt_report_event;
256 	hab_rvt_report_status_t *hab_rvt_report_status;
257 
258 	hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT;
259 	hab_rvt_report_status =
260 			(hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS;
261 
262 	if (imx_hab_is_enabled())
263 		puts("\nSecure boot enabled\n");
264 	else
265 		puts("\nSecure boot disabled\n");
266 
267 	/* Check HAB status */
268 	if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
269 		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
270 		       config, state);
271 
272 		/* Display HAB Error events */
273 		while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
274 					&bytes) == HAB_SUCCESS) {
275 			puts("\n");
276 			printf("--------- HAB Event %d -----------------\n",
277 			       index + 1);
278 			puts("event data:\n");
279 			display_event(event_data, bytes);
280 			puts("\n");
281 			bytes = sizeof(event_data);
282 			index++;
283 		}
284 	}
285 	/* Display message if no HAB events are found */
286 	else {
287 		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
288 		       config, state);
289 		puts("No HAB Events Found!\n\n");
290 	}
291 	return 0;
292 }
293 
do_hab_status(cmd_tbl_t * cmdtp,int flag,int argc,char * const argv[])294 static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
295 			 char * const argv[])
296 {
297 	if ((argc != 1)) {
298 		cmd_usage(cmdtp);
299 		return 1;
300 	}
301 
302 	get_hab_status();
303 
304 	return 0;
305 }
306 
get_image_ivt_offset(ulong img_addr)307 static ulong get_image_ivt_offset(ulong img_addr)
308 {
309 	const void *buf;
310 
311 	buf = map_sysmem(img_addr, 0);
312 	switch (genimg_get_format(buf)) {
313 #if defined(CONFIG_IMAGE_FORMAT_LEGACY)
314 	case IMAGE_FORMAT_LEGACY:
315 		return (image_get_image_size((image_header_t *)img_addr)
316 			+ 0x1000 - 1)  & ~(0x1000 - 1);
317 #endif
318 #if IMAGE_ENABLE_FIT
319 	case IMAGE_FORMAT_FIT:
320 		return (fit_get_size(buf) + 0x1000 - 1)  & ~(0x1000 - 1);
321 #endif
322 	default:
323 		return 0;
324 	}
325 }
326 
do_authenticate_image(cmd_tbl_t * cmdtp,int flag,int argc,char * const argv[])327 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
328 				 char * const argv[])
329 {
330 	ulong	addr, length, ivt_offset;
331 	int	rcode = 0;
332 
333 	if (argc < 3)
334 		return CMD_RET_USAGE;
335 
336 	addr = simple_strtoul(argv[1], NULL, 16);
337 	length = simple_strtoul(argv[2], NULL, 16);
338 	if (argc == 3)
339 		ivt_offset = get_image_ivt_offset(addr);
340 	else
341 		ivt_offset = simple_strtoul(argv[3], NULL, 16);
342 
343 	rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
344 	if (rcode == 0)
345 		rcode = CMD_RET_SUCCESS;
346 	else
347 		rcode = CMD_RET_FAILURE;
348 
349 	return rcode;
350 }
351 
do_hab_failsafe(cmd_tbl_t * cmdtp,int flag,int argc,char * const argv[])352 static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
353 			   char * const argv[])
354 {
355 	hab_rvt_failsafe_t *hab_rvt_failsafe;
356 
357 	if (argc != 1) {
358 		cmd_usage(cmdtp);
359 		return 1;
360 	}
361 
362 	hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE;
363 	hab_rvt_failsafe();
364 
365 	return 0;
366 }
367 
do_authenticate_image_or_failover(cmd_tbl_t * cmdtp,int flag,int argc,char * const argv[])368 static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
369 					     int argc, char * const argv[])
370 {
371 	int ret = CMD_RET_FAILURE;
372 
373 	if (argc != 4) {
374 		ret = CMD_RET_USAGE;
375 		goto error;
376 	}
377 
378 	if (!imx_hab_is_enabled()) {
379 		printf("error: secure boot disabled\n");
380 		goto error;
381 	}
382 
383 	if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
384 		fprintf(stderr, "authentication fail -> %s %s %s %s\n",
385 			argv[0], argv[1], argv[2], argv[3]);
386 		do_hab_failsafe(0, 0, 1, NULL);
387 	};
388 	ret = CMD_RET_SUCCESS;
389 error:
390 	return ret;
391 }
392 
393 U_BOOT_CMD(
394 		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
395 		"display HAB status",
396 		""
397 	  );
398 
399 U_BOOT_CMD(
400 		hab_auth_img, 4, 0, do_authenticate_image,
401 		"authenticate image via HAB",
402 		"addr length ivt_offset\n"
403 		"addr - image hex address\n"
404 		"length - image hex length\n"
405 		"ivt_offset - hex offset of IVT in the image"
406 	  );
407 
408 U_BOOT_CMD(
409 		hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe,
410 		"run BootROM failsafe routine",
411 		""
412 	  );
413 
414 U_BOOT_CMD(
415 		hab_auth_img_or_fail, 4, 0,
416 		do_authenticate_image_or_failover,
417 		"authenticate image via HAB on failure drop to USB BootROM mode",
418 		"addr length ivt_offset\n"
419 		"addr - image hex address\n"
420 		"length - image hex length\n"
421 		"ivt_offset - hex offset of IVT in the image"
422 	  );
423 
424 #endif /* !defined(CONFIG_SPL_BUILD) */
425 
426 /* Get CSF Header length */
get_hab_hdr_len(struct hab_hdr * hdr)427 static int get_hab_hdr_len(struct hab_hdr *hdr)
428 {
429 	return (size_t)((hdr->len[0] << 8) + (hdr->len[1]));
430 }
431 
432 /* Check whether addr lies between start and
433  * end and is within the length of the image
434  */
chk_bounds(u8 * addr,size_t bytes,u8 * start,u8 * end)435 static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end)
436 {
437 	size_t csf_size = (size_t)((end + 1) - addr);
438 
439 	return (addr && (addr >= start) && (addr <= end) &&
440 		(csf_size >= bytes));
441 }
442 
443 /* Get Length of each command in CSF */
get_csf_cmd_hdr_len(u8 * csf_hdr)444 static int get_csf_cmd_hdr_len(u8 *csf_hdr)
445 {
446 	if (*csf_hdr == HAB_CMD_HDR)
447 		return sizeof(struct hab_hdr);
448 
449 	return get_hab_hdr_len((struct hab_hdr *)csf_hdr);
450 }
451 
452 /* Check if CSF is valid */
csf_is_valid(struct ivt * ivt,ulong start_addr,size_t bytes)453 static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes)
454 {
455 	u8 *start = (u8 *)start_addr;
456 	u8 *csf_hdr;
457 	u8 *end;
458 
459 	size_t csf_hdr_len;
460 	size_t cmd_hdr_len;
461 	size_t offset = 0;
462 
463 	if (bytes != 0)
464 		end = start + bytes - 1;
465 	else
466 		end = start;
467 
468 	/* Verify if CSF pointer content is zero */
469 	if (!ivt->csf) {
470 		puts("Error: CSF pointer is NULL\n");
471 		return false;
472 	}
473 
474 	csf_hdr = (u8 *)ivt->csf;
475 
476 	/* Verify if CSF Header exist */
477 	if (*csf_hdr != HAB_CMD_HDR) {
478 		puts("Error: CSF header command not found\n");
479 		return false;
480 	}
481 
482 	csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr);
483 
484 	/* Check if the CSF lies within the image bounds */
485 	if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) {
486 		puts("Error: CSF lies outside the image bounds\n");
487 		return false;
488 	}
489 
490 	do {
491 		struct hab_hdr *cmd;
492 
493 		cmd = (struct hab_hdr *)&csf_hdr[offset];
494 
495 		switch (cmd->tag) {
496 		case (HAB_CMD_WRT_DAT):
497 			puts("Error: Deprecated write command found\n");
498 			return false;
499 		case (HAB_CMD_CHK_DAT):
500 			puts("Error: Deprecated check command found\n");
501 			return false;
502 		case (HAB_CMD_SET):
503 			if (cmd->par == HAB_PAR_MID) {
504 				puts("Error: Deprecated Set MID command found\n");
505 				return false;
506 			}
507 		default:
508 			break;
509 		}
510 
511 		cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]);
512 		if (!cmd_hdr_len) {
513 			puts("Error: Invalid command length\n");
514 			return false;
515 		}
516 		offset += cmd_hdr_len;
517 
518 	} while (offset < csf_hdr_len);
519 
520 	return true;
521 }
522 
imx_hab_is_enabled(void)523 bool imx_hab_is_enabled(void)
524 {
525 	struct imx_sec_config_fuse_t *fuse =
526 		(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
527 	uint32_t reg;
528 	int ret;
529 
530 	ret = fuse_read(fuse->bank, fuse->word, &reg);
531 	if (ret) {
532 		puts("\nSecure boot fuse read error\n");
533 		return ret;
534 	}
535 
536 	return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
537 }
538 
imx_hab_authenticate_image(uint32_t ddr_start,uint32_t image_size,uint32_t ivt_offset)539 int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
540 			       uint32_t ivt_offset)
541 {
542 	uint32_t load_addr = 0;
543 	size_t bytes;
544 	uint32_t ivt_addr = 0;
545 	int result = 1;
546 	ulong start;
547 	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
548 	hab_rvt_entry_t *hab_rvt_entry;
549 	hab_rvt_exit_t *hab_rvt_exit;
550 	hab_rvt_check_target_t *hab_rvt_check_target;
551 	struct ivt *ivt;
552 	struct ivt_header *ivt_hdr;
553 	enum hab_status status;
554 
555 	hab_rvt_authenticate_image =
556 		(hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE;
557 	hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY;
558 	hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT;
559 	hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET;
560 
561 	if (!imx_hab_is_enabled()) {
562 		puts("hab fuse not enabled\n");
563 		return 0;
564 	}
565 
566 	printf("\nAuthenticate image from DDR location 0x%x...\n",
567 	       ddr_start);
568 
569 	hab_caam_clock_enable(1);
570 
571 	/* Calculate IVT address header */
572 	ivt_addr = ddr_start + ivt_offset;
573 	ivt = (struct ivt *)ivt_addr;
574 	ivt_hdr = &ivt->hdr;
575 
576 	/* Verify IVT header bugging out on error */
577 	if (verify_ivt_header(ivt_hdr))
578 		goto hab_authentication_exit;
579 
580 	/* Verify IVT body */
581 	if (ivt->self != ivt_addr) {
582 		printf("ivt->self 0x%08x pointer is 0x%08x\n",
583 		       ivt->self, ivt_addr);
584 		goto hab_authentication_exit;
585 	}
586 
587 	/* Verify if IVT DCD pointer is NULL */
588 	if (ivt->dcd) {
589 		puts("Error: DCD pointer must be NULL\n");
590 		goto hab_authentication_exit;
591 	}
592 
593 	start = ddr_start;
594 	bytes = image_size;
595 
596 	/* Verify CSF */
597 	if (!csf_is_valid(ivt, start, bytes))
598 		goto hab_authentication_exit;
599 
600 	if (hab_rvt_entry() != HAB_SUCCESS) {
601 		puts("hab entry function fail\n");
602 		goto hab_exit_failure_print_status;
603 	}
604 
605 	status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
606 	if (status != HAB_SUCCESS) {
607 		printf("HAB check target 0x%08x-0x%08x fail\n",
608 		       ddr_start, ddr_start + bytes);
609 		goto hab_exit_failure_print_status;
610 	}
611 #ifdef DEBUG
612 	printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
613 	printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
614 	       ivt->dcd, ivt->csf);
615 	puts("Dumping IVT\n");
616 	print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
617 
618 	puts("Dumping CSF Header\n");
619 	print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0);
620 
621 #if  !defined(CONFIG_SPL_BUILD)
622 	get_hab_status();
623 #endif
624 
625 	puts("\nCalling authenticate_image in ROM\n");
626 	printf("\tivt_offset = 0x%x\n", ivt_offset);
627 	printf("\tstart = 0x%08lx\n", start);
628 	printf("\tbytes = 0x%x\n", bytes);
629 #endif
630 	/*
631 	 * If the MMU is enabled, we have to notify the ROM
632 	 * code, or it won't flush the caches when needed.
633 	 * This is done, by setting the "pu_irom_mmu_enabled"
634 	 * word to 1. You can find its address by looking in
635 	 * the ROM map. This is critical for
636 	 * authenticate_image(). If MMU is enabled, without
637 	 * setting this bit, authentication will fail and may
638 	 * crash.
639 	 */
640 	/* Check MMU enabled */
641 	if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
642 		if (is_mx6dq()) {
643 			/*
644 			 * This won't work on Rev 1.0.0 of
645 			 * i.MX6Q/D, since their ROM doesn't
646 			 * do cache flushes. don't think any
647 			 * exist, so we ignore them.
648 			 */
649 			if (!is_mx6dqp())
650 				writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
651 		} else if (is_mx6sdl()) {
652 			writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
653 		} else if (is_mx6sl()) {
654 			writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
655 		}
656 	}
657 
658 	load_addr = (uint32_t)hab_rvt_authenticate_image(
659 			HAB_CID_UBOOT,
660 			ivt_offset, (void **)&start,
661 			(size_t *)&bytes, NULL);
662 	if (hab_rvt_exit() != HAB_SUCCESS) {
663 		puts("hab exit function fail\n");
664 		load_addr = 0;
665 	}
666 
667 hab_exit_failure_print_status:
668 #if !defined(CONFIG_SPL_BUILD)
669 	get_hab_status();
670 #endif
671 
672 hab_authentication_exit:
673 
674 	if (load_addr != 0)
675 		result = 0;
676 
677 	return result;
678 }
679