xref: /openbmc/u-boot/arch/arm/mach-imx/hab.c (revision cbd2fba1)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
4  */
5 
6 #include <common.h>
7 #include <config.h>
8 #include <fuse.h>
9 #include <asm/io.h>
10 #include <asm/system.h>
11 #include <asm/arch/clock.h>
12 #include <asm/arch/sys_proto.h>
13 #include <asm/mach-imx/hab.h>
14 
15 #define ALIGN_SIZE		0x1000
16 #define MX6DQ_PU_IROM_MMU_EN_VAR	0x009024a8
17 #define MX6DLS_PU_IROM_MMU_EN_VAR	0x00901dd0
18 #define MX6SL_PU_IROM_MMU_EN_VAR	0x00900a18
19 #define IS_HAB_ENABLED_BIT \
20 	(is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 :	\
21 	 (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
22 
23 static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
24 {
25 	printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
26 	       ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
27 
28 	return 1;
29 }
30 
31 static int verify_ivt_header(struct ivt_header *ivt_hdr)
32 {
33 	int result = 0;
34 
35 	if (ivt_hdr->magic != IVT_HEADER_MAGIC)
36 		result = ivt_header_error("bad magic", ivt_hdr);
37 
38 	if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
39 		result = ivt_header_error("bad length", ivt_hdr);
40 
41 	if (ivt_hdr->version != IVT_HEADER_V1 &&
42 	    ivt_hdr->version != IVT_HEADER_V2)
43 		result = ivt_header_error("bad version", ivt_hdr);
44 
45 	return result;
46 }
47 
48 #if !defined(CONFIG_SPL_BUILD)
49 
50 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
51 
52 struct record {
53 	uint8_t  tag;						/* Tag */
54 	uint8_t  len[2];					/* Length */
55 	uint8_t  par;						/* Version */
56 	uint8_t  contents[MAX_RECORD_BYTES];/* Record Data */
57 	bool	 any_rec_flag;
58 };
59 
60 static char *rsn_str[] = {
61 			  "RSN = HAB_RSN_ANY (0x00)\n",
62 			  "RSN = HAB_ENG_FAIL (0x30)\n",
63 			  "RSN = HAB_INV_ADDRESS (0x22)\n",
64 			  "RSN = HAB_INV_ASSERTION (0x0C)\n",
65 			  "RSN = HAB_INV_CALL (0x28)\n",
66 			  "RSN = HAB_INV_CERTIFICATE (0x21)\n",
67 			  "RSN = HAB_INV_COMMAND (0x06)\n",
68 			  "RSN = HAB_INV_CSF (0x11)\n",
69 			  "RSN = HAB_INV_DCD (0x27)\n",
70 			  "RSN = HAB_INV_INDEX (0x0F)\n",
71 			  "RSN = HAB_INV_IVT (0x05)\n",
72 			  "RSN = HAB_INV_KEY (0x1D)\n",
73 			  "RSN = HAB_INV_RETURN (0x1E)\n",
74 			  "RSN = HAB_INV_SIGNATURE (0x18)\n",
75 			  "RSN = HAB_INV_SIZE (0x17)\n",
76 			  "RSN = HAB_MEM_FAIL (0x2E)\n",
77 			  "RSN = HAB_OVR_COUNT (0x2B)\n",
78 			  "RSN = HAB_OVR_STORAGE (0x2D)\n",
79 			  "RSN = HAB_UNS_ALGORITHM (0x12)\n",
80 			  "RSN = HAB_UNS_COMMAND (0x03)\n",
81 			  "RSN = HAB_UNS_ENGINE (0x0A)\n",
82 			  "RSN = HAB_UNS_ITEM (0x24)\n",
83 			  "RSN = HAB_UNS_KEY (0x1B)\n",
84 			  "RSN = HAB_UNS_PROTOCOL (0x14)\n",
85 			  "RSN = HAB_UNS_STATE (0x09)\n",
86 			  "RSN = INVALID\n",
87 			  NULL
88 };
89 
90 static char *sts_str[] = {
91 			  "STS = HAB_SUCCESS (0xF0)\n",
92 			  "STS = HAB_FAILURE (0x33)\n",
93 			  "STS = HAB_WARNING (0x69)\n",
94 			  "STS = INVALID\n",
95 			  NULL
96 };
97 
98 static char *eng_str[] = {
99 			  "ENG = HAB_ENG_ANY (0x00)\n",
100 			  "ENG = HAB_ENG_SCC (0x03)\n",
101 			  "ENG = HAB_ENG_RTIC (0x05)\n",
102 			  "ENG = HAB_ENG_SAHARA (0x06)\n",
103 			  "ENG = HAB_ENG_CSU (0x0A)\n",
104 			  "ENG = HAB_ENG_SRTC (0x0C)\n",
105 			  "ENG = HAB_ENG_DCP (0x1B)\n",
106 			  "ENG = HAB_ENG_CAAM (0x1D)\n",
107 			  "ENG = HAB_ENG_SNVS (0x1E)\n",
108 			  "ENG = HAB_ENG_OCOTP (0x21)\n",
109 			  "ENG = HAB_ENG_DTCP (0x22)\n",
110 			  "ENG = HAB_ENG_ROM (0x36)\n",
111 			  "ENG = HAB_ENG_HDCP (0x24)\n",
112 			  "ENG = HAB_ENG_RTL (0x77)\n",
113 			  "ENG = HAB_ENG_SW (0xFF)\n",
114 			  "ENG = INVALID\n",
115 			  NULL
116 };
117 
118 static char *ctx_str[] = {
119 			  "CTX = HAB_CTX_ANY(0x00)\n",
120 			  "CTX = HAB_CTX_FAB (0xFF)\n",
121 			  "CTX = HAB_CTX_ENTRY (0xE1)\n",
122 			  "CTX = HAB_CTX_TARGET (0x33)\n",
123 			  "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
124 			  "CTX = HAB_CTX_DCD (0xDD)\n",
125 			  "CTX = HAB_CTX_CSF (0xCF)\n",
126 			  "CTX = HAB_CTX_COMMAND (0xC0)\n",
127 			  "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
128 			  "CTX = HAB_CTX_ASSERT (0xA0)\n",
129 			  "CTX = HAB_CTX_EXIT (0xEE)\n",
130 			  "CTX = INVALID\n",
131 			  NULL
132 };
133 
134 static uint8_t hab_statuses[5] = {
135 	HAB_STS_ANY,
136 	HAB_FAILURE,
137 	HAB_WARNING,
138 	HAB_SUCCESS,
139 	-1
140 };
141 
142 static uint8_t hab_reasons[26] = {
143 	HAB_RSN_ANY,
144 	HAB_ENG_FAIL,
145 	HAB_INV_ADDRESS,
146 	HAB_INV_ASSERTION,
147 	HAB_INV_CALL,
148 	HAB_INV_CERTIFICATE,
149 	HAB_INV_COMMAND,
150 	HAB_INV_CSF,
151 	HAB_INV_DCD,
152 	HAB_INV_INDEX,
153 	HAB_INV_IVT,
154 	HAB_INV_KEY,
155 	HAB_INV_RETURN,
156 	HAB_INV_SIGNATURE,
157 	HAB_INV_SIZE,
158 	HAB_MEM_FAIL,
159 	HAB_OVR_COUNT,
160 	HAB_OVR_STORAGE,
161 	HAB_UNS_ALGORITHM,
162 	HAB_UNS_COMMAND,
163 	HAB_UNS_ENGINE,
164 	HAB_UNS_ITEM,
165 	HAB_UNS_KEY,
166 	HAB_UNS_PROTOCOL,
167 	HAB_UNS_STATE,
168 	-1
169 };
170 
171 static uint8_t hab_contexts[12] = {
172 	HAB_CTX_ANY,
173 	HAB_CTX_FAB,
174 	HAB_CTX_ENTRY,
175 	HAB_CTX_TARGET,
176 	HAB_CTX_AUTHENTICATE,
177 	HAB_CTX_DCD,
178 	HAB_CTX_CSF,
179 	HAB_CTX_COMMAND,
180 	HAB_CTX_AUT_DAT,
181 	HAB_CTX_ASSERT,
182 	HAB_CTX_EXIT,
183 	-1
184 };
185 
186 static uint8_t hab_engines[16] = {
187 	HAB_ENG_ANY,
188 	HAB_ENG_SCC,
189 	HAB_ENG_RTIC,
190 	HAB_ENG_SAHARA,
191 	HAB_ENG_CSU,
192 	HAB_ENG_SRTC,
193 	HAB_ENG_DCP,
194 	HAB_ENG_CAAM,
195 	HAB_ENG_SNVS,
196 	HAB_ENG_OCOTP,
197 	HAB_ENG_DTCP,
198 	HAB_ENG_ROM,
199 	HAB_ENG_HDCP,
200 	HAB_ENG_RTL,
201 	HAB_ENG_SW,
202 	-1
203 };
204 
205 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
206 {
207 	uint8_t idx = 0;
208 	uint8_t element = list[idx];
209 	while (element != -1) {
210 		if (element == tgt)
211 			return idx;
212 		element = list[++idx];
213 	}
214 	return -1;
215 }
216 
217 static void process_event_record(uint8_t *event_data, size_t bytes)
218 {
219 	struct record *rec = (struct record *)event_data;
220 
221 	printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]);
222 	printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]);
223 	printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]);
224 	printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
225 }
226 
227 static void display_event(uint8_t *event_data, size_t bytes)
228 {
229 	uint32_t i;
230 
231 	if (!(event_data && bytes > 0))
232 		return;
233 
234 	for (i = 0; i < bytes; i++) {
235 		if (i == 0)
236 			printf("\t0x%02x", event_data[i]);
237 		else if ((i % 8) == 0)
238 			printf("\n\t0x%02x", event_data[i]);
239 		else
240 			printf(" 0x%02x", event_data[i]);
241 	}
242 
243 	process_event_record(event_data, bytes);
244 }
245 
246 static int get_hab_status(void)
247 {
248 	uint32_t index = 0; /* Loop index */
249 	uint8_t event_data[128]; /* Event data buffer */
250 	size_t bytes = sizeof(event_data); /* Event size in bytes */
251 	enum hab_config config = 0;
252 	enum hab_state state = 0;
253 	hab_rvt_report_event_t *hab_rvt_report_event;
254 	hab_rvt_report_status_t *hab_rvt_report_status;
255 
256 	hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT;
257 	hab_rvt_report_status =
258 			(hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS;
259 
260 	if (imx_hab_is_enabled())
261 		puts("\nSecure boot enabled\n");
262 	else
263 		puts("\nSecure boot disabled\n");
264 
265 	/* Check HAB status */
266 	if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
267 		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
268 		       config, state);
269 
270 		/* Display HAB Error events */
271 		while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
272 					&bytes) == HAB_SUCCESS) {
273 			puts("\n");
274 			printf("--------- HAB Event %d -----------------\n",
275 			       index + 1);
276 			puts("event data:\n");
277 			display_event(event_data, bytes);
278 			puts("\n");
279 			bytes = sizeof(event_data);
280 			index++;
281 		}
282 	}
283 	/* Display message if no HAB events are found */
284 	else {
285 		printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
286 		       config, state);
287 		puts("No HAB Events Found!\n\n");
288 	}
289 	return 0;
290 }
291 
292 static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
293 			 char * const argv[])
294 {
295 	if ((argc != 1)) {
296 		cmd_usage(cmdtp);
297 		return 1;
298 	}
299 
300 	get_hab_status();
301 
302 	return 0;
303 }
304 
305 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
306 				 char * const argv[])
307 {
308 	ulong	addr, length, ivt_offset;
309 	int	rcode = 0;
310 
311 	if (argc < 4)
312 		return CMD_RET_USAGE;
313 
314 	addr = simple_strtoul(argv[1], NULL, 16);
315 	length = simple_strtoul(argv[2], NULL, 16);
316 	ivt_offset = simple_strtoul(argv[3], NULL, 16);
317 
318 	rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
319 	if (rcode == 0)
320 		rcode = CMD_RET_SUCCESS;
321 	else
322 		rcode = CMD_RET_FAILURE;
323 
324 	return rcode;
325 }
326 
327 static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
328 			   char * const argv[])
329 {
330 	hab_rvt_failsafe_t *hab_rvt_failsafe;
331 
332 	if (argc != 1) {
333 		cmd_usage(cmdtp);
334 		return 1;
335 	}
336 
337 	hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE;
338 	hab_rvt_failsafe();
339 
340 	return 0;
341 }
342 
343 static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
344 					     int argc, char * const argv[])
345 {
346 	int ret = CMD_RET_FAILURE;
347 
348 	if (argc != 4) {
349 		ret = CMD_RET_USAGE;
350 		goto error;
351 	}
352 
353 	if (!imx_hab_is_enabled()) {
354 		printf("error: secure boot disabled\n");
355 		goto error;
356 	}
357 
358 	if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
359 		fprintf(stderr, "authentication fail -> %s %s %s %s\n",
360 			argv[0], argv[1], argv[2], argv[3]);
361 		do_hab_failsafe(0, 0, 1, NULL);
362 	};
363 	ret = CMD_RET_SUCCESS;
364 error:
365 	return ret;
366 }
367 
368 U_BOOT_CMD(
369 		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
370 		"display HAB status",
371 		""
372 	  );
373 
374 U_BOOT_CMD(
375 		hab_auth_img, 4, 0, do_authenticate_image,
376 		"authenticate image via HAB",
377 		"addr length ivt_offset\n"
378 		"addr - image hex address\n"
379 		"length - image hex length\n"
380 		"ivt_offset - hex offset of IVT in the image"
381 	  );
382 
383 U_BOOT_CMD(
384 		hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe,
385 		"run BootROM failsafe routine",
386 		""
387 	  );
388 
389 U_BOOT_CMD(
390 		hab_auth_img_or_fail, 4, 0,
391 		do_authenticate_image_or_failover,
392 		"authenticate image via HAB on failure drop to USB BootROM mode",
393 		"addr length ivt_offset\n"
394 		"addr - image hex address\n"
395 		"length - image hex length\n"
396 		"ivt_offset - hex offset of IVT in the image"
397 	  );
398 
399 #endif /* !defined(CONFIG_SPL_BUILD) */
400 
401 /* Get CSF Header length */
402 static int get_hab_hdr_len(struct hab_hdr *hdr)
403 {
404 	return (size_t)((hdr->len[0] << 8) + (hdr->len[1]));
405 }
406 
407 /* Check whether addr lies between start and
408  * end and is within the length of the image
409  */
410 static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end)
411 {
412 	size_t csf_size = (size_t)((end + 1) - addr);
413 
414 	return (addr && (addr >= start) && (addr <= end) &&
415 		(csf_size >= bytes));
416 }
417 
418 /* Get Length of each command in CSF */
419 static int get_csf_cmd_hdr_len(u8 *csf_hdr)
420 {
421 	if (*csf_hdr == HAB_CMD_HDR)
422 		return sizeof(struct hab_hdr);
423 
424 	return get_hab_hdr_len((struct hab_hdr *)csf_hdr);
425 }
426 
427 /* Check if CSF is valid */
428 static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes)
429 {
430 	u8 *start = (u8 *)start_addr;
431 	u8 *csf_hdr;
432 	u8 *end;
433 
434 	size_t csf_hdr_len;
435 	size_t cmd_hdr_len;
436 	size_t offset = 0;
437 
438 	if (bytes != 0)
439 		end = start + bytes - 1;
440 	else
441 		end = start;
442 
443 	/* Verify if CSF pointer content is zero */
444 	if (!ivt->csf) {
445 		puts("Error: CSF pointer is NULL\n");
446 		return false;
447 	}
448 
449 	csf_hdr = (u8 *)ivt->csf;
450 
451 	/* Verify if CSF Header exist */
452 	if (*csf_hdr != HAB_CMD_HDR) {
453 		puts("Error: CSF header command not found\n");
454 		return false;
455 	}
456 
457 	csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr);
458 
459 	/* Check if the CSF lies within the image bounds */
460 	if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) {
461 		puts("Error: CSF lies outside the image bounds\n");
462 		return false;
463 	}
464 
465 	do {
466 		struct hab_hdr *cmd;
467 
468 		cmd = (struct hab_hdr *)&csf_hdr[offset];
469 
470 		switch (cmd->tag) {
471 		case (HAB_CMD_WRT_DAT):
472 			puts("Error: Deprecated write command found\n");
473 			return false;
474 		case (HAB_CMD_CHK_DAT):
475 			puts("Error: Deprecated check command found\n");
476 			return false;
477 		case (HAB_CMD_SET):
478 			if (cmd->par == HAB_PAR_MID) {
479 				puts("Error: Deprecated Set MID command found\n");
480 				return false;
481 			}
482 		default:
483 			break;
484 		}
485 
486 		cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]);
487 		if (!cmd_hdr_len) {
488 			puts("Error: Invalid command length\n");
489 			return false;
490 		}
491 		offset += cmd_hdr_len;
492 
493 	} while (offset < csf_hdr_len);
494 
495 	return true;
496 }
497 
498 bool imx_hab_is_enabled(void)
499 {
500 	struct imx_sec_config_fuse_t *fuse =
501 		(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
502 	uint32_t reg;
503 	int ret;
504 
505 	ret = fuse_read(fuse->bank, fuse->word, &reg);
506 	if (ret) {
507 		puts("\nSecure boot fuse read error\n");
508 		return ret;
509 	}
510 
511 	return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
512 }
513 
514 int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
515 			       uint32_t ivt_offset)
516 {
517 	uint32_t load_addr = 0;
518 	size_t bytes;
519 	uint32_t ivt_addr = 0;
520 	int result = 1;
521 	ulong start;
522 	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
523 	hab_rvt_entry_t *hab_rvt_entry;
524 	hab_rvt_exit_t *hab_rvt_exit;
525 	hab_rvt_check_target_t *hab_rvt_check_target;
526 	struct ivt *ivt;
527 	struct ivt_header *ivt_hdr;
528 	enum hab_status status;
529 
530 	hab_rvt_authenticate_image =
531 		(hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE;
532 	hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY;
533 	hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT;
534 	hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET;
535 
536 	if (!imx_hab_is_enabled()) {
537 		puts("hab fuse not enabled\n");
538 		return 0;
539 	}
540 
541 	printf("\nAuthenticate image from DDR location 0x%x...\n",
542 	       ddr_start);
543 
544 	hab_caam_clock_enable(1);
545 
546 	/* Calculate IVT address header */
547 	ivt_addr = ddr_start + ivt_offset;
548 	ivt = (struct ivt *)ivt_addr;
549 	ivt_hdr = &ivt->hdr;
550 
551 	/* Verify IVT header bugging out on error */
552 	if (verify_ivt_header(ivt_hdr))
553 		goto hab_authentication_exit;
554 
555 	/* Verify IVT body */
556 	if (ivt->self != ivt_addr) {
557 		printf("ivt->self 0x%08x pointer is 0x%08x\n",
558 		       ivt->self, ivt_addr);
559 		goto hab_authentication_exit;
560 	}
561 
562 	/* Verify if IVT DCD pointer is NULL */
563 	if (ivt->dcd)
564 		puts("Warning: DCD pointer should be NULL\n");
565 
566 	start = ddr_start;
567 	bytes = image_size;
568 
569 	/* Verify CSF */
570 	if (!csf_is_valid(ivt, start, bytes))
571 		goto hab_authentication_exit;
572 
573 	if (hab_rvt_entry() != HAB_SUCCESS) {
574 		puts("hab entry function fail\n");
575 		goto hab_exit_failure_print_status;
576 	}
577 
578 	status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
579 	if (status != HAB_SUCCESS) {
580 		printf("HAB check target 0x%08x-0x%08x fail\n",
581 		       ddr_start, ddr_start + bytes);
582 		goto hab_exit_failure_print_status;
583 	}
584 #ifdef DEBUG
585 	printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
586 	printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
587 	       ivt->dcd, ivt->csf);
588 	puts("Dumping IVT\n");
589 	print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
590 
591 	puts("Dumping CSF Header\n");
592 	print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0);
593 
594 #if  !defined(CONFIG_SPL_BUILD)
595 	get_hab_status();
596 #endif
597 
598 	puts("\nCalling authenticate_image in ROM\n");
599 	printf("\tivt_offset = 0x%x\n", ivt_offset);
600 	printf("\tstart = 0x%08lx\n", start);
601 	printf("\tbytes = 0x%x\n", bytes);
602 #endif
603 	/*
604 	 * If the MMU is enabled, we have to notify the ROM
605 	 * code, or it won't flush the caches when needed.
606 	 * This is done, by setting the "pu_irom_mmu_enabled"
607 	 * word to 1. You can find its address by looking in
608 	 * the ROM map. This is critical for
609 	 * authenticate_image(). If MMU is enabled, without
610 	 * setting this bit, authentication will fail and may
611 	 * crash.
612 	 */
613 	/* Check MMU enabled */
614 	if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
615 		if (is_mx6dq()) {
616 			/*
617 			 * This won't work on Rev 1.0.0 of
618 			 * i.MX6Q/D, since their ROM doesn't
619 			 * do cache flushes. don't think any
620 			 * exist, so we ignore them.
621 			 */
622 			if (!is_mx6dqp())
623 				writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
624 		} else if (is_mx6sdl()) {
625 			writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
626 		} else if (is_mx6sl()) {
627 			writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
628 		}
629 	}
630 
631 	load_addr = (uint32_t)hab_rvt_authenticate_image(
632 			HAB_CID_UBOOT,
633 			ivt_offset, (void **)&start,
634 			(size_t *)&bytes, NULL);
635 	if (hab_rvt_exit() != HAB_SUCCESS) {
636 		puts("hab exit function fail\n");
637 		load_addr = 0;
638 	}
639 
640 hab_exit_failure_print_status:
641 #if !defined(CONFIG_SPL_BUILD)
642 	get_hab_status();
643 #endif
644 
645 hab_authentication_exit:
646 
647 	if (load_addr != 0)
648 		result = 0;
649 
650 	return result;
651 }
652