xref: /openbmc/u-boot/arch/arm/mach-keystone/mon.c (revision 3aa4b703)
1 /*
2  * K2HK: secure kernel command file
3  *
4  * (C) Copyright 2012-2014
5  *     Texas Instruments Incorporated, <www.ti.com>
6  *
7  * SPDX-License-Identifier:     GPL-2.0+
8  */
9 
10 #include <common.h>
11 #include <command.h>
12 #include <mach/mon.h>
13 #include <spl.h>
14 asm(".arch_extension sec\n\t");
15 
16 int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr)
17 {
18 	int result;
19 
20 	__asm__ __volatile__ (
21 		"stmfd r13!, {lr}\n"
22 		"mov r0, %1\n"
23 		"mov r1, %2\n"
24 		"mov r2, %3\n"
25 		"mov r3, %4\n"
26 		"blx r0\n"
27 		"mov %0, r0\n"
28 		"ldmfd r13!, {lr}\n"
29 		: "=&r" (result)
30 		: "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr)
31 		: "cc", "r0", "r1", "r2", "r3", "memory");
32 	return result;
33 }
34 
35 int mon_power_on(int core_id, void *ep)
36 {
37 	int result;
38 
39 	asm volatile (
40 		"stmfd  r13!, {lr}\n"
41 		"mov r1, %1\n"
42 		"mov r2, %2\n"
43 		"mov r0, #0\n"
44 		"smc	#0\n"
45 		"mov %0, r0\n"
46 		"ldmfd  r13!, {lr}\n"
47 		: "=&r" (result)
48 		: "r" (core_id), "r" (ep)
49 		: "cc", "r0", "r1", "r2", "memory");
50 	return  result;
51 }
52 
53 int mon_power_off(int core_id)
54 {
55 	int result;
56 
57 	asm volatile (
58 		"stmfd  r13!, {lr}\n"
59 		"mov r1, %1\n"
60 		"mov r0, #1\n"
61 		"smc	#1\n"
62 		"mov %0, r0\n"
63 		"ldmfd  r13!, {lr}\n"
64 		: "=&r" (result)
65 		: "r" (core_id)
66 		: "cc", "r0", "r1", "memory");
67 	return  result;
68 }
69 
70 #ifdef CONFIG_TI_SECURE_DEVICE
71 #define KS2_HS_SEC_HEADER_LEN	0x60
72 #define KS2_HS_SEC_TAG_OFFSET	0x34
73 #define KS2_AUTH_CMD		130
74 
75 /**
76  * k2_hs_bm_auth() - Invokes security functions using a
77  * proprietary TI interface. This binary and source for
78  * this is available in the secure development package or
79  * SECDEV. For details on how to access this please refer
80  * doc/README.ti-secure
81  *
82  * @cmd: Secure monitor command
83  * @arg1: Argument for command
84  *
85  * returns non-zero value on success, zero on error
86  */
87 static int k2_hs_bm_auth(int cmd, void *arg1)
88 {
89 	int result;
90 
91 	asm volatile (
92 		"stmfd  r13!, {r4-r12, lr}\n"
93 		"mov r0, %1\n"
94 		"mov r1, %2\n"
95 		"smc #2\n"
96 		"mov %0, r0\n"
97 		"ldmfd r13!, {r4-r12, lr}\n"
98 		: "=&r" (result)
99 		: "r" (cmd), "r" (arg1)
100 		: "cc", "r0", "r1", "memory");
101 
102 	return  result;
103 }
104 
105 void board_fit_image_post_process(void **p_image, size_t *p_size)
106 {
107 	int result = 0;
108 	void *image = *p_image;
109 
110 	if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) {
111 		printf("No signature found in image!\n");
112 		hang();
113 	}
114 
115 	result = k2_hs_bm_auth(KS2_AUTH_CMD, image);
116 	if (result == 0) {
117 		printf("Authentication failed!\n");
118 		hang();
119 	}
120 
121 	/*
122 	 * Overwrite the image headers after authentication
123 	 * and decryption. Update size to reflect removal
124 	 * of header.
125 	 */
126 	*p_size -= KS2_HS_SEC_HEADER_LEN;
127 	memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size);
128 
129 	/*
130 	 * Output notification of successful authentication to re-assure the
131 	 * user that the secure code is being processed as expected. However
132 	 * suppress any such log output in case of building for SPL and booting
133 	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
134 	 * protocol transactions.
135 	 */
136 	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
137 	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
138 	      spl_boot_device() == BOOT_DEVICE_UART))
139 		printf("Authentication passed\n");
140 }
141 #endif
142