1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * K2HK: secure kernel command file 4 * 5 * (C) Copyright 2012-2014 6 * Texas Instruments Incorporated, <www.ti.com> 7 */ 8 9 #include <common.h> 10 #include <command.h> 11 #include <mach/mon.h> 12 #include <spl.h> 13 asm(".arch_extension sec\n\t"); 14 15 int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr) 16 { 17 int result; 18 19 __asm__ __volatile__ ( 20 "stmfd r13!, {lr}\n" 21 "mov r0, %1\n" 22 "mov r1, %2\n" 23 "mov r2, %3\n" 24 "mov r3, %4\n" 25 "blx r0\n" 26 "mov %0, r0\n" 27 "ldmfd r13!, {lr}\n" 28 : "=&r" (result) 29 : "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr) 30 : "cc", "r0", "r1", "r2", "r3", "memory"); 31 return result; 32 } 33 34 int mon_power_on(int core_id, void *ep) 35 { 36 int result; 37 38 asm volatile ( 39 "stmfd r13!, {lr}\n" 40 "mov r1, %1\n" 41 "mov r2, %2\n" 42 "mov r0, #0\n" 43 "smc #0\n" 44 "mov %0, r0\n" 45 "ldmfd r13!, {lr}\n" 46 : "=&r" (result) 47 : "r" (core_id), "r" (ep) 48 : "cc", "r0", "r1", "r2", "memory"); 49 return result; 50 } 51 52 int mon_power_off(int core_id) 53 { 54 int result; 55 56 asm volatile ( 57 "stmfd r13!, {lr}\n" 58 "mov r1, %1\n" 59 "mov r0, #1\n" 60 "smc #1\n" 61 "mov %0, r0\n" 62 "ldmfd r13!, {lr}\n" 63 : "=&r" (result) 64 : "r" (core_id) 65 : "cc", "r0", "r1", "memory"); 66 return result; 67 } 68 69 #ifdef CONFIG_TI_SECURE_DEVICE 70 #define KS2_HS_SEC_HEADER_LEN 0x60 71 #define KS2_HS_SEC_TAG_OFFSET 0x34 72 #define KS2_AUTH_CMD 130 73 74 /** 75 * k2_hs_bm_auth() - Invokes security functions using a 76 * proprietary TI interface. This binary and source for 77 * this is available in the secure development package or 78 * SECDEV. For details on how to access this please refer 79 * doc/README.ti-secure 80 * 81 * @cmd: Secure monitor command 82 * @arg1: Argument for command 83 * 84 * returns non-zero value on success, zero on error 85 */ 86 static int k2_hs_bm_auth(int cmd, void *arg1) 87 { 88 int result; 89 90 asm volatile ( 91 "stmfd r13!, {r4-r12, lr}\n" 92 "mov r0, %1\n" 93 "mov r1, %2\n" 94 "smc #2\n" 95 "mov %0, r0\n" 96 "ldmfd r13!, {r4-r12, lr}\n" 97 : "=&r" (result) 98 : "r" (cmd), "r" (arg1) 99 : "cc", "r0", "r1", "memory"); 100 101 return result; 102 } 103 104 void board_fit_image_post_process(const void *fit, int node, void **p_image, size_t *p_size) 105 { 106 int result = 0; 107 void *image = *p_image; 108 109 if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) { 110 printf("No signature found in image!\n"); 111 hang(); 112 } 113 114 result = k2_hs_bm_auth(KS2_AUTH_CMD, image); 115 if (result == 0) { 116 printf("Authentication failed!\n"); 117 hang(); 118 } 119 120 /* 121 * Overwrite the image headers after authentication 122 * and decryption. Update size to reflect removal 123 * of header. 124 */ 125 *p_size -= KS2_HS_SEC_HEADER_LEN; 126 memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size); 127 128 /* 129 * Output notification of successful authentication to re-assure the 130 * user that the secure code is being processed as expected. However 131 * suppress any such log output in case of building for SPL and booting 132 * via YMODEM. This is done to avoid disturbing the YMODEM serial 133 * protocol transactions. 134 */ 135 if (!(IS_ENABLED(CONFIG_SPL_BUILD) && 136 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && 137 spl_boot_device() == BOOT_DEVICE_UART)) 138 printf("Authentication passed\n"); 139 } 140 #endif 141