On Thu, Jun 16, 2016 at 09:52:40PM -0600, Simon Glass wrote:
On 15 June 2016 at 13:26, Andreas Dannenberg dannenberg@ti.com wrote:
From: Daniel Allred d-allred@ti.com
Adds an API that verifies a signature attached to an image (binary blob). This API is basically a entry to a secure ROM service provided by the device and accessed via an SMC call, using a particular calling convention.
Signed-off-by: Daniel Allred d-allred@ti.com Signed-off-by: Andreas Dannenberg dannenberg@ti.com
arch/arm/cpu/armv7/omap5/Makefile | 1 + arch/arm/cpu/armv7/omap5/sec_fxns.c | 70 +++++++++++++++++++++++++++++ arch/arm/include/asm/arch-omap5/sys_proto.h | 4 ++ 3 files changed, 75 insertions(+) create mode 100644 arch/arm/cpu/armv7/omap5/sec_fxns.c
Reviewed-by: Simon Glass sjg@chromium.org
Please see below.
diff --git a/arch/arm/cpu/armv7/omap5/Makefile b/arch/arm/cpu/armv7/omap5/Makefile index 3caba86..d373bf4 100644 --- a/arch/arm/cpu/armv7/omap5/Makefile +++ b/arch/arm/cpu/armv7/omap5/Makefile @@ -14,3 +14,4 @@ obj-y += hw_data.o obj-y += abb.o obj-y += fdt.o obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o +obj-$(CONFIG_TI_SECURE_DEVICE) += sec_fxns.o diff --git a/arch/arm/cpu/armv7/omap5/sec_fxns.c b/arch/arm/cpu/armv7/omap5/sec_fxns.c new file mode 100644 index 0000000..766333a --- /dev/null +++ b/arch/arm/cpu/armv7/omap5/sec_fxns.c @@ -0,0 +1,70 @@ +/*
- Common security functions that rely on secure ROM services
- (C) Copyright 2016
- Texas Instruments, <www.ti.com>
- Daniel Allred d-allred@ti.com
- SPDX-License-Identifier: GPL-2.0+
- */
+#include <common.h> +#include <asm/arch/sys_proto.h> +#include <asm/omap_common.h>
+#define SIGNATURE_LENGTH (0x118)
+/* API Index for OMAP5, DRA7xx */ +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
+int secure_boot_verify_image(void **image, size_t *size) +{
int result = 1;u32 cert_addr, sig_addr;size_t cert_size;+#ifndef CONFIG_SYS_DCACHE_OFF
/* Perform cache writeback on input buffer */flush_dcache_range((u32)*image,(u32)*image + roundup(*size, ARCH_DMA_MINALIGN));+#endif
cert_addr = (uint32_t)*image;*size -= SIGNATURE_LENGTH; /* Subtract out the signature size */cert_size = *size;sig_addr = cert_addr + cert_size;/* Check if image load address is 32-bit aligned */if (0 != (0x3 & cert_addr)) {puts("Image is not 4-byte aligned.\n");result = 1;goto auth_exit;}/* Image size also should be multiple of 4 */if (0 != (0x3 & cert_size)) {puts("Image size is not 4-byte aligned.\n");result = 1;goto auth_exit;}/* Call ROM HAL API to verify certificate signature */debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,cert_addr, cert_size, sig_addr);result = secure_rom_call(API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);+auth_exit:
if (result != 0) {puts("Authentication failed!\n");printf("Return Value = %08X\n", result);hang();}printf("Authentication passed: %s\n", (char *)sig_addr);return result;+} diff --git a/arch/arm/include/asm/arch-omap5/sys_proto.h b/arch/arm/include/asm/arch-omap5/sys_proto.h index ab0e7fa..b175124 100644 --- a/arch/arm/include/asm/arch-omap5/sys_proto.h +++ b/arch/arm/include/asm/arch-omap5/sys_proto.h @@ -84,4 +84,8 @@ static inline u32 usec_to_32k(u32 usec) #define OMAP5_SERVICE_L2ACTLR_SET 0x104 #define OMAP5_SERVICE_ACR_SET 0x107
+#ifdef CONFIG_TI_SECURE_DEVICE +int secure_boot_verify_image(void **p_image, size_t *p_size);
Function comment please.
And no ifdef/endif (here and later in the series when adding other calls), thanks!