[U-Boot] [PATCH 0/7] AM65x HS device support
Hello all,
This series brings up HS device support on the AM65x platform. Support for HS on K3 family devices is a bit different than previous devices but for the most part all that has been abstracted into the SECDEV package, allowing for a rather straight forward implementation here.
Thanks, Andrew
Andrew F. Davis (7): arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded firmware: ti_sci: Add support for firewall management firmware: ti_sci: Modify auth_boot TI-SCI API to match new version arm: mach-k3: Add secure device support arm: mach-k3: Add secure device build support configs: Add a config for AM65x High Security EVM doc: Update info on using K3 secure devices
MAINTAINERS | 4 + arch/arm/Kconfig | 2 +- arch/arm/mach-k3/Makefile | 1 + arch/arm/mach-k3/am6_init.c | 8 +- arch/arm/mach-k3/config.mk | 25 +++ arch/arm/mach-k3/config_secure.mk | 44 ++++ arch/arm/mach-k3/include/mach/am6_hardware.h | 3 - arch/arm/mach-k3/security.c | 63 ++++++ configs/am65x_hs_evm_a53_defconfig | 74 +++++++ configs/am65x_hs_evm_r5_defconfig | 90 +++++++++ doc/README.ti-secure | 20 +- drivers/firmware/ti_sci.c | 202 ++++++++++++++++++- drivers/firmware/ti_sci.h | 139 ++++++++++++- include/linux/soc/ti/ti_sci_protocol.h | 68 ++++++- tools/k3_fit_atf.sh | 8 +- 15 files changed, 722 insertions(+), 29 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk create mode 100644 arch/arm/mach-k3/security.c create mode 100644 configs/am65x_hs_evm_a53_defconfig create mode 100644 configs/am65x_hs_evm_r5_defconfig
On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it.
Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/mach-k3/am6_init.c | 8 +++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..462538e45d 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); }
+u32 bootindex __attribute__((section(".data"))); + static void store_boot_index_from_rom(void) { - u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL; - - *boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX); + bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX); }
void board_init_f(ulong dummy) @@ -94,7 +94,6 @@ u32 spl_boot_mode(const u32 boot_device) { #if defined(CONFIG_SUPPORT_EMMC_BOOT) u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT); - u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >> CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT; @@ -170,7 +169,6 @@ static u32 __get_primary_bootmedia(u32 devstat) u32 spl_boot_device(void) { u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT); - u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
if (bootindex == K3_PRIMARY_BOOTMODE) return __get_primary_bootmedia(devstat); diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h index b5244609af..3343233aa3 100644 --- a/arch/arm/mach-k3/include/mach/am6_hardware.h +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h @@ -44,7 +44,4 @@ #define CTRLMMR_LOCK_KICK1 0x0100c #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a
-/* MCU SCRATCHPAD usage */ -#define K3_BOOT_PARAM_TABLE_INDEX_VAL CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE - #endif /* __ASM_ARCH_AM6_HARDWARE_H */
On Wed, Feb 13, 2019 at 12:37:06PM -0600, Andrew F. Davis wrote:
On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it.
Signed-off-by: Andrew F. Davis afd@ti.com
arch/arm/mach-k3/am6_init.c | 8 +++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..462538e45d 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); }
+u32 bootindex __attribute__((section(".data")));
We need a comment above this one so it's clear down the line to others why we're doing something odd like this, thanks!
On 2/13/19 2:27 PM, Tom Rini wrote:
On Wed, Feb 13, 2019 at 12:37:06PM -0600, Andrew F. Davis wrote:
On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it.
Signed-off-by: Andrew F. Davis afd@ti.com
arch/arm/mach-k3/am6_init.c | 8 +++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..462538e45d 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); }
+u32 bootindex __attribute__((section(".data")));
We need a comment above this one so it's clear down the line to others why we're doing something odd like this, thanks!
No problem, will add.
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it.
Signed-off-by: Andrew F. Davis afd@ti.com
arch/arm/mach-k3/am6_init.c | 8 +++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..462538e45d 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); }
+u32 bootindex __attribute__((section(".data")));
After thinking a bit more I realized that backup bootmode might fail. R5 SPL is fine but when it jumps to A53 SPL it is trying to read the bootindex again from K3_BOOT_PARAM_TABLE_INDEX_VAL(this is already the case and is wrong). It is not guaranteed that R5 SPL did not damage this ROM param table. We should somehow pass bootindex to A53 SPL using scratchpad space.
static void store_boot_index_from_rom(void) {
- u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
- *boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
- bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
}
void board_init_f(ulong dummy) @@ -94,7 +94,6 @@ u32 spl_boot_mode(const u32 boot_device) { #if defined(CONFIG_SUPPORT_EMMC_BOOT) u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >> CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
@@ -170,7 +169,6 @@ static u32 __get_primary_bootmedia(u32 devstat) u32 spl_boot_device(void) { u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
if (bootindex == K3_PRIMARY_BOOTMODE) return __get_primary_bootmedia(devstat);
diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h index b5244609af..3343233aa3 100644 --- a/arch/arm/mach-k3/include/mach/am6_hardware.h +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h @@ -44,7 +44,4 @@ #define CTRLMMR_LOCK_KICK1 0x0100c #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a
-/* MCU SCRATCHPAD usage */ -#define K3_BOOT_PARAM_TABLE_INDEX_VAL CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE
Can we move scratchpad base to a different location ? This will be used for eeprom storing also.
Thanks and regards, Lokesh
#endif /* __ASM_ARCH_AM6_HARDWARE_H */
On 2/13/19 9:32 PM, Lokesh Vutla wrote:
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it.
Signed-off-by: Andrew F. Davis afd@ti.com
arch/arm/mach-k3/am6_init.c | 8 +++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..462538e45d 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); }
+u32 bootindex __attribute__((section(".data")));
After thinking a bit more I realized that backup bootmode might fail. R5 SPL is fine but when it jumps to A53 SPL it is trying to read the bootindex again from K3_BOOT_PARAM_TABLE_INDEX_VAL(this is already the case and is wrong). It is not guaranteed that R5 SPL did not damage this ROM param table. We should somehow pass bootindex to A53 SPL using scratchpad space.
I don't know of any super good way to pass data from R5-SPL to A53-SPL, but I don't think MCU_PSRAM0 will be the way to do it. For all we know before A53-SPL has started the R5-SPL may have shutdown and something else has booted, which could have used that MCU local RAM space. I think we need something that gets passed to A53 anyway, maybe a DT fixup?
static void store_boot_index_from_rom(void) {
- u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
- *boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
- bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
}
void board_init_f(ulong dummy) @@ -94,7 +94,6 @@ u32 spl_boot_mode(const u32 boot_device) { #if defined(CONFIG_SUPPORT_EMMC_BOOT) u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >> CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
@@ -170,7 +169,6 @@ static u32 __get_primary_bootmedia(u32 devstat) u32 spl_boot_device(void) { u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
if (bootindex == K3_PRIMARY_BOOTMODE) return __get_primary_bootmedia(devstat);
diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h index b5244609af..3343233aa3 100644 --- a/arch/arm/mach-k3/include/mach/am6_hardware.h +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h @@ -44,7 +44,4 @@ #define CTRLMMR_LOCK_KICK1 0x0100c #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a
-/* MCU SCRATCHPAD usage */ -#define K3_BOOT_PARAM_TABLE_INDEX_VAL CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE
Can we move scratchpad base to a different location ? This will be used for eeprom storing also.
It's okay to use MCU_PSRAM0 after SYSFW has been loaded, does the EEPROM data need to be moved between SPLs? Or is it local to each?
Andrew
Thanks and regards, Lokesh
#endif /* __ASM_ARCH_AM6_HARDWARE_H */
On 15/02/19 3:21 AM, Andrew F. Davis wrote:
On 2/13/19 9:32 PM, Lokesh Vutla wrote:
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
On HS devices the 512b region of reset isolated memory called MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we cannot use this memory. It is only used to store a single value left at the end of SRAM by ROM that will be needed later. Save that value to a global variable stored in the .data section. This section is used as .bss will be cleared between saving this value and using it.
Signed-off-by: Andrew F. Davis afd@ti.com
arch/arm/mach-k3/am6_init.c | 8 +++----- arch/arm/mach-k3/include/mach/am6_hardware.h | 3 --- 2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a5553190b4..462538e45d 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void) mmr_unlock(CTRL_MMR0_BASE, 7); }
+u32 bootindex __attribute__((section(".data")));
After thinking a bit more I realized that backup bootmode might fail. R5 SPL is fine but when it jumps to A53 SPL it is trying to read the bootindex again from K3_BOOT_PARAM_TABLE_INDEX_VAL(this is already the case and is wrong). It is not guaranteed that R5 SPL did not damage this ROM param table. We should somehow pass bootindex to A53 SPL using scratchpad space.
I don't know of any super good way to pass data from R5-SPL to A53-SPL, but I don't think MCU_PSRAM0 will be the way to do it. For all we know
Agreed.
before A53-SPL has started the R5-SPL may have shutdown and something else has booted, which could have used that MCU local RAM space. I think we need something that gets passed to A53 anyway, maybe a DT fixup?
Yeah or we can update spl_boot_list array with both primary and secondary bootdevices.
Actually this patch as such has no issues and is not introducing any new regressions.
Reviewed-by: Lokesh Vutla lokeshvutla@ti.com
For backup boot modes Ill take a look and try to address in a cleaner way.
Thanks and regards, Lokesh
TI-SCI message protocol provides support for controlling the firewall configurations available in SoC.
Introduce support for the set of TI-SCI message protocol APIs that provide us with this capability of controlling firewalls.
Signed-off-by: Andrew F. Davis afd@ti.com --- drivers/firmware/ti_sci.c | 177 +++++++++++++++++++++++++ drivers/firmware/ti_sci.h | 130 ++++++++++++++++++ include/linux/soc/ti/ti_sci_protocol.h | 64 +++++++++ 3 files changed, 371 insertions(+)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c index 9148126041..edd6e094df 100644 --- a/drivers/firmware/ti_sci.c +++ b/drivers/firmware/ti_sci.c @@ -1803,6 +1803,178 @@ static int ti_sci_cmd_get_proc_boot_status(const struct ti_sci_handle *handle, return ret; }
+/** + * ti_sci_cmd_set_fwl_region() - Request for configuring a firewall region + * @handle: pointer to TI SCI handle + * @region: region configuration parameters + * + * Return: 0 if all went well, else returns appropriate error value. + */ +static int ti_sci_cmd_set_fwl_region(const struct ti_sci_handle *handle, + const struct ti_sci_msg_fwl_region *region) +{ + struct ti_sci_msg_fwl_set_firewall_region_req req; + struct ti_sci_msg_fwl_set_firewall_region_resp *resp; + struct ti_sci_info *info; + struct ti_sci_xfer *xfer; + int ret = 0; + + if (IS_ERR(handle)) + return PTR_ERR(handle); + if (!handle) + return -EINVAL; + + info = handle_to_ti_sci_info(handle); + + xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_SET, + TI_SCI_FLAG_REQ_ACK_ON_PROCESSED, + (u32 *)&req, sizeof(req), sizeof(*resp)); + if (IS_ERR(xfer)) { + ret = PTR_ERR(xfer); + dev_err(info->dev, "Message alloc failed(%d)\n", ret); + return ret; + } + + req.fwl_id = region->fwl_id; + req.region = region->region; + req.n_permission_regs = region->n_permission_regs; + req.control = region->control; + req.permissions[0] = region->permissions[0]; + req.permissions[1] = region->permissions[1]; + req.permissions[2] = region->permissions[2]; + req.start_address = region->start_address; + req.end_address = region->end_address; + + ret = ti_sci_do_xfer(info, xfer); + if (ret) { + dev_err(info->dev, "Mbox send fail %d\n", ret); + return ret; + } + + resp = (struct ti_sci_msg_fwl_set_firewall_region_resp *)xfer->tx_message.buf; + + if (!ti_sci_is_response_ack(resp)) + return -ENODEV; + + return 0; +} + +/** + * ti_sci_cmd_get_fwl_region() - Request for getting a firewall region + * @handle: pointer to TI SCI handle + * @region: region configuration parameters + * + * Return: 0 if all went well, else returns appropriate error value. + */ +static int ti_sci_cmd_get_fwl_region(const struct ti_sci_handle *handle, + struct ti_sci_msg_fwl_region *region) +{ + struct ti_sci_msg_fwl_get_firewall_region_req req; + struct ti_sci_msg_fwl_get_firewall_region_resp *resp; + struct ti_sci_info *info; + struct ti_sci_xfer *xfer; + int ret = 0; + + if (IS_ERR(handle)) + return PTR_ERR(handle); + if (!handle) + return -EINVAL; + + info = handle_to_ti_sci_info(handle); + + xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET, + TI_SCI_FLAG_REQ_ACK_ON_PROCESSED, + (u32 *)&req, sizeof(req), sizeof(*resp)); + if (IS_ERR(xfer)) { + ret = PTR_ERR(xfer); + dev_err(info->dev, "Message alloc failed(%d)\n", ret); + return ret; + } + + req.fwl_id = region->fwl_id; + req.region = region->region; + req.n_permission_regs = region->n_permission_regs; + + ret = ti_sci_do_xfer(info, xfer); + if (ret) { + dev_err(info->dev, "Mbox send fail %d\n", ret); + return ret; + } + + resp = (struct ti_sci_msg_fwl_get_firewall_region_resp *)xfer->tx_message.buf; + + if (!ti_sci_is_response_ack(resp)) + return -ENODEV; + + region->fwl_id = resp->fwl_id; + region->region = resp->region; + region->n_permission_regs = resp->n_permission_regs; + region->control = resp->control; + region->permissions[0] = resp->permissions[0]; + region->permissions[1] = resp->permissions[1]; + region->permissions[2] = resp->permissions[2]; + region->start_address = resp->start_address; + region->end_address = resp->end_address; + + return 0; +} + +/** + * ti_sci_cmd_change_fwl_owner() - Request for changing a firewall owner + * @handle: pointer to TI SCI handle + * @region: region configuration parameters + * + * Return: 0 if all went well, else returns appropriate error value. + */ +static int ti_sci_cmd_change_fwl_owner(const struct ti_sci_handle *handle, + struct ti_sci_msg_fwl_owner *owner) +{ + struct ti_sci_msg_fwl_change_owner_info_req req; + struct ti_sci_msg_fwl_change_owner_info_resp *resp; + struct ti_sci_info *info; + struct ti_sci_xfer *xfer; + int ret = 0; + + if (IS_ERR(handle)) + return PTR_ERR(handle); + if (!handle) + return -EINVAL; + + info = handle_to_ti_sci_info(handle); + + xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET, + TISCI_MSG_FWL_CHANGE_OWNER, + (u32 *)&req, sizeof(req), sizeof(*resp)); + if (IS_ERR(xfer)) { + ret = PTR_ERR(xfer); + dev_err(info->dev, "Message alloc failed(%d)\n", ret); + return ret; + } + + req.fwl_id = owner->fwl_id; + req.region = owner->region; + req.owner_index = owner->owner_index; + + ret = ti_sci_do_xfer(info, xfer); + if (ret) { + dev_err(info->dev, "Mbox send fail %d\n", ret); + return ret; + } + + resp = (struct ti_sci_msg_fwl_change_owner_info_resp *)xfer->tx_message.buf; + + if (!ti_sci_is_response_ack(resp)) + return -ENODEV; + + owner->fwl_id = resp->fwl_id; + owner->region = resp->region; + owner->owner_index = resp->owner_index; + owner->owner_privid = resp->owner_privid; + owner->owner_permission_bits = resp->owner_permission_bits; + + return ret; +} + /* * ti_sci_setup_ops() - Setup the operations structures * @info: pointer to TISCI pointer @@ -1815,6 +1987,7 @@ static void ti_sci_setup_ops(struct ti_sci_info *info) struct ti_sci_clk_ops *cops = &ops->clk_ops; struct ti_sci_core_ops *core_ops = &ops->core_ops; struct ti_sci_proc_ops *pops = &ops->proc_ops; + struct ti_sci_fwl_ops *fwl_ops = &ops->fwl_ops;
bops->board_config = ti_sci_cmd_set_board_config; bops->board_config_rm = ti_sci_cmd_set_board_config_rm; @@ -1857,6 +2030,10 @@ static void ti_sci_setup_ops(struct ti_sci_info *info) pops->set_proc_boot_ctrl = ti_sci_cmd_set_proc_boot_ctrl; pops->proc_auth_boot_image = ti_sci_cmd_proc_auth_boot_image; pops->get_proc_boot_status = ti_sci_cmd_get_proc_boot_status; + + fwl_ops->set_fwl_region = ti_sci_cmd_set_fwl_region; + fwl_ops->get_fwl_region = ti_sci_cmd_get_fwl_region; + fwl_ops->change_fwl_owner = ti_sci_cmd_change_fwl_owner; }
/** diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h index 81591fb0c7..2c92f475ed 100644 --- a/drivers/firmware/ti_sci.h +++ b/drivers/firmware/ti_sci.h @@ -50,6 +50,10 @@ #define TISCI_MSG_PROC_AUTH_BOOT_IMIAGE 0xc120 #define TISCI_MSG_GET_PROC_BOOT_STATUS 0xc400
+#define TISCI_MSG_FWL_SET 0x9000 +#define TISCI_MSG_FWL_GET 0x9001 +#define TISCI_MSG_FWL_CHANGE_OWNER 0x9002 + /** * struct ti_sci_msg_hdr - Generic Message Header for All messages and responses * @type: Type of messages: One of TI_SCI_MSG* values @@ -677,4 +681,130 @@ struct ti_sci_msg_resp_get_proc_boot_status { u32 status_flags; } __packed;
+#define FWL_MAX_PRIVID_SLOTS 3U + +/** + * struct ti_sci_msg_fwl_set_firewall_region_req - Request for configuring the firewall permissions. + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question. (index starting from 0) In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0) + * @n_permission_regs: Number of permission registers to set + * @control: Contents of the firewall CONTROL register to set + * @permissions: Contents of the firewall PERMISSION register to set + * @start_address: Contents of the firewall START_ADDRESS register to set + * @end_address: Contents of the firewall END_ADDRESS register to set + */ + +struct ti_sci_msg_fwl_set_firewall_region_req { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u32 n_permission_regs; + u32 control; + u32 permissions[FWL_MAX_PRIVID_SLOTS]; + u64 start_address; + u64 end_address; +} __packed; + +/** + * struct ti_sci_msg_fwl_set_firewall_region_resp - Response for configuring the firewall permissions + * + * @hdr: Generic Header + */ +struct ti_sci_msg_fwl_set_firewall_region_resp { + struct ti_sci_msg_hdr hdr; +} __packed; + +/** + * struct ti_sci_msg_fwl_get_firewall_region_req - Request for retrieving the firewall permissions + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to get config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question (index starting from 0). In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0). + * @n_permission_regs: Number of permission registers to retrieve + */ +struct ti_sci_msg_fwl_get_firewall_region_req { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u32 n_permission_regs; +} __packed; + +/** + * struct ti_sci_msg_fwl_get_firewall_region_resp - Response for retrieving the firewall permissions + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info This field is + * unused in case of a simple firewall and must be initialized to zero. In + * case of a region based firewall, this field indicates the region in + * question. (index starting from 0) In case of a channel based firewall, this + * field indicates the channel in question (index starting from 0) + * @n_permission_regs: Number of permission registers retrieved + * @control: Contents of the firewall CONTROL register + * @permissions: Contents of the firewall PERMISSION registers + * @start_address: Contents of the firewall START_ADDRESS register This is not applicable for channelized firewalls. + * @end_address: Contents of the firewall END_ADDRESS register This is not applicable for channelized firewalls. + */ +struct ti_sci_msg_fwl_get_firewall_region_resp { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u32 n_permission_regs; + u32 control; + u32 permissions[FWL_MAX_PRIVID_SLOTS]; + u64 start_address; + u64 end_address; +} __packed; + +/** + * struct ti_sci_msg_fwl_change_owner_info_req - Request for a firewall owner change + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number if applicable + * @owner_index: New owner index to transfer ownership to + */ +struct ti_sci_msg_fwl_change_owner_info_req { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u8 owner_index; +} __packed; + +/** + * struct ti_sci_msg_fwl_change_owner_info_resp - Response for a firewall owner change + * + * @hdr: Generic Header + * + * @fwl_id: Firewall ID specified in request + * @region: Region or channel number specified in request + * @owner_index: Owner index specified in request + * @owner_privid: New owner priv-ID returned by DMSC. + * @owner_permission_bits: New owner permission bits returned by DMSC. + */ +struct ti_sci_msg_fwl_change_owner_info_resp { + struct ti_sci_msg_hdr hdr; + u16 fwl_id; + u16 region; + u8 owner_index; + u8 owner_privid; + u16 owner_permission_bits; +} __packed; + #endif /* __TI_SCI_H */ diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h index 90d5053636..f3c5b72860 100644 --- a/include/linux/soc/ti/ti_sci_protocol.h +++ b/include/linux/soc/ti/ti_sci_protocol.h @@ -257,6 +257,68 @@ struct ti_sci_proc_ops { u32 *sts_flags); };
+/** + * struct ti_sci_msg_fwl_region_cfg - Request and Response for firewalls settings + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question. (index starting from 0) In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0) + * @n_permission_regs: Number of permission registers to set + * @control: Contents of the firewall CONTROL register to set + * @permissions: Contents of the firewall PERMISSION register to set + * @start_address: Contents of the firewall START_ADDRESS register to set + * @end_address: Contents of the firewall END_ADDRESS register to set + */ +struct ti_sci_msg_fwl_region { + u16 fwl_id; + u16 region; + u32 n_permission_regs; + u32 control; + u32 permissions[3]; + u64 start_address; + u64 end_address; +} __packed; + +/** + * \brief Request and Response for firewall owner change + * + * @fwl_id: Firewall ID in question + * @region: Region or channel number to set config info + * This field is unused in case of a simple firewall and must be initialized + * to zero. In case of a region based firewall, this field indicates the + * region in question. (index starting from 0) In case of a channel based + * firewall, this field indicates the channel in question (index starting + * from 0) + * @n_permission_regs: Number of permission registers <= 3 + * @control: Control register value for this region + * @owner_index: New owner index to change to. Owner indexes are setup in DMSC firmware boot configuration data + * @owner_privid: New owner priv-id, used to lookup owner_index is not known, must be set to zero otherwise + * @owner_permission_bits: New owner permission bits + */ +struct ti_sci_msg_fwl_owner { + u16 fwl_id; + u16 region; + u8 owner_index; + u8 owner_privid; + u16 owner_permission_bits; +} __packed; + +/** + * struct ti_sci_fwl_ops - Firewall specific operations + * @set_fwl_region: Request for configuring the firewall permissions. + * @get_fwl_region: Request for retrieving the firewall permissions. + * @change_fwl_owner: Request for a change of firewall owner. + */ +struct ti_sci_fwl_ops { + int (*set_fwl_region)(const struct ti_sci_handle *handle, const struct ti_sci_msg_fwl_region *region); + int (*get_fwl_region)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_region *region); + int (*change_fwl_owner)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_owner *owner); +}; + /** * struct ti_sci_ops - Function support for TI SCI * @board_ops: Miscellaneous operations @@ -264,6 +326,7 @@ struct ti_sci_proc_ops { * @clk_ops: Clock specific operations * @core_ops: Core specific operations * @proc_ops: Processor specific operations + * @fw_ops: Firewall specific operations */ struct ti_sci_ops { struct ti_sci_board_ops board_ops; @@ -271,6 +334,7 @@ struct ti_sci_ops { struct ti_sci_clk_ops clk_ops; struct ti_sci_core_ops core_ops; struct ti_sci_proc_ops proc_ops; + struct ti_sci_fwl_ops fwl_ops; };
/**
On Wed, Feb 13, 2019 at 12:37:07PM -0600, Andrew F. Davis wrote:
TI-SCI message protocol provides support for controlling the firewall configurations available in SoC.
Introduce support for the set of TI-SCI message protocol APIs that provide us with this capability of controlling firewalls.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
[...snip..]
/** diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h index 81591fb0c7..2c92f475ed 100644 --- a/drivers/firmware/ti_sci.h +++ b/drivers/firmware/ti_sci.h @@ -50,6 +50,10 @@ #define TISCI_MSG_PROC_AUTH_BOOT_IMIAGE 0xc120 #define TISCI_MSG_GET_PROC_BOOT_STATUS 0xc400
+#define TISCI_MSG_FWL_SET 0x9000 +#define TISCI_MSG_FWL_GET 0x9001 +#define TISCI_MSG_FWL_CHANGE_OWNER 0x9002
/**
- struct ti_sci_msg_hdr - Generic Message Header for All messages and responses
- @type: Type of messages: One of TI_SCI_MSG* values
@@ -677,4 +681,130 @@ struct ti_sci_msg_resp_get_proc_boot_status { u32 status_flags; } __packed;
+#define FWL_MAX_PRIVID_SLOTS 3U
+/**
- struct ti_sci_msg_fwl_set_firewall_region_req - Request for configuring the firewall permissions.
- @hdr: Generic Header
- @fwl_id: Firewall ID in question
- @region: Region or channel number to set config info
This field is unused in case of a simple firewall and must be initialized
to zero. In case of a region based firewall, this field indicates the
region in question. (index starting from 0) In case of a channel based
firewall, this field indicates the channel in question (index starting
from 0)
- @n_permission_regs: Number of permission registers to set
- @control: Contents of the firewall CONTROL register to set
- @permissions: Contents of the firewall PERMISSION register to set
- @start_address: Contents of the firewall START_ADDRESS register to set
- @end_address: Contents of the firewall END_ADDRESS register to set
- */
+struct ti_sci_msg_fwl_set_firewall_region_req {
- struct ti_sci_msg_hdr hdr;
- u16 fwl_id;
- u16 region;
- u32 n_permission_regs;
- u32 control;
- u32 permissions[FWL_MAX_PRIVID_SLOTS];
- u64 start_address;
- u64 end_address;
+} __packed;
+/**
- struct ti_sci_msg_fwl_set_firewall_region_resp - Response for configuring the firewall permissions
- @hdr: Generic Header
- */
+struct ti_sci_msg_fwl_set_firewall_region_resp {
- struct ti_sci_msg_hdr hdr;
+} __packed;
If it is just the header then you can drop this structure. Use the header directly in the commands.
Thanks and regards, Lokesh
SYSFW version 2019.01 introduces a slightly modified version of this API, add support for it here.
Signed-off-by: Andrew F. Davis afd@ti.com --- drivers/firmware/ti_sci.c | 25 ++++++++++++++++--------- drivers/firmware/ti_sci.h | 9 +++++++-- include/linux/soc/ti/ti_sci_protocol.h | 4 ++-- 3 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c index edd6e094df..d1612eb551 100644 --- a/drivers/firmware/ti_sci.c +++ b/drivers/firmware/ti_sci.c @@ -1700,16 +1700,19 @@ static int ti_sci_cmd_set_proc_boot_ctrl(const struct ti_sci_handle *handle, * ti_sci_cmd_proc_auth_boot_image() - Command to authenticate and load the * image and then set the processor configuration flags. * @handle: Pointer to TI SCI handle - * @proc_id: Processor ID this request is for - * @cert_addr: Memory address at which payload image certificate is located. + * @image_addr: Memory address at which payload image and certificate is + * located in memory, this is updated if the image data is + * moved during authentication. + * @image_size: This is updated with the final size of the image after + * authentication. * * Return: 0 if all went well, else returns appropriate error value. */ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle, - u8 proc_id, u64 cert_addr) + u64 *image_addr, u32 *image_size) { struct ti_sci_msg_req_proc_auth_boot_image req; - struct ti_sci_msg_hdr *resp; + struct ti_sci_msg_resp_proc_auth_boot_image *resp; struct ti_sci_info *info; struct ti_sci_xfer *xfer; int ret = 0; @@ -1729,9 +1732,8 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle, dev_err(info->dev, "Message alloc failed(%d)\n", ret); return ret; } - req.processor_id = proc_id; - req.cert_addr_low = cert_addr & TISCI_ADDR_LOW_MASK; - req.cert_addr_high = (cert_addr & TISCI_ADDR_HIGH_MASK) >> + req.cert_addr_low = *image_addr & TISCI_ADDR_LOW_MASK; + req.cert_addr_high = (*image_addr & TISCI_ADDR_HIGH_MASK) >> TISCI_ADDR_HIGH_SHIFT;
ret = ti_sci_do_xfer(info, xfer); @@ -1740,10 +1742,15 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle, return ret; }
- resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf; + resp = (struct ti_sci_msg_resp_proc_auth_boot_image *)xfer->tx_message.buf;
if (!ti_sci_is_response_ack(resp)) - ret = -ENODEV; + return -ENODEV; + + *image_addr = (resp->image_addr_low & TISCI_ADDR_LOW_MASK) | + (((u64)resp->image_addr_high << + TISCI_ADDR_HIGH_SHIFT) & TISCI_ADDR_HIGH_MASK); + *image_size = resp->image_size;
return ret; } diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h index 2c92f475ed..c49e8b6358 100644 --- a/drivers/firmware/ti_sci.h +++ b/drivers/firmware/ti_sci.h @@ -622,7 +622,6 @@ struct ti_sci_msg_req_set_proc_boot_ctrl { /** * struct ti_sci_msg_req_proc_auth_start_image - Authenticate and start image * @hdr: Generic Header - * @processor_id: ID of processor * @cert_addr_low: Lower 32bit (Little Endian) of certificate * @cert_addr_high: Higher 32bit (Little Endian) of certificate * @@ -631,11 +630,17 @@ struct ti_sci_msg_req_set_proc_boot_ctrl { */ struct ti_sci_msg_req_proc_auth_boot_image { struct ti_sci_msg_hdr hdr; - u8 processor_id; u32 cert_addr_low; u32 cert_addr_high; } __packed;
+struct ti_sci_msg_resp_proc_auth_boot_image { + struct ti_sci_msg_hdr hdr; + u32 image_addr_low; + u32 image_addr_high; + u32 image_size; +} __packed; + /** * struct ti_sci_msg_req_get_proc_boot_status - Get processor boot status * @hdr: Generic Header diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h index f3c5b72860..c3bfa57253 100644 --- a/include/linux/soc/ti/ti_sci_protocol.h +++ b/include/linux/soc/ti/ti_sci_protocol.h @@ -250,8 +250,8 @@ struct ti_sci_proc_ops { u64 bv, u32 cfg_set, u32 cfg_clr); int (*set_proc_boot_ctrl)(const struct ti_sci_handle *handle, u8 pid, u32 ctrl_set, u32 ctrl_clr); - int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, u8 pid, - u64 caddr); + int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, + u64 *image_addr, u32 *image_size); int (*get_proc_boot_status)(const struct ti_sci_handle *handle, u8 pid, u64 *bv, u32 *cfg_flags, u32 *ctrl_flags, u32 *sts_flags);
On Wed, Feb 13, 2019 at 12:37:08PM -0600, Andrew F. Davis wrote:
SYSFW version 2019.01 introduces a slightly modified version of this API, add support for it here.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here.
Signed-off-by: Andrew F. Davis afd@ti.com --- MAINTAINERS | 1 + arch/arm/Kconfig | 2 +- arch/arm/mach-k3/Makefile | 1 + arch/arm/mach-k3/security.c | 63 +++++++++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 arch/arm/mach-k3/security.c
diff --git a/MAINTAINERS b/MAINTAINERS index 29449ffed6..18cdca9447 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -716,6 +716,7 @@ S: Supported F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk +F: arch/arm/mach-k3/security.c F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 455f06cfee..da397097e5 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1417,7 +1417,7 @@ endchoice
config TI_SECURE_DEVICE bool "HS Device Type Support" - depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS + depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3 help If a high secure (HS) device type is being used, this config must be set. This option impacts various aspects of the diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile index bd4ab361b2..0c3a4f7db1 100644 --- a/arch/arm/mach-k3/Makefile +++ b/arch/arm/mach-k3/Makefile @@ -6,4 +6,5 @@ obj-$(CONFIG_SOC_K3_AM6) += am6_init.o obj-$(CONFIG_ARM64) += arm64-mmu.o obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o +obj-$(CONFIG_TI_SECURE_DEVICE) += security.o obj-y += common.o diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c new file mode 100644 index 0000000000..52f49bf01f --- /dev/null +++ b/arch/arm/mach-k3/security.c @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * K3: Security functions + * + * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/ + * Andrew F. Davis afd@ti.com + */ + +#include <common.h> +#include <dm.h> +#include <linux/soc/ti/ti_sci_protocol.h> +#include <mach/spl.h> +#include <spl.h> + +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + struct udevice *dev; + struct ti_sci_handle *ti_sci; + struct ti_sci_proc_ops *proc_ops; + u64 image_addr; + u32 image_size; + int ret; + + /* Get handle to Device Management and Security Controller (SYSFW) */ + ret = uclass_get_device_by_name(UCLASS_FIRMWARE, "dmsc", &dev); + if (ret) { + printf("Failed to get handle to SYSFW (%d)\n", ret); + hang(); + } + ti_sci = (struct ti_sci_handle *)(ti_sci_get_handle_from_sysfw(dev)); + proc_ops = &ti_sci->ops.proc_ops; + + image_addr = (uintptr_t)*p_image; + + debug("Authenticating image at address 0x%016llx\n", image_addr); + + /* Authenticate image */ + ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size); + if (ret) { + printf("Authentication failed!\n"); + hang(); + } + + /* + * The image_size returned may be 0 when the authentication process has + * moved the image. When this happens no further processing on the + * image is needed or often even possible as it may have also been + * placed behind a firewall when moved. + */ + *p_size = image_size; + + /* + * Output notification of successful authentication to re-assure the + * user that the secure code is being processed as expected. However + * suppress any such log output in case of building for SPL and booting + * via YMODEM. This is done to avoid disturbing the YMODEM serial + * protocol transactions. + */ + if (!(IS_ENABLED(CONFIG_SPL_BUILD) && + IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && + spl_boot_device() == BOOT_DEVICE_UART)) + printf("Authentication passed\n"); +}
On Wed, Feb 13, 2019 at 12:37:09PM -0600, Andrew F. Davis wrote:
K3 devices have High Security (HS) variants along with the non-HS already supported. Like the previous generation devices (OMAP/Keystone2) K3 supports boot chain-of-trust by authenticating and optionally decrypting images as they are unpacked from FIT images. Add support for this here.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com --- MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS index 18cdca9447..ac6bd8cfca 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif
ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE + IS_HS=1 \ + $(srctree)/tools/k3_fit_atf.sh \ + $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@ + +ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin endif +endif + +else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif + +include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis afd@ti.com + +quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ + $< $@ \ + $(if $(KBUILD_VERBOSE:1=), >/dev/null) +else +cmd_k3secureimg = echo "WARNING:" \ + "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ + "$@ was NOT secured!"; cp $< $@ +endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ + "variable must be defined for TI secure devices." \ + "$@ was NOT secured!"; cp $< $@ +endif + +%.dtb_HS: %.dtb FORCE + $(call if_changed,k3secureimg) + +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE + $(call if_changed,k3secureimg) + +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE + $(call if_changed,mkfitimage) + +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ + -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \ + -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \ + $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST))) + +OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST))) +$(OF_LIST_TARGETS): dtbs + +u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE + $(call if_changed,k3secureimg) + +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE + $(call if_changed,mkimage) diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh index 430b5ca616..4e9f69c087 100755 --- a/tools/k3_fit_atf.sh +++ b/tools/k3_fit_atf.sh @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then TEE=/dev/null fi
+if [ ! -z "$IS_HS" ]; then + HS_APPEND=_HS +fi + cat << __HEADER_EOF /dts-v1/;
@@ -51,7 +55,7 @@ cat << __HEADER_EOF }; spl { description = "SPL (64-bit)"; - data = /incbin/("spl/u-boot-spl-nodtb.bin"); + data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND"); type = "standalone"; os = "U-Boot"; arch = "arm64"; @@ -66,7 +70,7 @@ do cat << __FDT_IMAGE_EOF $(basename $dtname) { description = "$(basename $dtname .dtb)"; - data = /incbin/("$dtname"); + data = /incbin/("$dtname$HS_APPEND"); type = "flat_dt"; arch = "arm"; compression = "none";
On Wed, Feb 13, 2019 at 12:37:10PM -0600, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
In general, since I suppose the answer to my question is "no", so: Reviewed-by: Tom Rini trini@konsulko.com
But it feels like we're copying a lot of make-magic around that we have for other hs devices. Can we find a common place for it for all TI platforms? Thanks!
On 2/13/19 2:27 PM, Tom Rini wrote:
On Wed, Feb 13, 2019 at 12:37:10PM -0600, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
In general, since I suppose the answer to my question is "no", so: Reviewed-by: Tom Rini trini@konsulko.com
But it feels like we're copying a lot of make-magic around that we have for other hs devices. Can we find a common place for it for all TI platforms? Thanks!
Well actually the answer is more a "maybe", I just don't know the right spot.
For mach-keystone/config.mk HS we link to the make-magic in mach-omap2/config_secure.mk. I did consider doing the same for this, but putting stuff in mach-omap2, even stuff that is not available on any OMAP platform device seemed wrong. Perhaps we could factor the HS magic out into a top-level makefile at some point.
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS index 18cdca9447..ac6bd8cfca 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif
ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE
- IS_HS=1 \
- $(srctree)/tools/k3_fit_atf.sh \
- $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin endif +endif
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif
+include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis afd@ti.com
+quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
- $< $@ \
- $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else +cmd_k3secureimg = echo "WARNING:" \
- "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
- "$@ was NOT secured!"; cp $< $@
+endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
- "variable must be defined for TI secure devices." \
- "$@ was NOT secured!"; cp $< $@
+endif
+%.dtb_HS: %.dtb FORCE
- $(call if_changed,k3secureimg)
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
- $(call if_changed,mkfitimage)
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
- -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
- -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
- $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
I guess these HS postfixed dtbs will never get cleaned. I see the same issue with other TI secure devices as well. Can you update the clean rules as well?
Thanks and regards, Lokesh
+OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST))) +$(OF_LIST_TARGETS): dtbs
+u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
- $(call if_changed,mkimage)
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh index 430b5ca616..4e9f69c087 100755 --- a/tools/k3_fit_atf.sh +++ b/tools/k3_fit_atf.sh @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then TEE=/dev/null fi
+if [ ! -z "$IS_HS" ]; then
- HS_APPEND=_HS
+fi
cat << __HEADER_EOF /dts-v1/;
@@ -51,7 +55,7 @@ cat << __HEADER_EOF }; spl { description = "SPL (64-bit)";
data = /incbin/("spl/u-boot-spl-nodtb.bin");
data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND"); type = "standalone"; os = "U-Boot"; arch = "arm64";@@ -66,7 +70,7 @@ do cat << __FDT_IMAGE_EOF $(basename $dtname) { description = "$(basename $dtname .dtb)";
data = /incbin/("$dtname");
data = /incbin/("$dtname$HS_APPEND"); type = "flat_dt"; arch = "arm"; compression = "none";
On 2/13/19 9:46 PM, Lokesh Vutla wrote:
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS index 18cdca9447..ac6bd8cfca 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif
ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE
- IS_HS=1 \
- $(srctree)/tools/k3_fit_atf.sh \
- $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin endif +endif
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif
+include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis afd@ti.com
+quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
- $< $@ \
- $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else +cmd_k3secureimg = echo "WARNING:" \
- "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
- "$@ was NOT secured!"; cp $< $@
+endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
- "variable must be defined for TI secure devices." \
- "$@ was NOT secured!"; cp $< $@
+endif
+%.dtb_HS: %.dtb FORCE
- $(call if_changed,k3secureimg)
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
- $(call if_changed,mkfitimage)
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
- -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
- -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
- $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
I guess these HS postfixed dtbs will never get cleaned. I see the same issue with other TI secure devices as well. Can you update the clean rules as well?
tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried adding them to clean-files and CLEAN_FILES, neither worked. Outside of manually deleting them on an appended clean rule I don't know what the recommended trick is for this.
Thanks and regards, Lokesh
+OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST))) +$(OF_LIST_TARGETS): dtbs
+u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
- $(call if_changed,mkimage)
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh index 430b5ca616..4e9f69c087 100755 --- a/tools/k3_fit_atf.sh +++ b/tools/k3_fit_atf.sh @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then TEE=/dev/null fi
+if [ ! -z "$IS_HS" ]; then
- HS_APPEND=_HS
+fi
cat << __HEADER_EOF /dts-v1/;
@@ -51,7 +55,7 @@ cat << __HEADER_EOF }; spl { description = "SPL (64-bit)";
data = /incbin/("spl/u-boot-spl-nodtb.bin");
data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND"); type = "standalone"; os = "U-Boot"; arch = "arm64";@@ -66,7 +70,7 @@ do cat << __FDT_IMAGE_EOF $(basename $dtname) { description = "$(basename $dtname .dtb)";
data = /incbin/("$dtname");
data = /incbin/("$dtname$HS_APPEND"); type = "flat_dt"; arch = "arm"; compression = "none";
On 2/15/2019 4:25 AM, Andrew F. Davis wrote:
On 2/13/19 9:46 PM, Lokesh Vutla wrote:
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS index 18cdca9447..ac6bd8cfca 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif
ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE
- IS_HS=1 \
- $(srctree)/tools/k3_fit_atf.sh \
- $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin endif +endif
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif
+include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis afd@ti.com
+quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
- $< $@ \
- $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else +cmd_k3secureimg = echo "WARNING:" \
- "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
- "$@ was NOT secured!"; cp $< $@
+endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
- "variable must be defined for TI secure devices." \
- "$@ was NOT secured!"; cp $< $@
+endif
+%.dtb_HS: %.dtb FORCE
- $(call if_changed,k3secureimg)
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
- $(call if_changed,mkfitimage)
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
- -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
- -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
- $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
I guess these HS postfixed dtbs will never get cleaned. I see the same issue with other TI secure devices as well. Can you update the clean rules as well?
tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried
Yeah, these should be cleaned as well.
adding them to clean-files and CLEAN_FILES, neither worked. Outside of
looks like clean-files is relative to the current directory. You can update arch/arm/dts/Makefile but it might be very generic.
Tom, any suggestions to clean files in this case?
Thanks and regards, Lokesh
manually deleting them on an appended clean rule I don't know what the recommended trick is for this.
Thanks and regards, Lokesh
+OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST))) +$(OF_LIST_TARGETS): dtbs
+u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
- $(call if_changed,mkimage)
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh index 430b5ca616..4e9f69c087 100755 --- a/tools/k3_fit_atf.sh +++ b/tools/k3_fit_atf.sh @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then TEE=/dev/null fi
+if [ ! -z "$IS_HS" ]; then
- HS_APPEND=_HS
+fi
cat << __HEADER_EOF /dts-v1/;
@@ -51,7 +55,7 @@ cat << __HEADER_EOF }; spl { description = "SPL (64-bit)";
data = /incbin/("spl/u-boot-spl-nodtb.bin");
data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND"); type = "standalone"; os = "U-Boot"; arch = "arm64";@@ -66,7 +70,7 @@ do cat << __FDT_IMAGE_EOF $(basename $dtname) { description = "$(basename $dtname .dtb)";
data = /incbin/("$dtname");
data = /incbin/("$dtname$HS_APPEND"); type = "flat_dt"; arch = "arm"; compression = "none";
On Fri, Feb 15, 2019 at 05:43:32PM +0530, Lokesh Vutla wrote:
On 2/15/2019 4:25 AM, Andrew F. Davis wrote:
On 2/13/19 9:46 PM, Lokesh Vutla wrote:
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS index 18cdca9447..ac6bd8cfca 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif
ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE
- IS_HS=1 \
- $(srctree)/tools/k3_fit_atf.sh \
- $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin endif +endif
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif
+include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis afd@ti.com
+quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
- $< $@ \
- $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else +cmd_k3secureimg = echo "WARNING:" \
- "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
- "$@ was NOT secured!"; cp $< $@
+endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
- "variable must be defined for TI secure devices." \
- "$@ was NOT secured!"; cp $< $@
+endif
+%.dtb_HS: %.dtb FORCE
- $(call if_changed,k3secureimg)
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
- $(call if_changed,mkfitimage)
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
- -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
- -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
- $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
I guess these HS postfixed dtbs will never get cleaned. I see the same issue with other TI secure devices as well. Can you update the clean rules as well?
tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried
Yeah, these should be cleaned as well.
adding them to clean-files and CLEAN_FILES, neither worked. Outside of
looks like clean-files is relative to the current directory. You can update arch/arm/dts/Makefile but it might be very generic.
Tom, any suggestions to clean files in this case?
I guess we need to update clean-files in arch/arm/dts/Makefile then, yes.
On 2/16/19 4:18 PM, Tom Rini wrote:
On Fri, Feb 15, 2019 at 05:43:32PM +0530, Lokesh Vutla wrote:
On 2/15/2019 4:25 AM, Andrew F. Davis wrote:
On 2/13/19 9:46 PM, Lokesh Vutla wrote:
On 14/02/19 12:07 AM, Andrew F. Davis wrote:
K3 HS devices require signed binaries for boot, use the SECDEV tools to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis afd@ti.com
MAINTAINERS | 1 + arch/arm/mach-k3/config.mk | 25 ++++++++++++++++++ arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++ tools/k3_fit_atf.sh | 8 ++++-- 4 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS index 18cdca9447..ac6bd8cfca 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S F: arch/arm/mach-omap2/sec-common.c F: arch/arm/mach-omap2/config_secure.mk F: arch/arm/mach-k3/security.c +F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk index be00d79fb0..2d8f61f9db 100644 --- a/arch/arm/mach-k3/config.mk +++ b/arch/arm/mach-k3/config.mk @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo # If external key is not provided, generate key using openssl. ifeq ($(CONFIG_SYS_K3_KEY), "") KEY=u-boot-spl-eckey.pem +# On HS use real key or warn if not available +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem +else +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!") +endif +endif else KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) endif @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin endif
ifdef CONFIG_ARM64 +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +SPL_ITS := u-boot-spl-k3_HS.its +$(SPL_ITS): FORCE
- IS_HS=1 \
- $(srctree)/tools/k3_fit_atf.sh \
- $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+ALL-y += tispl.bin_HS +else SPL_ITS := u-boot-spl-k3.its $(SPL_ITS): FORCE $(srctree)/tools/k3_fit_atf.sh \ @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin endif +endif
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot.img_HS else ALL-y += u-boot.img endif +endif
+include $(srctree)/arch/arm/mach-k3/config_secure.mk diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk new file mode 100644 index 0000000000..6d63c57665 --- /dev/null +++ b/arch/arm/mach-k3/config_secure.mk @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ +# Andrew F. Davis afd@ti.com
+quiet_cmd_k3secureimg = SECURE $@ +ifneq ($(TI_SECURE_DEV_PKG),) +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),) +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
- $< $@ \
- $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else +cmd_k3secureimg = echo "WARNING:" \
- "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
- "$@ was NOT secured!"; cp $< $@
+endif +else +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
- "variable must be defined for TI secure devices." \
- "$@ was NOT secured!"; cp $< $@
+endif
+%.dtb_HS: %.dtb FORCE
- $(call if_changed,k3secureimg)
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
- $(call if_changed,k3secureimg)
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
- $(call if_changed,mkfitimage)
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
- -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
- -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
- $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
I guess these HS postfixed dtbs will never get cleaned. I see the same issue with other TI secure devices as well. Can you update the clean rules as well?
tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried
Yeah, these should be cleaned as well.
adding them to clean-files and CLEAN_FILES, neither worked. Outside of
looks like clean-files is relative to the current directory. You can update arch/arm/dts/Makefile but it might be very generic.
Tom, any suggestions to clean files in this case?
I guess we need to update clean-files in arch/arm/dts/Makefile then, yes.
Then I will update that for all our extra artifacts in a separate patch on top of this series.
Thanks, Andrew
Add new defconfig files for the AM65x High Security EVM.
This defconfigs are the same as for the non-secure part, except for: CONFIG_TI_SECURE_DEVICE option set to 'y' CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
Signed-off-by: Andrew F. Davis afd@ti.com --- MAINTAINERS | 2 + configs/am65x_hs_evm_a53_defconfig | 74 ++++++++++++++++++++++++ configs/am65x_hs_evm_r5_defconfig | 90 ++++++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100644 configs/am65x_hs_evm_a53_defconfig create mode 100644 configs/am65x_hs_evm_r5_defconfig
diff --git a/MAINTAINERS b/MAINTAINERS index ac6bd8cfca..af1ebfd275 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -729,6 +729,8 @@ F: configs/k2hk_hs_evm_defconfig F: configs/k2e_hs_evm_defconfig F: configs/k2g_hs_evm_defconfig F: configs/k2l_hs_evm_defconfig +F: configs/am65x_hs_evm_r5_defconfig +F: configs/am65x_hs_evm_a53_defconfig
TQ GROUP #M: Martin Krause martin.krause@tq-systems.de diff --git a/configs/am65x_hs_evm_a53_defconfig b/configs/am65x_hs_evm_a53_defconfig new file mode 100644 index 0000000000..b9b5a921af --- /dev/null +++ b/configs/am65x_hs_evm_a53_defconfig @@ -0,0 +1,74 @@ +CONFIG_ARM=y +CONFIG_ARCH_K3=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_SPL_LIBCOMMON_SUPPORT=y +CONFIG_SPL_LIBGENERIC_SUPPORT=y +CONFIG_SYS_MALLOC_F_LEN=0x2000 +CONFIG_SOC_K3_AM6=y +CONFIG_TARGET_AM654_A53_EVM=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_STACK_R_ADDR=0x82000000 +CONFIG_SPL_FS_FAT=y +CONFIG_SPL_LIBDISK_SUPPORT=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_NR_DRAM_BANKS=2 +# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run get_kern_${boot}; run get_fdt_${boot}; run run_kern" +# CONFIG_DISPLAY_CPUINFO is not set +CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_I2C_SUPPORT=y +CONFIG_SPL_DM_MAILBOX=y +CONFIG_SPL_DM_RESET=y +CONFIG_SPL_POWER_DOMAIN=y +CONFIG_SPL_REMOTEPROC=y +CONFIG_SPL_YMODEM_SUPPORT=y +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_MMC=y +CONFIG_CMD_REMOTEPROC=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_TIME=y +# CONFIG_ISO_PARTITION is not set +# CONFIG_EFI_PARTITION is not set +CONFIG_OF_CONTROL=y +CONFIG_SPL_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board" +CONFIG_SPL_MULTI_DTB_FIT=y +CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y +CONFIG_ENV_IS_IN_FAT=y +CONFIG_ENV_FAT_INTERFACE="mmc" +CONFIG_ENV_FAT_DEVICE_AND_PART="1:1" +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPL_DM_SEQ_ALIAS=y +CONFIG_CLK=y +CONFIG_SPL_CLK=y +CONFIG_CLK_TI_SCI=y +CONFIG_TI_SCI_PROTOCOL=y +CONFIG_DM_MAILBOX=y +CONFIG_K3_SEC_PROXY=y +CONFIG_MISC=y +CONFIG_DM_MMC=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_K3_ARASAN=y +CONFIG_PINCTRL=y +# CONFIG_PINCTRL_GENERIC is not set +CONFIG_SPL_PINCTRL=y +# CONFIG_SPL_PINCTRL_GENERIC is not set +CONFIG_PINCTRL_SINGLE=y +CONFIG_POWER_DOMAIN=y +CONFIG_TI_SCI_POWER_DOMAIN=y +CONFIG_K3_SYSTEM_CONTROLLER=y +CONFIG_REMOTEPROC_K3=y +CONFIG_DM_RESET=y +CONFIG_RESET_TI_SCI=y +CONFIG_DM_SERIAL=y +CONFIG_SYSRESET=y +CONFIG_SYSRESET_TI_SCI=y diff --git a/configs/am65x_hs_evm_r5_defconfig b/configs/am65x_hs_evm_r5_defconfig new file mode 100644 index 0000000000..1b9c138c03 --- /dev/null +++ b/configs/am65x_hs_evm_r5_defconfig @@ -0,0 +1,90 @@ +CONFIG_ARM=y +CONFIG_ARCH_K3=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_SPL_GPIO_SUPPORT=y +CONFIG_SPL_LIBCOMMON_SUPPORT=y +CONFIG_SPL_LIBGENERIC_SUPPORT=y +CONFIG_SYS_MALLOC_F_LEN=0x2000 +CONFIG_SOC_K3_AM6=y +CONFIG_TARGET_AM654_R5_EVM=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_STACK_R_ADDR=0x82000000 +CONFIG_SPL_FS_FAT=y +CONFIG_SPL_LIBDISK_SUPPORT=y +CONFIG_NR_DRAM_BANKS=2 +# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_USE_BOOTCOMMAND=y +# CONFIG_DISPLAY_CPUINFO is not set +CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_I2C_SUPPORT=y +CONFIG_SPL_DM_MAILBOX=y +CONFIG_SPL_DM_RESET=y +CONFIG_SPL_POWER_SUPPORT=y +CONFIG_SPL_POWER_DOMAIN=y +CONFIG_SPL_RAM_SUPPORT=y +CONFIG_SPL_RAM_DEVICE=y +CONFIG_SPL_REMOTEPROC=y +CONFIG_SPL_YMODEM_SUPPORT=y +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_REMOTEPROC=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_TIME=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_SPL_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="k3-am654-r5-base-board" +CONFIG_SPL_MULTI_DTB_FIT=y +CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y +CONFIG_ENV_IS_IN_FAT=y +CONFIG_ENV_FAT_INTERFACE="mmc" +CONFIG_ENV_FAT_DEVICE_AND_PART="1:1" +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPL_DM_SEQ_ALIAS=y +CONFIG_SPL_OF_TRANSLATE=y +CONFIG_CLK=y +CONFIG_SPL_CLK=y +CONFIG_CLK_TI_SCI=y +CONFIG_TI_SCI_PROTOCOL=y +CONFIG_DM_GPIO=y +CONFIG_DA8XX_GPIO=y +CONFIG_DM_MAILBOX=y +CONFIG_K3_SEC_PROXY=y +CONFIG_MISC=y +CONFIG_DM_MMC=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_K3_ARASAN=y +CONFIG_PINCTRL=y +# CONFIG_PINCTRL_GENERIC is not set +CONFIG_SPL_PINCTRL=y +# CONFIG_SPL_PINCTRL_GENERIC is not set +CONFIG_PINCTRL_SINGLE=y +CONFIG_POWER_DOMAIN=y +CONFIG_TI_SCI_POWER_DOMAIN=y +CONFIG_DM_REGULATOR=y +CONFIG_SPL_DM_REGULATOR=y +CONFIG_DM_REGULATOR_GPIO=y +CONFIG_SPL_DM_REGULATOR_GPIO=y +CONFIG_RAM=y +CONFIG_SPL_RAM=y +CONFIG_K3_SYSTEM_CONTROLLER=y +CONFIG_REMOTEPROC_K3=y +CONFIG_DM_RESET=y +CONFIG_RESET_TI_SCI=y +CONFIG_DM_SERIAL=y +CONFIG_SYSRESET=y +CONFIG_SYSRESET_TI_SCI=y +CONFIG_TIMER=y +CONFIG_SPL_TIMER=y +CONFIG_OMAP_TIMER=y
On Wed, Feb 13, 2019 at 12:37:11PM -0600, Andrew F. Davis wrote:
Add new defconfig files for the AM65x High Security EVM.
This defconfigs are the same as for the non-secure part, except for: CONFIG_TI_SECURE_DEVICE option set to 'y' CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Signed-off-by: Andrew F. Davis afd@ti.com --- doc/README.ti-secure | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 76950253ac..27c0eaa77f 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -138,7 +138,7 @@ Booting of U-Boot SPL <INPUT_FILE>
Invoking the script for Keystone2 Secure Devices - ============================================= + ================================================
create-boot-image.sh \ <UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED> @@ -157,6 +157,18 @@ Booting of U-Boot SPL boot from all media. Secure boot from SPI NOR flash is not currently supported.
+ Invoking the script for K3 Secure Devices + ========================================= + + The signing steps required to produce a bootable SPL image on secure + K3 TI devices are the same as those performed on non-secure devices. + The only difference is the key is not checked on non-secure devices so + a dummy key is used when building U-Boot for those devices. For secure + K3 TI devices simply use the real hardware key for your device. This + real key can be set with the Kconfig option "K3_KEY". The environment + variable TI_SECURE_DEV_PKG is also searched for real keys when the + build targets secure devices. + Booting of Primary U-Boot (u-boot.img) ======================================
@@ -181,10 +193,8 @@ Booting of Primary U-Boot (u-boot.img) is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which must be enabled for the secure boot scheme to work. In order to allow verifying proper operation of the secure boot chain in case of successful - authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are - output by the SPL to the console for each blob that got extracted from the - FIT image. Note that the last part of this log message is the (truncated) - name of the signing certificate embedded into the blob that got processed. + authentication messages like "Authentication passed" are output by the + SPL to the console for each blob that got extracted from the FIT image.
The exact details of the how the images are secured is handled by the SECDEV package. Within the SECDEV package exists a script to process
On Wed, Feb 13, 2019 at 12:37:12PM -0600, Andrew F. Davis wrote:
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Wed, Feb 13, 2019 at 12:37:05PM -0600, Andrew F. Davis wrote:
Hello all,
This series brings up HS device support on the AM65x platform. Support for HS on K3 family devices is a bit different than previous devices but for the most part all that has been abstracted into the SECDEV package, allowing for a rather straight forward implementation here.
Thanks, Andrew
Andrew F. Davis (7): arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded firmware: ti_sci: Add support for firewall management firmware: ti_sci: Modify auth_boot TI-SCI API to match new version arm: mach-k3: Add secure device support arm: mach-k3: Add secure device build support configs: Add a config for AM65x High Security EVM doc: Update info on using K3 secure devices
For the series...
Reviewed-by: Andreas Dannenberg dannenberg@ti.com
-- Andreas Dannenberg Texas Instruments Inc
MAINTAINERS | 4 + arch/arm/Kconfig | 2 +- arch/arm/mach-k3/Makefile | 1 + arch/arm/mach-k3/am6_init.c | 8 +- arch/arm/mach-k3/config.mk | 25 +++ arch/arm/mach-k3/config_secure.mk | 44 ++++ arch/arm/mach-k3/include/mach/am6_hardware.h | 3 - arch/arm/mach-k3/security.c | 63 ++++++ configs/am65x_hs_evm_a53_defconfig | 74 +++++++ configs/am65x_hs_evm_r5_defconfig | 90 +++++++++ doc/README.ti-secure | 20 +- drivers/firmware/ti_sci.c | 202 ++++++++++++++++++- drivers/firmware/ti_sci.h | 139 ++++++++++++- include/linux/soc/ti/ti_sci_protocol.h | 68 ++++++- tools/k3_fit_atf.sh | 8 +- 15 files changed, 722 insertions(+), 29 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk create mode 100644 arch/arm/mach-k3/security.c create mode 100644 configs/am65x_hs_evm_a53_defconfig create mode 100644 configs/am65x_hs_evm_r5_defconfig
-- 2.19.1
U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
participants (4)
-
Andreas Dannenberg -
Andrew F. Davis -
Lokesh Vutla -
Tom Rini