diff options
author | Ji Luo <ji.luo@nxp.com> | 2021-05-14 15:27:28 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2022-04-20 09:49:44 +0800 |
commit | 68c037468e43886ae2f163babaa830156129964d (patch) | |
tree | 41c45d851d04d8a82bec59b20a181b765a29792e /arch/arm/mach-imx/spl.c | |
parent | 977347e1124252c11363e5a93fbb7b591f9155d4 (diff) |
MA-19048-1 MCU security enhancement
Move the MCU RDC config to dts, it will be parsed by
SPL and stored in OCRAM_S, then the MCU RDC config will
be setup before MCU kicking.
Use HAB to verify the MCU image to guarantee its integrity.
Change-Id: I82dd378a6516b4d3cc47c5de2e403d817ba80256
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 2e972e4aa6c44eec0444d59d11c0a0c175699cf2)
Diffstat (limited to 'arch/arm/mach-imx/spl.c')
-rw-r--r-- | arch/arm/mach-imx/spl.c | 87 |
1 files changed, 77 insertions, 10 deletions
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index bb3487bf23..2995ba4281 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -319,16 +319,6 @@ ulong board_spl_fit_size_align(ulong size) return size; } -void board_spl_fit_post_load(const void *fit) -{ - u32 offset = ALIGN(fdt_totalsize(fit), 0x1000); - - if (imx_hab_authenticate_image((uintptr_t)fit, - offset + IVT_SIZE + CSF_PAD_SIZE, - offset)) { - panic("spl: ERROR: image authentication unsuccessful\n"); - } -} #endif void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len) @@ -390,6 +380,83 @@ void *spl_load_simple_fit_fix_load(const void *fit) return (void *)new; } +#if defined(CONFIG_IMX8MP) || defined(CONFIG_IMX8MN) +int board_handle_rdc_config(void *fdt_addr, const char *config_name, void *dst_addr) +{ + int node = -1, size = 0, ret = 0; + uint32_t *data = NULL; + const struct fdt_property *prop; + + node = fdt_node_offset_by_compatible(fdt_addr, -1, "imx8m,mcu_rdc"); + if (node < 0) { + printf("Failed to find node!, err: %d!\n", node); + ret = -1; + goto exit; + } + + /* + * Before MCU core starts we should set the rdc config for it, + * then restore the rdc config after it stops. + */ + prop = fdt_getprop(fdt_addr, node, config_name, &size); + if (!prop) { + printf("Failed to find property %s!\n", config_name); + ret = -1; + goto exit; + } + if (!size || size % (5 * sizeof(uint32_t))) { + printf("Config size is wrong! size:%d\n", size); + ret = -1; + goto exit; + } + data = malloc(size); + if (fdtdec_get_int_array(fdt_addr, node, config_name, + data, size/sizeof(int))) { + printf("Failed to parse rdc config!\n"); + ret = -1; + goto exit; + } else { + /* copy the rdc config */ + memcpy(dst_addr, data, size); + ret = 0; + } + +exit: + if (data) + free(data); + + /* Invalidate the buffer if no valid config found. */ + if (ret < 0) + memset(dst_addr, 0, sizeof(uint32_t)); + + return ret; +} +#endif + +void board_spl_fit_post_load(const void *fit, struct spl_image_info *spl_image) +{ + if (IS_ENABLED(CONFIG_IMX_HAB) && !(spl_image->flags & SPL_FIT_BYPASS_POST_LOAD)) { + u32 offset = ALIGN(fdt_totalsize(fit), 0x1000); + + if (imx_hab_authenticate_image((uintptr_t)fit, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { + panic("spl: ERROR: image authentication unsuccessful\n"); + } + } +#if defined(CONFIG_IMX8MP) || defined(CONFIG_IMX8MN) +#define MCU_RDC_MAGIC "mcu_rdc" + if (!(spl_image->flags & SPL_FIT_BYPASS_POST_LOAD)) { + memcpy((void *)CONFIG_IMX8M_MCU_RDC_START_CONFIG_ADDR, MCU_RDC_MAGIC, ALIGN(strlen(MCU_RDC_MAGIC), 4)); + memcpy((void *)CONFIG_IMX8M_MCU_RDC_STOP_CONFIG_ADDR, MCU_RDC_MAGIC, ALIGN(strlen(MCU_RDC_MAGIC), 4)); + board_handle_rdc_config(spl_image->fdt_addr, "start-config", + (void *)(CONFIG_IMX8M_MCU_RDC_START_CONFIG_ADDR + ALIGN(strlen(MCU_RDC_MAGIC), 4))); + board_handle_rdc_config(spl_image->fdt_addr, "stop-config", + (void *)(CONFIG_IMX8M_MCU_RDC_STOP_CONFIG_ADDR + ALIGN(strlen(MCU_RDC_MAGIC), 4))); + } +#endif +} + #ifdef CONFIG_IMX_TRUSTY_OS int check_rpmb_blob(struct mmc *mmc); |