diff options
| author | Marek Vasut | 2023-05-28 23:00:30 +0200 |
|---|---|---|
| committer | Tom Rini | 2023-06-24 13:47:02 -0400 |
| commit | 6039e0edc8540bd2abee780549b260bdaf089168 (patch) | |
| tree | 4e179f7c6962564dd11fba3d6bb551603b368457 /arch/arm/mach-imx/spl.c | |
| parent | 6a412faea3dd0cb07c5fb19b9c01ab0bc73e3950 (diff) | |
imx: hab: Simplify the mechanism
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.
Signed-off-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'arch/arm/mach-imx/spl.c')
| -rw-r--r-- | arch/arm/mach-imx/spl.c | 67 |
1 files changed, 24 insertions, 43 deletions
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index cb9801b7a13..6c13b00ef10 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -20,6 +20,7 @@ #include <asm/mach-imx/boot_mode.h> #include <g_dnl.h> #include <linux/libfdt.h> +#include <memalign.h> DECLARE_GLOBAL_DATA_PTR; @@ -315,47 +316,21 @@ ulong board_spl_fit_size_align(ulong size) size = ALIGN(size, 0x1000); size += CONFIG_CSF_SIZE; - return size; -} + if (size > CONFIG_SYS_BOOTM_LEN) + panic("spl: ERROR: image too big\n"); -void board_spl_fit_post_load(const void *fit) -{ - u32 offset = ALIGN(fdt_totalsize(fit), 0x1000); - - if (imx_hab_authenticate_image((uintptr_t)fit, - offset + IVT_SIZE + CSF_PAD_SIZE, - offset)) { - panic("spl: ERROR: image authentication unsuccessful\n"); - } + return size; } #endif void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len) { - int align_len = ARCH_DMA_MINALIGN - 1; - - /* Some devices like SDP, NOR, NAND, SPI are using bl_len =1, so their fit address - * is different with SD/MMC, this cause mismatch with signed address. Thus, adjust - * the bl_len to align with SD/MMC. - */ - if (bl_len < 512) - bl_len = 512; - - return (void *)((CONFIG_TEXT_BASE - fit_size - bl_len - - align_len) & ~align_len); -} +#if defined(CONFIG_SPL_LOAD_FIT_ADDRESS) + return (void *)CONFIG_SPL_LOAD_FIT_ADDRESS; +#else + return (void *)(CONFIG_TEXT_BASE + CONFIG_SYS_BOOTM_LEN); #endif - -#if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT) -int dram_init_banksize(void) -{ - gd->bd->bi_dram[0].start = CFG_SYS_SDRAM_BASE; - gd->bd->bi_dram[0].size = imx_ddr_size(); - - return 0; } -#endif - /* * read the address where the IVT header must sit * from IVT image header, loaded from SPL into @@ -365,7 +340,6 @@ int dram_init_banksize(void) void *spl_load_simple_fit_fix_load(const void *fit) { struct ivt *ivt; - unsigned long new; unsigned long offset; unsigned long size; u8 *tmp = (u8 *)fit; @@ -375,16 +349,23 @@ void *spl_load_simple_fit_fix_load(const void *fit) size = board_spl_fit_size_align(size); tmp += offset; ivt = (struct ivt *)tmp; - if (ivt->hdr.magic != IVT_HEADER_MAGIC) { - debug("no IVT header found\n"); - return (void *)fit; - } + debug("%s: ivt: %p offset: %lx size: %lx\n", __func__, ivt, offset, size); debug("%s: ivt self: %x\n", __func__, ivt->self); - new = ivt->self; - new -= offset; - debug("%s: new %lx\n", __func__, new); - memcpy((void *)new, fit, size); - return (void *)new; + if (imx_hab_authenticate_image((uintptr_t)fit, (uintptr_t)ivt, offset)) + panic("spl: ERROR: image authentication unsuccessful\n"); + + return (void *)fit; } +#endif /* CONFIG_IMX_HAB */ + +#if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT) +int dram_init_banksize(void) +{ + gd->bd->bi_dram[0].start = CFG_SYS_SDRAM_BASE; + gd->bd->bi_dram[0].size = imx_ddr_size(); + + return 0; +} +#endif |