aboutsummaryrefslogtreecommitdiff
path: root/arch/arm/mach-omap2
diff options
context:
space:
mode:
authorMadan Srinivas2017-09-20 14:37:36 -0500
committerTom Rini2017-09-29 14:07:55 -0400
commit0830d72bb9f8c07d76b67ba7ac3f5e679f767de0 (patch)
tree8dfba3b119427a381361cd316b7d75a91773af66 /arch/arm/mach-omap2
parentc2dca3374a4185441efcd2a568c5d57b5325a812 (diff)
arm: am33xx: security: adds auth support for encrypted images
This patch adds support for authentication of both plain text and encrypted binaries. A new SECDEV package is needed to enable encryption of binaries by default for AM3x. The ROM authentication API detects encrypted images at runtime and automatically decrypts the image if the signature verification passes. Addition of encryption on AM3x results in a change in the image format. On AM4x, AM5x and, on AM3x devices signing clear test images, the signature is appended to the end of the binary. On AM3x, when the SECDEV package is used to create signed and encrypted images, the signature is added as a header to the start of the binary. So the binary size calculation has been updated to reflect this change. The signing tools and encrypted image format for AM3x cannot be changed to behave like AM4x and AM5x to maintain backward compatibility with older Sitara M-Shield releases. Signed-off-by: Madan Srinivas <madans@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com>
Diffstat (limited to 'arch/arm/mach-omap2')
-rw-r--r--arch/arm/mach-omap2/sec-common.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/arch/arm/mach-omap2/sec-common.c b/arch/arm/mach-omap2/sec-common.c
index 52e1785b4aa..2630e7d316a 100644
--- a/arch/arm/mach-omap2/sec-common.c
+++ b/arch/arm/mach-omap2/sec-common.c
@@ -41,6 +41,9 @@
#define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26)
#define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27)
+/* Offset of header size if image is signed as ISW */
+#define HEADER_SIZE_OFFSET (0x6D)
+
int tee_loaded = 0;
/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
@@ -125,6 +128,9 @@ int secure_boot_verify_image(void **image, size_t *size)
}
*size = sig_addr - cert_addr; /* Subtract out the signature size */
+ /* Subtract header if present */
+ if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0)
+ *size = ((u32 *)*image)[HEADER_SIZE_OFFSET];
cert_size = *size;
/* Check if image load address is 32-bit aligned */