From 914ede697876295e5554133e74e03d68e11ed7c9 Mon Sep 17 00:00:00 2001 From: Peng Fan Date: Thu, 15 Jun 2023 18:09:06 +0800 Subject: imx: parse-container: fix build warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix build warning: warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3 has type ‘u64’ {aka ‘long long unsigned int’} [-Wformat=] printf("can't find memreg for image %d load address 0x%x, error %d\n", warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘sc_faddr_t’ {aka ‘long long unsigned int’} [-Wformat=] debug("memreg %u 0x%lx -- 0x%lx\n", mr, start, end); Signed-off-by: Peng Fan --- arch/arm/mach-imx/parse-container.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'arch/arm/mach-imx/parse-container.c') diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c index f7582825d6d..a0d1eb3831c 100644 --- a/arch/arm/mach-imx/parse-container.c +++ b/arch/arm/mach-imx/parse-container.c @@ -35,14 +35,14 @@ static int authenticate_image(struct boot_img_t *img, int image_index) ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1); if (err) { - printf("can't find memreg for image %d load address 0x%x, error %d\n", + printf("can't find memreg for image %d load address 0x%llx, error %d\n", image_index, img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), err); return -ENOMEM; } err = sc_rm_get_memreg_info(-1, mr, &start, &end); if (!err) - debug("memreg %u 0x%x -- 0x%x\n", mr, start, end); + debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); err = sc_rm_set_memreg_permissions(-1, mr, SECO_PT, SC_RM_PERM_FULL); -- cgit v1.2.3 From 6e81ca220e03b241ad7a3f5ddf4cba666b4f7446 Mon Sep 17 00:00:00 2001 From: Nitin Garg Date: Thu, 15 Jun 2023 18:09:22 +0800 Subject: imx: parse-container: Use malloc for container processing If the container has image which conflicts with spl_get_load_buffer address, there are processing failures. Use malloc instead of spl_get_load_buffer. Reviewed-by: Ye Li Signed-off-by: Nitin Garg Signed-off-by: Peng Fan --- arch/arm/mach-imx/parse-container.c | 38 ++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'arch/arm/mach-imx/parse-container.c') diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c index a0d1eb3831c..c5b3abc4f29 100644 --- a/arch/arm/mach-imx/parse-container.c +++ b/arch/arm/mach-imx/parse-container.c @@ -4,6 +4,7 @@ */ #include +#include #include #include #include @@ -134,21 +135,27 @@ static int read_auth_container(struct spl_image_info *spl_image, * It will not override the ATF code, so safe to use it here, * no need malloc */ - container = (struct container_hdr *)spl_get_load_buffer(-size, size); + container = malloc(size); + if (!container) + return -ENOMEM; debug("%s: container: %p sector: %lu sectors: %u\n", __func__, container, sector, sectors); - if (info->read(info, sector, sectors, container) != sectors) - return -EIO; + if (info->read(info, sector, sectors, container) != sectors) { + ret = -EIO; + goto end; + } if (container->tag != 0x87 && container->version != 0x0) { - printf("Wrong container header\n"); - return -ENOENT; + printf("Wrong container header"); + ret = -ENOENT; + goto end; } if (!container->num_images) { - printf("Wrong container, no image found\n"); - return -ENOENT; + printf("Wrong container, no image found"); + ret = -ENOENT; + goto end; } length = container->length_lsb + (container->length_msb << 8); @@ -158,13 +165,18 @@ static int read_auth_container(struct spl_image_info *spl_image, size = roundup(length, info->bl_len); sectors = size / info->bl_len; - container = (struct container_hdr *)spl_get_load_buffer(-size, size); + free(container); + container = malloc(size); + if (!container) + return -ENOMEM; debug("%s: container: %p sector: %lu sectors: %u\n", __func__, container, sector, sectors); if (info->read(info, sector, sectors, container) != - sectors) - return -EIO; + sectors) { + ret = -EIO; + goto end; + } } #ifdef CONFIG_AHAB_BOOT @@ -175,7 +187,7 @@ static int read_auth_container(struct spl_image_info *spl_image, SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); if (ret) { printf("authenticate container hdr failed, return %d\n", ret); - return ret; + goto end_auth; } #endif @@ -200,6 +212,10 @@ end_auth: if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0)) printf("Error: release container failed!\n"); #endif + +end: + free(container); + return ret; } -- cgit v1.2.3 From 00ce4153fbd01aa78b734d87f16772480c42166e Mon Sep 17 00:00:00 2001 From: Ye Li Date: Thu, 15 Jun 2023 18:09:23 +0800 Subject: imx: ahab: Update AHAB for iMX8 and iMX8ULP Abstract common interfaces for AHAB authentication operations. Then share some common codes for AHAB and SPL container authentication Signed-off-by: Ye Li Signed-off-by: Peng Fan --- arch/arm/mach-imx/parse-container.c | 81 +++---------------------------------- 1 file changed, 6 insertions(+), 75 deletions(-) (limited to 'arch/arm/mach-imx/parse-container.c') diff --git a/arch/arm/mach-imx/parse-container.c b/arch/arm/mach-imx/parse-container.c index c5b3abc4f29..e2a9e2b2732 100644 --- a/arch/arm/mach-imx/parse-container.c +++ b/arch/arm/mach-imx/parse-container.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018-2019 NXP + * Copyright 2018-2021 NXP */ #include @@ -10,67 +10,7 @@ #include #include #ifdef CONFIG_AHAB_BOOT -#include -#endif - -#define SEC_SECURE_RAM_BASE 0x31800000UL -#define SEC_SECURE_RAM_END_BASE (SEC_SECURE_RAM_BASE + 0xFFFFUL) -#define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE 0x60000000UL - -#define SECO_PT 2U - -#ifdef CONFIG_AHAB_BOOT -static int authenticate_image(struct boot_img_t *img, int image_index) -{ - sc_faddr_t start, end; - sc_rm_mr_t mr; - int err; - int ret = 0; - - debug("img %d, dst 0x%x, src 0x%x, size 0x%x\n", - image_index, (uint32_t)img->dst, img->offset, img->size); - - /* Find the memreg and set permission for seco pt */ - err = sc_rm_find_memreg(-1, &mr, - img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), - ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1); - - if (err) { - printf("can't find memreg for image %d load address 0x%llx, error %d\n", - image_index, img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1), err); - return -ENOMEM; - } - - err = sc_rm_get_memreg_info(-1, mr, &start, &end); - if (!err) - debug("memreg %u 0x%llx -- 0x%llx\n", mr, start, end); - - err = sc_rm_set_memreg_permissions(-1, mr, - SECO_PT, SC_RM_PERM_FULL); - if (err) { - printf("set permission failed for img %d, error %d\n", - image_index, err); - return -EPERM; - } - - err = sc_seco_authenticate(-1, SC_SECO_VERIFY_IMAGE, - 1 << image_index); - if (err) { - printf("authenticate img %d failed, return %d\n", - image_index, err); - ret = -EIO; - } - - err = sc_rm_set_memreg_permissions(-1, mr, - SECO_PT, SC_RM_PERM_NONE); - if (err) { - printf("remove permission failed for img %d, error %d\n", - image_index, err); - ret = -EPERM; - } - - return ret; -} +#include #endif static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, @@ -111,10 +51,8 @@ static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, } #ifdef CONFIG_AHAB_BOOT - if (authenticate_image(&images[image_index], image_index)) { - printf("Failed to authenticate image %d\n", image_index); + if (ahab_verify_cntr_image(&images[image_index], image_index)) return NULL; - } #endif return &images[image_index]; @@ -180,15 +118,9 @@ static int read_auth_container(struct spl_image_info *spl_image, } #ifdef CONFIG_AHAB_BOOT - memcpy((void *)SEC_SECURE_RAM_BASE, (const void *)container, - ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); - - ret = sc_seco_authenticate(-1, SC_SECO_AUTH_CONTAINER, - SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE); - if (ret) { - printf("authenticate container hdr failed, return %d\n", ret); + ret = ahab_auth_cntr_hdr(container, length); + if (ret) goto end_auth; - } #endif for (i = 0; i < container->num_images; i++) { @@ -209,8 +141,7 @@ static int read_auth_container(struct spl_image_info *spl_image, end_auth: #ifdef CONFIG_AHAB_BOOT - if (sc_seco_authenticate(-1, SC_SECO_REL_CONTAINER, 0)) - printf("Error: release container failed!\n"); + ahab_auth_release(); #endif end: -- cgit v1.2.3