From bd6a247593742596a83d6e36bebb45cb78a4017e Mon Sep 17 00:00:00 2001 From: Manorit Chawdhry Date: Thu, 18 May 2023 12:44:17 +0530 Subject: arm: mach-k3: security: separate out validating binary logic K3 GP devices allows booting the secure binaries on them by bypassing the x509 header on them. ATF and OPTEE firewalling required the rproc_load to be called before authentication. This change caused the failure for GP devices that strips off the headers. The boot vector had been set before the headers were stripped off causing the runtime stripping to fail and stripping becoming in-effective. Separate out the secure binary check on GP/HS devices so that the boot_vector could be stripped before calling rproc_load. This allows keeping the authentication later when the cluster is on along with allowing the stripping of the binaries in case of gp devices. Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee") Signed-off-by: Manorit Chawdhry --- arch/arm/mach-k3/common.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'arch/arm/mach-k3/common.c') diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c index 3c85caee579..34737a43aa0 100644 --- a/arch/arm/mach-k3/common.c +++ b/arch/arm/mach-k3/common.c @@ -347,8 +347,13 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image, if ((i != IMAGE_ID_ATF) && (i != IMAGE_ID_OPTEE)) #endif { + ti_secure_image_check_binary(p_image, p_size); ti_secure_image_post_process(p_image, p_size); } +#if IS_ENABLED(CONFIG_SYS_K3_SPL_ATF) + else + ti_secure_image_check_binary(p_image, p_size); +#endif } #endif -- cgit v1.2.3