arm: mach-keystone: Updates mon_install for K2G HS

On early K2 devices (eg. K2HK) the secure ROM code does not support loading secure code to firewall protected memory, before decrypting, authenticating and executing it. To load the boot monitor on these devices, it is necessary to first authenticate and run a copy loop from non-secure memory that copies the boot monitor behind firewall protected memory, before decrypting and executing it. On K2G, the secure ROM does not allow secure code executing from unprotected memory. Further, ROM first copies the signed and encrypted image into firewall protected memory, then decrypts, authenticates and executes it. As a result of this, we cannot use the copy loop for K2G. The mon_install has to be modified to pass the address the signed and encrypted secure boot monitor image to the authentication API. For backward compatibility with other K2 devices and K2G GP, the mon_install API still supports a single argument. In this case the second argument is set to 0 by u-boot and is ignored by ROM Signed-off-by: Thanh Tran <thanh-tran@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-keystone: Updates mon_install for K2G HS
1d73ce6f · Madan Srinivas · Tom Rini · 3f5651a7 · 1d73ce6f · 1d73ce6f
Commit 1d73ce6f authored 7 years ago by Madan Srinivas Committed by Tom Rini 7 years ago
--- a/arch/arm/mach-keystone/cmd_mon.c
+++ b/arch/arm/mach-keystone/cmd_mon.c
@@ -19,6 +19,7 @@ static int do_mon_install(cmd_tbl_t *cmdtp, int flag, int argc,
 	u32 addr, dpsc_base = 0x1E80000, freq, load_addr, size;
 	int     rcode = 0;
 	struct image_header *header;
+	u32 ecrypt_bm_addr = 0;
 	if (argc < 2)
 		return CMD_RET_USAGE;
@@ -39,14 +40,17 @@ static int do_mon_install(cmd_tbl_t *cmdtp, int flag, int argc,
 	memcpy((void *)load_addr, (void *)(addr + sizeof(struct image_header)),
 	       size);
-	rcode = mon_install(load_addr, dpsc_base, freq);
+	if (argc >=  3)
+		ecrypt_bm_addr = simple_strtoul(argv[2], NULL, 16);
+	rcode = mon_install(load_addr, dpsc_base, freq, ecrypt_bm_addr);
 	printf("## installed monitor @ 0x%x, freq [%d], status %d\n",
 	       load_addr, freq, rcode);
 	return 0;
 }
-U_BOOT_CMD(mon_install, 2, 0, do_mon_install,
+U_BOOT_CMD(mon_install, 3, 0, do_mon_install,
 	   "Install boot kernel at 'addr'",
 	   ""
 );

--- a/arch/arm/mach-keystone/include/mach/mon.h
+++ b/arch/arm/mach-keystone/include/mach/mon.h
@@ -10,7 +10,7 @@
 #ifndef _MACH_MON_H_
 #define _MACH_MON_H_
-int mon_install(u32 addr, u32 dpsc, u32 freq);
+int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr);
 int mon_power_on(int core_id, void *ep);
 int mon_power_off(int core_id);

--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -13,7 +13,7 @@
 #include <spl.h>
 asm(".arch_extension sec\n\t");
-int mon_install(u32 addr, u32 dpsc, u32 freq)
+int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr)
 {
 	int result;
@@ -22,11 +22,12 @@ int mon_install(u32 addr, u32 dpsc, u32 freq)
 		"mov r0, %1\n"
 		"mov r1, %2\n"
 		"mov r2, %3\n"
+		"mov r3, %4\n"
 		"blx r0\n"
 		"ldmfd r13!, {lr}\n"
 		: "=&r" (result)
-		: "r" (addr), "r" (dpsc), "r" (freq)
+		: "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr)
-		: "cc", "r0", "r1", "r2", "memory");
+		: "cc", "r0", "r1", "r2", "r3", "memory");
 	return result;
 }