/*
- * Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved.
+ * Copyright (C) 2012-2015 Freescale Semiconductor, Inc. All Rights Reserved.
*
* SPDX-License-Identifier: GPL-2.0+
*
*/
-#ifndef __SECURE_MX6Q_H__
-#define __SECURE_MX6Q_H__
+#ifndef __ARCH_MX6_HAB_H
+#define __ARCH_MX6_HAB_H
+
+#ifdef CONFIG_SECURE_BOOT
#include <linux/types.h>
+#include <asm/arch/sys_proto.h>
+
+int get_hab_status(void);
/* -------- start of HAB API updates ------------*/
/* The following are taken from HAB4 SIS */
/* Security Configuration definitions */
enum hab_config {
- HAB_CFG_RETURN = 0x33, /**< Field Return IC */
- HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */
- HAB_CFG_CLOSED = 0xcc /**< Secure IC */
+ HAB_CFG_RETURN = 0x33, /* Field Return IC */
+ HAB_CFG_OPEN = 0xf0, /* Non-secure IC */
+ HAB_CFG_CLOSED = 0xcc /* Secure IC */
};
/* State definitions */
enum hab_state {
- HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */
- HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */
- HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */
- HAB_STATE_TRUSTED = 0x99, /**< Trusted state */
- HAB_STATE_SECURE = 0xaa, /**< Secure state */
- HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */
- HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */
- HAB_STATE_NONE = 0xf0, /**< No security state machine */
+ HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */
+ HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */
+ HAB_STATE_NONSECURE = 0x66, /* Non-secure state */
+ HAB_STATE_TRUSTED = 0x99, /* Trusted state */
+ HAB_STATE_SECURE = 0xaa, /* Secure state */
+ HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
+ HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
+ HAB_STATE_NONE = 0xf0, /* No security state machine */
HAB_STATE_MAX
};
+enum hab_target {
+ HAB_TGT_MEMORY = 0x0f, /* Check memory white list */
+ HAB_TGT_PERIPHERAL = 0xf0, /* Check peripheral white list*/
+ HAB_TGT_ANY = 0x55, /**< Check memory & peripheral white list */
+};
+
+enum HAB_FUNC_OFFSETS {
+ HAB_RVT_HEADER,
+ HAB_RVT_ENTRY,
+ HAB_RVT_EXIT,
+ HAB_RVT_CHECK_TARGET,
+ HAB_RVT_AUTHENTICATE_IMAGE,
+ HAB_RVT_RUN_DCD,
+ HAB_RVT_RUN_CSF,
+ HAB_RVT_ASSERT,
+ HAB_RVT_REPORT_EVENT,
+ HAB_RVT_REPORT_STATUS,
+ HAB_RVT_FAILSAFE,
+};
+
+enum hab_reason {
+ HAB_RSN_ANY = 0x00, /* Match any reason */
+ HAB_ENG_FAIL = 0x30, /* Engine failure */
+ HAB_INV_ADDRESS = 0x22, /* Invalid address: access denied */
+ HAB_INV_ASSERTION = 0x0c, /* Invalid assertion */
+ HAB_INV_CALL = 0x28, /* Function called out of sequence */
+ HAB_INV_CERTIFICATE = 0x21, /* Invalid certificate */
+ HAB_INV_COMMAND = 0x06, /* Invalid command: command malformed */
+ HAB_INV_CSF = 0x11, /* Invalid csf */
+ HAB_INV_DCD = 0x27, /* Invalid dcd */
+ HAB_INV_INDEX = 0x0f, /* Invalid index: access denied */
+ HAB_INV_IVT = 0x05, /* Invalid ivt */
+ HAB_INV_KEY = 0x1d, /* Invalid key */
+ HAB_INV_RETURN = 0x1e, /* Failed callback function */
+ HAB_INV_SIGNATURE = 0x18, /* Invalid signature */
+ HAB_INV_SIZE = 0x17, /* Invalid data size */
+ HAB_MEM_FAIL = 0x2e, /* Memory failure */
+ HAB_OVR_COUNT = 0x2b, /* Expired poll count */
+ HAB_OVR_STORAGE = 0x2d, /* Exhausted storage region */
+ HAB_UNS_ALGORITHM = 0x12, /* Unsupported algorithm */
+ HAB_UNS_COMMAND = 0x03, /* Unsupported command */
+ HAB_UNS_ENGINE = 0x0a, /* Unsupported engine */
+ HAB_UNS_ITEM = 0x24, /* Unsupported configuration item */
+ HAB_UNS_KEY = 0x1b, /* Unsupported key type/parameters */
+ HAB_UNS_PROTOCOL = 0x14, /* Unsupported protocol */
+ HAB_UNS_STATE = 0x09, /* Unsuitable state */
+ HAB_RSN_MAX
+};
+
+enum hab_context {
+ HAB_CTX_ANY = 0x00, /* Match any context */
+ HAB_CTX_FAB = 0xff, /* Event logged in hab_fab_test() */
+ HAB_CTX_ENTRY = 0xe1, /* Event logged in hab_rvt.entry() */
+ HAB_CTX_TARGET = 0x33, /* Event logged in hab_rvt.check_target() */
+ HAB_CTX_AUTHENTICATE = 0x0a, /* Logged in hab_rvt.authenticate_image() */
+ HAB_CTX_DCD = 0xdd, /* Event logged in hab_rvt.run_dcd() */
+ HAB_CTX_CSF = 0xcf, /* Event logged in hab_rvt.run_csf() */
+ HAB_CTX_COMMAND = 0xc0, /* Event logged executing csf/dcd command */
+ HAB_CTX_AUT_DAT = 0xdb, /* Authenticated data block */
+ HAB_CTX_ASSERT = 0xa0, /* Event logged in hab_rvt.assert() */
+ HAB_CTX_EXIT = 0xee, /* Event logged in hab_rvt.exit() */
+ HAB_CTX_MAX
+};
+
/*Function prototype description*/
typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
uint8_t* , size_t*);
typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*);
typedef enum hab_status hab_rvt_entry_t(void);
typedef enum hab_status hab_rvt_exit_t(void);
+typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *,
+ size_t);
+
typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t,
void **, size_t *, hab_loader_callback_f_t);
+
+typedef enum hab_status hab_rvt_run_dcd_t(const uint8_t *dcd);
+
+typedef enum hab_status hab_rvt_run_csf_t(const uint8_t *csf, uint8_t cid);
+
+typedef enum hab_status hab_rvt_assert_t(uint32_t, const void *,
+ size_t);
+
+typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
+ uint8_t* , size_t*);
+
+typedef enum hab_status hab_rvt_report_status_t(enum hab_config *,
+ enum hab_state *);
+
typedef void hapi_clock_init_t(void);
-#ifdef CONFIG_MX6SX
-#define HAB_RVT_BASE 0x00000100
-#else
-#define HAB_RVT_BASE 0x00000094
-#endif
+#define HAB_ENG_ANY 0x00 /* Select first compatible engine */
+#define HAB_ENG_SCC 0x03 /* Security controller */
+#define HAB_ENG_RTIC 0x05 /* Run-time integrity checker */
+#define HAB_ENG_SAHARA 0x06 /* Crypto accelerator */
+#define HAB_ENG_CSU 0x0a /* Central Security Unit */
+#define HAB_ENG_SRTC 0x0c /* Secure clock */
+#define HAB_ENG_DCP 0x1b /* Data Co-Processor */
+#define HAB_ENG_CAAM 0x1d /* CAAM */
+#define HAB_ENG_SNVS 0x1e /* Secure Non-Volatile Storage */
+#define HAB_ENG_OCOTP 0x21 /* Fuse controller */
+#define HAB_ENG_DTCP 0x22 /* DTCP co-processor */
+#define HAB_ENG_ROM 0x36 /* Protected ROM area */
+#define HAB_ENG_HDCP 0x24 /* HDCP co-processor */
+#define HAB_ENG_RTL 0x77 /* RTL simulation engine */
+#define HAB_ENG_SW 0xff /* Software engine */
+
+static inline void **hab_rvt_base(void)
+{
+ unsigned long base;
+ int cpu_type = get_cpu_type();
+ int rev = soc_rev();
+ const uint32_t mask = 0xfc0000ff;
-#define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04))
-#define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08))
-#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10))
-#define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20))
-#define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24))
+ switch (cpu_type) {
+ case MXC_CPU_MX6Q:
+ case MXC_CPU_MX6D:
+ if (rev >= CHIP_REV_1_5)
+ base = 0x98UL;
+ else
+ base = 0x94UL;
+ break;
+ case MXC_CPU_MX6DL:
+ if (rev >= CHIP_REV_1_2)
+ base = 0x98UL;
+ else
+ base = 0x94UL;
+ break;
+ case MXC_CPU_MX6SOLO:
+ base = 0x98UL;
+ break;
+ case MXC_CPU_MX6SX:
+ case MXC_CPU_MX6UL:
+ base = 0x100UL;
+ break;
+ default:
+ printf("Unsupported CPU type: %02x\n", cpu_type);
+ return NULL;
+ }
-#define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8)
-#define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC)
-#define HAB_RVT_AUTHENTICATE_IMAGE_NEW (*(uint32_t *)0x000000A8)
-#define HAB_RVT_ENTRY_NEW (*(uint32_t *)0x0000009C)
-#define HAB_RVT_EXIT_NEW (*(uint32_t *)0x000000A0)
+ if (((rev = readl(base)) & mask) != cpu_to_be32(0xdd000040)) {
+ printf("Invalid RVT @ %08lx: %08x:%08x\n",
+ base, rev, rev & mask);
+ return NULL;
+ }
+ return (void **)base;
+}
#define HAB_CID_ROM 0 /**< ROM Caller ID */
#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
+
/* ----------- end of HAB API updates ------------*/
-#endif
+#define hab_rvt_entry_p \
+ ((hab_rvt_entry_t *)hab_rvt_base()[HAB_RVT_ENTRY])
+
+#define hab_rvt_exit_p \
+ ((hab_rvt_exit_t *)hab_rvt_base()[HAB_RVT_EXIT])
+
+#define hab_rvt_check_target_p \
+ ((hab_rvt_check_target_t*)hab_rvt_base()[HAB_RVT_CHECK_TARGET])
+
+#define hab_rvt_authenticate_image_p \
+ ((hab_rvt_authenticate_image_t *)hab_rvt_base()[HAB_RVT_AUTHENTICATE_IMAGE])
+
+#define hab_rvt_run_dcd_p \
+ ((hab_rvt_run_dcd_t*)hab_rvt_base()[HAB_RVT_RUN_DCD])
+
+#define hab_rvt_run_csf_p \
+ ((hab_rvt_run_csf_t*)hab_rvt_base()[HAB_RVT_RUN_CSF])
+
+#define hab_rvt_assert_p \
+ ((hab_rvt_assert_t*)hab_rvt_base()[HAB_RVT_ASSERT])
+
+#define hab_rvt_report_event_p \
+ ((hab_rvt_report_event_t*)hab_rvt_base()[HAB_RVT_REPORT_EVENT])
+
+#define hab_rvt_report_status_p \
+ ((hab_rvt_report_status_t*)hab_rvt_base()[HAB_RVT_REPORT_STATUS])
+
+#define HAB_FUNC(n, rt) \
+static inline rt hab_rvt_##n(void) \
+{ \
+ if (hab_rvt_base() == NULL) \
+ return (rt)-1; \
+ return hab_rvt_##n##_p(); \
+} \
+
+#define HAB_FUNC1(n, rt, t1) \
+static inline rt hab_rvt_##n(t1 p1) \
+{ \
+ if (hab_rvt_base() == NULL) \
+ return (rt)-1; \
+ return hab_rvt_##n##_p(p1); \
+}
+
+#define HAB_FUNC2(n, rt, t1, t2) \
+static inline rt hab_rvt_##n(t1 p1, t2 p2) \
+{ \
+ if (hab_rvt_base() == NULL) \
+ return (rt)-1; \
+ return hab_rvt_##n##_p(p1, p2); \
+}
+
+#define HAB_FUNC3(n, rt, t1, t2, t3) \
+static inline rt hab_rvt_##n(t1 p1, t2 p2, t3 p3) \
+{ \
+ if (hab_rvt_base() == NULL) \
+ return (rt)-1; \
+ return hab_rvt_##n##_p(p1, p2, p3); \
+}
+
+#define HAB_FUNC4(n, rt, t1, t2, t3, t4) \
+static inline rt hab_rvt_##n(t1 p1, t2 p2, t3 p3, t4 p4) \
+{ \
+ if (hab_rvt_base() == NULL) \
+ return (rt)-1; \
+ return hab_rvt_##n##_p(p1, p2, p3, p4); \
+}
+
+#define HAB_FUNC5(n, rt, t1, t2, t3, t4, t5) \
+static inline rt hab_rvt_##n(t1 p1, t2 p2, t3 p3, t4 p4, t5 p5) \
+{ \
+ if (hab_rvt_base() == NULL) \
+ return (rt)-1; \
+ return hab_rvt_##n##_p(p1, p2, p3, p4, p5); \
+}
+
+#else /* CONFIG_SECURE_BOOT */
+
+static inline int get_hab_status(void)
+{
+ return 0;
+}
+
+#endif /* CONFIG_SECURE_BOOT */
+#endif /* __ARCH_MX6_HAB_H */
projects / karo-tx-uboot.git / blobdiff