From 6f566b88cd8620f180c89a5ee23bcf6be196bd32 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lothar=20Wa=C3=9Fmann?= Date: Fri, 21 Aug 2015 15:29:26 +0200 Subject: [PATCH] karo: tx6: cleanup HAB functions hab_authenticate_image() does not only authenticate a boot image as the name suggests, but actually performs a full boot exercise like the ROM code on an actual boot. Remove this function, as it is not useful to be called from an already booted system. Also do some more cleaning of the HAB code. --- arch/arm/cpu/armv7/mx6/hab.c | 398 ++++++++++++++-------------- arch/arm/cpu/armv7/mx6/soc.c | 14 +- arch/arm/include/asm/arch-mx6/hab.h | 181 +++++++++++-- board/karo/tx6/config.mk | 10 +- 4 files changed, 367 insertions(+), 236 deletions(-) diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c index 8dee595eaf..757096d356 100644 --- a/arch/arm/cpu/armv7/mx6/hab.c +++ b/arch/arm/cpu/armv7/mx6/hab.c @@ -3,78 +3,42 @@ * * SPDX-License-Identifier: GPL-2.0+ */ - #include #include #include -#include #include #include +#include -/* -------- start of HAB API updates ------------*/ - -#define hab_rvt_report_event_p \ -( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \ -) - -#define hab_rvt_report_status_p \ -( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \ -) - -#define hab_rvt_authenticate_image_p \ -( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \ -) - -#define hab_rvt_entry_p \ -( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \ -) - -#define hab_rvt_exit_p \ -( \ - ((is_cpu_type(MXC_CPU_MX6Q) || \ - is_cpu_type(MXC_CPU_MX6D)) && \ - (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ - (is_cpu_type(MXC_CPU_MX6DL) && \ - (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ -) +HAB_FUNC(entry, hab_status_t) +HAB_FUNC(exit, hab_status_t) +HAB_FUNC5(authenticate_image, void *, uint8_t, size_t, void **, size_t *, hab_loader_callback_f_t) +//HAB_FUNC1(run_dcd, hab_status_t, const uint8_t *) +HAB_FUNC2(run_csf, hab_status_t, const uint8_t *, uint8_t) +HAB_FUNC2(report_status, hab_status_t, hab_config_t *, hab_state_t *) +HAB_FUNC4(report_event, hab_status_t, hab_status_t, uint32_t, uint8_t *, size_t *) +HAB_FUNC3(check_target, hab_status_t, uint8_t, const void *, size_t) +HAB_FUNC3(assert, hab_status_t, uint8_t, const void *, size_t) + +struct mx6_ivt { + u32 header; + u32 entry; + u32 rsrvd1; + void *dcd; + struct mx6_boot_data *boot_data; + void *self; + void *csf; + u32 rsrvd2; +}; + +struct mx6_boot_data { + void *start; + u32 length; + u32 plugin; +}; #define IVT_SIZE 0x20 -#define ALIGN_SIZE 0x1000 +#define ALIGN_SIZE 0x400 #define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 @@ -111,18 +75,30 @@ * +------------+ + CSF_PAD_SIZE */ -bool is_hab_enabled(void) +static bool is_hab_enabled(void) { struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR; struct fuse_bank *bank = &ocotp->bank[0]; struct fuse_bank0_regs *fuse = (struct fuse_bank0_regs *)bank->fuse_regs; uint32_t reg = readl(&fuse->cfg5); - + static int first = 1; + + if (first) { + debug("rvt_base=%p\n", hab_rvt_base()); + debug("hab_rvt_entry=%p\n", hab_rvt_entry_p); + debug("hab_rvt_exit=%p\n", hab_rvt_exit_p); + debug("hab_rvt_check_target=%p\n", hab_rvt_check_target_p); + debug("hab_rvt_authenticate_image=%p\n", hab_rvt_authenticate_image_p); + debug("hab_rvt_report_event=%p\n", hab_rvt_report_event_p); + debug("hab_rvt_report_status=%p\n", hab_rvt_report_status_p); + debug("hab_rvt_assert=%p\n", hab_rvt_assert_p); + first = 0; + } return (reg & 0x2) == 0x2; } -void display_event(uint8_t *event_data, size_t bytes) +static void display_event(uint8_t *event_data, size_t bytes) { uint32_t i; @@ -141,29 +117,27 @@ void display_event(uint8_t *event_data, size_t bytes) int get_hab_status(void) { - uint32_t index = 0; /* Loop index */ + static uint32_t last_hab_event __attribute__((section(".data"))); + uint32_t index = last_hab_event; /* Loop index */ uint8_t event_data[128]; /* Event data buffer */ size_t bytes = sizeof(event_data); /* Event size in bytes */ - enum hab_config config = 0; - enum hab_state state = 0; - hab_rvt_report_event_t *hab_rvt_report_event; - hab_rvt_report_status_t *hab_rvt_report_status; - - hab_rvt_report_event = hab_rvt_report_event_p; - hab_rvt_report_status = hab_rvt_report_status_p; + enum hab_config config; + enum hab_state state; + int ret; if (is_hab_enabled()) - puts("\nSecure boot enabled\n"); + puts("Secure boot enabled\n"); else - puts("\nSecure boot disabled\n"); + puts("Secure boot disabled\n"); /* Check HAB status */ - if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { - printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", - config, state); - + config = state = 0; /* ROM code assumes short enums! */ + ret = hab_rvt_report_status(&config, &state); + printf("HAB Configuration: 0x%02x, HAB State: 0x%02x\n", + config, state); + if (ret != HAB_SUCCESS) { /* Display HAB Error events */ - while (hab_rvt_report_event(HAB_FAILURE, index, event_data, + while (hab_rvt_report_event(HAB_STS_ANY, index, event_data, &bytes) == HAB_SUCCESS) { puts("\n"); printf("--------- HAB Event %d -----------------\n", @@ -174,145 +148,161 @@ int get_hab_status(void) bytes = sizeof(event_data); index++; } + ret = index - last_hab_event; + last_hab_event = index; + } else { + /* Display message if no HAB events are found */ + puts("No HAB Events Found!\n"); + ret = 0; } - /* Display message if no HAB events are found */ - else { - printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", - config, state); - puts("No HAB Events Found!\n\n"); - } - return 0; + return ret; } -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +static inline hab_status_t hab_init(void) { - uint32_t load_addr = 0; - size_t bytes; - ptrdiff_t ivt_offset = 0; - int result = 0; - ulong start; - hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; - hab_rvt_entry_t *hab_rvt_entry; - hab_rvt_exit_t *hab_rvt_exit; - - hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; - hab_rvt_entry = hab_rvt_entry_p; - hab_rvt_exit = hab_rvt_exit_p; - - if (is_hab_enabled()) { - printf("\nAuthenticate image from DDR location 0x%x...\n", - ddr_start); - - hab_caam_clock_enable(1); - - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); - - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; -#ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset+IVT_SIZE, - (void *)(ddr_start + ivt_offset+IVT_SIZE), - 4, 0x10, 0); - - get_hab_status(); - - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); -#endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (get_cr() & CR_M) { - if (is_cpu_type(MXC_CPU_MX6Q) || - is_cpu_type(MXC_CPU_MX6D)) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_cpu_type(MXC_CPU_MX6DL) || - is_cpu_type(MXC_CPU_MX6SOLO)) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_cpu_type(MXC_CPU_MX6SL)) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } - } - - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); - } + hab_status_t ret; - hab_caam_clock_enable(0); - - get_hab_status(); - } else { + if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); + return HAB_FAILURE; } - if ((!is_hab_enabled()) || (load_addr != 0)) - result = 1; + hab_caam_clock_enable(1); - return result; + ret = hab_rvt_entry(); + debug("hab_rvt_entry() returned %02x\n", ret); + if (ret != HAB_SUCCESS) { + printf("hab entry function failed: %02x\n", ret); + hab_caam_clock_enable(0); + } + + return ret; } -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +static inline hab_status_t hab_exit(void) { - if ((argc != 1)) { - cmd_usage(cmdtp); - return 1; + hab_status_t ret; + + ret = hab_rvt_exit(); + if (ret != HAB_SUCCESS) + printf("hab exit function failed: %02x\n", ret); + + hab_caam_clock_enable(0); + + return ret; +} + +static hab_status_t hab_check_target(hab_target_t type, uint32_t addr, size_t len) +{ + hab_status_t ret; + + ret = hab_init(); + if (ret != HAB_SUCCESS) + return ret; + + ret = hab_rvt_check_target(type, (void *)addr, len); + if (ret != HAB_SUCCESS) { + printf("check_target(0x%08x, 0x%08x) failed: %d\n", + addr, len, ret); + return ret; } + ret = hab_exit(); + + if (ret == HAB_SUCCESS && get_hab_status() > 0) { + return HAB_FAILURE; + } + return ret; +} + +static hab_status_t hab_assert(uint32_t type, uint32_t addr, size_t len) +{ + hab_status_t ret; + + ret = hab_init(); + if (ret != HAB_SUCCESS) + return ret; + + ret = hab_rvt_assert(type, (void *)addr, len); + if (ret != HAB_SUCCESS) { + printf("assert(0x%08x, 0x%08x) failed: %d\n", + addr, len, ret); + return ret; + } + ret = hab_exit(); + + if (ret == HAB_SUCCESS && get_hab_status() > 0) { + return HAB_FAILURE; + } + return ret; +} + +static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; get_hab_status(); - return 0; + return CMD_RET_SUCCESS; +} + +static int do_hab_check_target(cmd_tbl_t *cmdtp, int flag, int argc, + char *const argv[]) +{ + hab_target_t type = HAB_TGT_ANY; + uint32_t addr; + size_t len; + + if (argc < 3) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + len = simple_strtoul(argv[2], NULL, 16); + if (argc > 3) { + switch (argv[3][0]) { + case 'p': + case 'P': + type = HAB_TGT_PERIPHERAL; + break; + case 'm': + case 'M': + type = HAB_TGT_MEMORY; + break; + case 'a': + case 'A': + break; + default: + printf("Invalid type '%s'\n", argv[3]); + return CMD_RET_USAGE; + } + } + if (hab_check_target(type, addr, len) != HAB_SUCCESS) + return CMD_RET_FAILURE; + + return CMD_RET_SUCCESS; } -static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) +static int do_hab_assert(cmd_tbl_t *cmdtp, int flag, int argc, + char *const argv[]) { - ulong addr, ivt_offset; - int rcode = 0; + uint32_t type = 0; + uint32_t addr; + size_t len; if (argc < 3) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); + len = simple_strtoul(argv[2], NULL, 16); + if (argc > 3) { + type = simple_strtoul(argv[3], NULL, 16); + } - rcode = authenticate_image(addr, ivt_offset); + if (hab_assert(type, addr, len) != HAB_SUCCESS) + return CMD_RET_FAILURE; - return rcode; + return CMD_RET_SUCCESS; } U_BOOT_CMD( @@ -322,9 +312,17 @@ U_BOOT_CMD( ); U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, - "authenticate image via HAB", - "addr ivt_offset\n" - "addr - image hex address\n" - "ivt_offset - hex offset of IVT in the image" + hab_check_target, 4, 0, do_hab_check_target, + "verify an address range via HAB", + "addr len [type]\n" + "\t\taddr -\taddress to verify\n" + "\t\tlen -\tlength of addr range to verify\n" + ); + +U_BOOT_CMD( + hab_assert, 4, 0, do_hab_assert, + "Test an assertion against the HAB audit log", + "addr len [type]\n" + "\t\taddr -\taddress to verify\n" + "\t\tlen -\tlength of addr range to verify\n" ); diff --git a/arch/arm/cpu/armv7/mx6/soc.c b/arch/arm/cpu/armv7/mx6/soc.c index 223cdc207f..63d50c1abd 100644 --- a/arch/arm/cpu/armv7/mx6/soc.c +++ b/arch/arm/cpu/armv7/mx6/soc.c @@ -8,6 +8,11 @@ */ #include +#include +#include +#include +#include +#include #include #include #include @@ -17,17 +22,10 @@ #include #include #include +#include #include #include #include -#include -#include -#include -#include -#include -#include -#include -#include DECLARE_GLOBAL_DATA_PTR; diff --git a/arch/arm/include/asm/arch-mx6/hab.h b/arch/arm/include/asm/arch-mx6/hab.h index 230be45204..e85651632e 100644 --- a/arch/arm/include/asm/arch-mx6/hab.h +++ b/arch/arm/include/asm/arch-mx6/hab.h @@ -5,31 +5,36 @@ * */ -#ifndef __SECURE_MX6Q_H__ -#define __SECURE_MX6Q_H__ +#ifndef __ARCH_MX6_HAB_H +#define __ARCH_MX6_HAB_H + +#ifdef CONFIG_SECURE_BOOT #include +#include + +int get_hab_status(void); /* -------- start of HAB API updates ------------*/ /* The following are taken from HAB4 SIS */ /* Status definitions */ -enum hab_status { +typedef enum hab_status { HAB_STS_ANY = 0x00, HAB_FAILURE = 0x33, HAB_WARNING = 0x69, HAB_SUCCESS = 0xf0 -}; +} hab_status_t; /* Security Configuration definitions */ -enum hab_config { +typedef enum hab_config { HAB_CFG_RETURN = 0x33, /**< Field Return IC */ HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */ HAB_CFG_CLOSED = 0xcc /**< Secure IC */ -}; +} hab_config_t; /* State definitions */ -enum hab_state { +typedef enum hab_state { HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */ HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */ HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */ @@ -39,18 +44,53 @@ enum hab_state { HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */ HAB_STATE_NONE = 0xf0, /**< No security state machine */ HAB_STATE_MAX +} hab_state_t; + +typedef enum hab_target { + HAB_TGT_MEMORY = 0x0f, /* Check memory white list */ + HAB_TGT_PERIPHERAL = 0xf0, /* Check peripheral white list*/ + HAB_TGT_ANY = 0x55, /**< Check memory & peripheral white list */ +} hab_target_t; + +enum HAB_FUNC_OFFSETS { + HAB_RVT_HEADER, + HAB_RVT_ENTRY, + HAB_RVT_EXIT, + HAB_RVT_CHECK_TARGET, + HAB_RVT_AUTHENTICATE_IMAGE, + HAB_RVT_RUN_DCD, + HAB_RVT_RUN_CSF, + HAB_RVT_ASSERT, + HAB_RVT_REPORT_EVENT, + HAB_RVT_REPORT_STATUS, + HAB_RVT_FAILSAFE, }; -/*Function prototype description*/ -typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t, - uint8_t* , size_t*); -typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, - enum hab_state *); -typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*); -typedef enum hab_status hab_rvt_entry_t(void); -typedef enum hab_status hab_rvt_exit_t(void); +/* Function prototype description */ +typedef hab_status_t hab_rvt_entry_t(void); + +typedef hab_status_t hab_rvt_exit_t(void); + +typedef hab_status_t hab_rvt_check_target_t(hab_target_t, const void *, + size_t); + +typedef hab_status_t hab_loader_callback_f_t(void**, size_t*, const void*); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); + +typedef hab_status_t hab_rvt_run_dcd_t(const uint8_t *dcd); + +typedef hab_status_t hab_rvt_run_csf_t(const uint8_t *csf, uint8_t cid); + +typedef hab_status_t hab_rvt_assert_t(uint32_t, const void *, + size_t); + +typedef hab_status_t hab_rvt_report_event_t(hab_status_t, uint32_t, + uint8_t* , size_t*); + +typedef hab_status_t hab_rvt_report_status_t(enum hab_config *, + enum hab_state *); + typedef void hapi_clock_init_t(void); #ifdef CONFIG_SOC_MX6SX @@ -59,20 +99,109 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_BASE 0x00000094 #endif -#define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) -#define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) -#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) -#define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) -#define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) +static inline void **hab_rvt_base(void) +{ + uint32_t *base; -#define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8) -#define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC) -#define HAB_RVT_AUTHENTICATE_IMAGE_NEW (*(uint32_t *)0x000000A8) -#define HAB_RVT_ENTRY_NEW (*(uint32_t *)0x0000009C) -#define HAB_RVT_EXIT_NEW (*(uint32_t *)0x000000A0) + if (((is_cpu_type(MXC_CPU_MX6Q) || is_cpu_type(MXC_CPU_MX6D)) && + soc_rev() >= CHIP_REV_1_5) || + (is_cpu_type(MXC_CPU_MX6DL) && soc_rev() >= CHIP_REV_1_2) || + is_cpu_type(MXC_CPU_MX6SOLO)) + base = (void *)0x98; + else + base = (void *)0x94; + if ((*base & 0xff0000ff) != cpu_to_be32(0xdd000041)) { + printf("Invalid RVT @ %p\n", base); + return NULL; + } + return (void **)base; +} #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ /* ----------- end of HAB API updates ------------*/ -#endif +#define hab_rvt_entry_p \ + ((hab_rvt_entry_t *)hab_rvt_base()[HAB_RVT_ENTRY]) + +#define hab_rvt_exit_p \ + ((hab_rvt_exit_t *)hab_rvt_base()[HAB_RVT_EXIT]) + +#define hab_rvt_check_target_p \ + ((hab_rvt_check_target_t*)hab_rvt_base()[HAB_RVT_CHECK_TARGET]) + +#define hab_rvt_authenticate_image_p \ + ((hab_rvt_authenticate_image_t *)hab_rvt_base()[HAB_RVT_AUTHENTICATE_IMAGE]) + +#define hab_rvt_run_dcd_p \ + ((hab_rvt_run_dcd_t*)hab_rvt_base()[HAB_RVT_RUN_DCD]) + +#define hab_rvt_run_csf_p \ + ((hab_rvt_run_csf_t*)hab_rvt_base()[HAB_RVT_RUN_CSF]) + +#define hab_rvt_assert_p \ + ((hab_rvt_assert_t*)hab_rvt_base()[HAB_RVT_ASSERT]) + +#define hab_rvt_report_event_p \ + ((hab_rvt_report_event_t*)hab_rvt_base()[HAB_RVT_REPORT_EVENT]) + +#define hab_rvt_report_status_p \ + ((hab_rvt_report_status_t*)hab_rvt_base()[HAB_RVT_REPORT_STATUS]) + +#define HAB_FUNC(n, rt) \ +static inline rt hab_rvt_##n(void) \ +{ \ + if (hab_rvt_base() == NULL) \ + return (rt)-1; \ + return hab_rvt_##n##_p(); \ +} \ + +#define HAB_FUNC1(n, rt, t1) \ +static inline rt hab_rvt_##n(t1 p1) \ +{ \ + if (hab_rvt_base() == NULL) \ + return (rt)-1; \ + return hab_rvt_##n##_p(p1); \ +} + +#define HAB_FUNC2(n, rt, t1, t2) \ +static inline rt hab_rvt_##n(t1 p1, t2 p2) \ +{ \ + if (hab_rvt_base() == NULL) \ + return (rt)-1; \ + return hab_rvt_##n##_p(p1, p2); \ +} + +#define HAB_FUNC3(n, rt, t1, t2, t3) \ +static inline rt hab_rvt_##n(t1 p1, t2 p2, t3 p3) \ +{ \ + if (hab_rvt_base() == NULL) \ + return (rt)-1; \ + return hab_rvt_##n##_p(p1, p2, p3); \ +} + +#define HAB_FUNC4(n, rt, t1, t2, t3, t4) \ +static inline rt hab_rvt_##n(t1 p1, t2 p2, t3 p3, t4 p4) \ +{ \ + if (hab_rvt_base() == NULL) \ + return (rt)-1; \ + return hab_rvt_##n##_p(p1, p2, p3, p4); \ +} + +#define HAB_FUNC5(n, rt, t1, t2, t3, t4, t5) \ +static inline rt hab_rvt_##n(t1 p1, t2 p2, t3 p3, t4 p4, t5 p5) \ +{ \ + if (hab_rvt_base() == NULL) \ + return (rt)-1; \ + return hab_rvt_##n##_p(p1, p2, p3, p4, p5); \ +} + +#else /* CONFIG_SECURE_BOOT */ + +static inline int get_hab_status(void) +{ + return 0; +} + +#endif /* CONFIG_SECURE_BOOT */ +#endif /* __ARCH_MX6_HAB_H */ diff --git a/board/karo/tx6/config.mk b/board/karo/tx6/config.mk index 9f156bc849..acb0cd0d51 100644 --- a/board/karo/tx6/config.mk +++ b/board/karo/tx6/config.mk @@ -1,11 +1,17 @@ # stack is allocated below CONFIG_SYS_TEXT_BASE -CONFIG_SYS_TEXT_BASE := 0x10100000 +#CONFIG_SYS_TEXT_BASE := 0x10100000 +#CONFIG_SYS_TEXT_BASE := 0x177ff000 +CONFIG_SYS_TEXT_BASE := 0x100ff000 + +OBJCOPYFLAGS += -j .pad -__HAVE_ARCH_GENERIC_BOARD := y LOGO_BMP = logos/karo.bmp #PLATFORM_CPPFLAGS += -DDEBUG #PLATFORM_CPPFLAGS += -Wno-unused-but-set-variable PLATFORM_CPPFLAGS += -Werror +ifneq ($(CONFIG_SECURE_BOOT),) + PLATFORM_CPPFLAGS += -DCONFIG_SECURE_BOOT +endif ifeq ($(CONFIG_TX6_NAND),y) # calculate U_BOOT_IMG_SIZE to be at least 3 eraseblocks larger than the maximum expected image size -- 2.39.2