Hi Stefano,
On 09/12/2014 03:46 AM, Stefano Babic wrote:
> Hi Nitin,
>
> On 04/09/2014 03:18, Nitin Garg wrote:
>> When CONFIG_SECURE_BOOT is enabled, the signed images
>> like kernel and dtb can be authenticated using iMX6 CAAM.
>> The added command hab_auth_img can be used for HAB
>> authentication of images. The command takes the image
>> DDR location, IVT (Image Vector Table) offset inside
>> image as parameters. Detailed info about signing images
>> can be found in Freescale AppNote AN4581.
>>
>> Signed-off-by: Nitin Garg
>>
>> ---
>>
>> Changes in v3:
>> - Remove typecast of get_cpu_rev since its not required
>>
>> Changes in v2:
>> - Cleaned up clock code as per review comments
>> - Removed dead code as per review comments
>> - Re-written commit log as per review comments
>>
>> arch/arm/cpu/armv7/mx6/clock.c| 32 ++-
>> arch/arm/cpu/armv7/mx6/hab.c | 165
>> -
>> arch/arm/cpu/armv7/mx6/soc.c | 15 +++
>> arch/arm/include/asm/arch-mx6/clock.h |4 +
>> 4 files changed, 214 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/arm/cpu/armv7/mx6/clock.c b/arch/arm/cpu/armv7/mx6/clock.c
>> index 820b8d5..db6a8fc 100644
>> --- a/arch/arm/cpu/armv7/mx6/clock.c
>> +++ b/arch/arm/cpu/armv7/mx6/clock.c
>> @@ -1,5 +1,5 @@
>> /*
>> - * Copyright (C) 2010-2011 Freescale Semiconductor, Inc.
>> + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
>> *
>> * SPDX-License-Identifier: GPL-2.0+
>> */
>> @@ -543,6 +543,36 @@ int enable_pcie_clock(void)
>> BM_ANADIG_PLL_ENET_ENABLE_PCIE);
>> }
>>
>> +#ifdef CONFIG_SECURE_BOOT
>> +void hab_caam_clock_enable(void)
>> +{
>> +struct mxc_ccm_reg *const imx_ccm =
>> +(struct mxc_ccm_reg *)CCM_BASE_ADDR;
>> +
>> +/*CG4 ~ CG6, enable CAAM clocks*/
>> +setbits_le32(&imx_ccm->CCGR0, MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK |
>> + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
>> + MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK);
>> +
>> +/* Enable EMI slow clk */
>> +setbits_le32(&imx_ccm->CCGR6, MXC_CCM_CCGR6_EMI_SLOW_MASK);
>> +}
>> +
>> +void hab_caam_clock_disable(void)
>> +{
>> +struct mxc_ccm_reg *const imx_ccm =
>> +(struct mxc_ccm_reg *)CCM_BASE_ADDR;
>> +
>> +/*CG4 ~ CG6, disable CAAM clocks*/
>> +clrbits_le32(&imx_ccm->CCGR0, MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK |
>> + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
>> + MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK);
>> +
>> +/* Disable EMI slow clk */
>> +clrbits_le32(&imx_ccm->CCGR6, MXC_CCM_CCGR6_EMI_SLOW_MASK);
>> +}
>> +#endif
>
>
> Generally, we have in clock.c one function per clock, getting as
> enable_uart_clkparameter a boolean for enabling/disabling (i.e.
> enable_ocotp_clk(), enable_uart_clk(),...)
>
> Please stick with the same rule.
Accepted. Rework in v4.
>
>> +
>> unsigned int mxc_get_clock(enum mxc_clock clk)
>> {
>> switch (clk) {
>> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
>> index f6810a6..61a94a1 100644
>> --- a/arch/arm/cpu/armv7/mx6/hab.c
>> +++ b/arch/arm/cpu/armv7/mx6/hab.c
>> @@ -1,5 +1,5 @@
>> /*
>> - * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
>> + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
>> *
>> * SPDX-License-Identifier:GPL-2.0+
>> */
>> @@ -7,8 +7,12 @@
>> #include
>> #include
>> #include
>> +#include
>> #include
>>
>> +/* HAB (High Assurance Boot) debug */
>> +#undef DEBUG_AUTHENTICATE_IMAGE
>
> This is never defined, you do not need to undefine it.
Accepted. Rework in v4.
>
>> +
>> /* start of HAB API updates */
>>
>> #define hab_rvt_report_event_p \
>> @@ -71,6 +75,41 @@
>> ((hab_rvt_exit_t *)HAB_RVT_EXIT)\
>> )
>>
>> +#define IVT_SIZE0x20
>> +#define ALIGN_SIZE 0x1000
>> +#define CSF_PAD_SIZE0x2000
>> +
>> +/*
>> + * ++ 0x0 (DDR_UIMAGE_START) -
>> + * | Header | |
>> + * ++ 0x40|
>> + * || |
>> + * || |
>> + * || |
>> + * || |
>> + * | Image Data | |
>> + * .| |
>> + * .| > Stuff to be authenticated
>> +
>> + * .| |
>> |
>> + * || |
>> |
>> + * || |
>> |
>> + * ++ |
>> |
>> + * || |
>> |
>> + * | Fill Data