From: Ye Li <ye...@nxp.com>
Since iMX9 uses S401 which shares the API with iMX8ULP. So move S400
MU driver and API to a common place and selected by CONFIG_IMX_SENTINEL
Signed-off-by: Ye Li <ye...@nxp.com>
Signed-off-by: Peng Fan <peng....@nxp.com>
---
arch/arm/Kconfig | 4 +
arch/arm/include/asm/global_data.h | 2 +-
.../asm/{arch-imx8ulp => mach-imx}/mu_hal.h | 4 +-
.../asm/{arch-imx8ulp => mach-imx}/s400_api.h | 0
arch/arm/mach-imx/imx8ulp/ahab.c | 345 ++++++++++++++++++
arch/arm/mach-imx/imx8ulp/rdc.c | 4 +-
arch/arm/mach-imx/imx8ulp/soc.c | 4 +-
board/freescale/imx8ulp_evk/spl.c | 2 +-
drivers/misc/Kconfig | 7 +
drivers/misc/Makefile | 2 +
drivers/misc/imx8ulp/Makefile | 1 -
drivers/misc/imx8ulp/fuse.c | 2 +-
drivers/misc/sentinel/Makefile | 3 +
drivers/misc/{imx8ulp => sentinel}/s400_api.c | 6 +-
.../{imx8ulp/imx8ulp_mu.c => sentinel/s4mu.c} | 4 +-
15 files changed, 375 insertions(+), 15 deletions(-)
rename arch/arm/include/asm/{arch-imx8ulp => mach-imx}/mu_hal.h (79%)
rename arch/arm/include/asm/{arch-imx8ulp => mach-imx}/s400_api.h (100%)
create mode 100644 arch/arm/mach-imx/imx8ulp/ahab.c
create mode 100644 drivers/misc/sentinel/Makefile
rename drivers/misc/{imx8ulp => sentinel}/s400_api.c (98%)
rename drivers/misc/{imx8ulp/imx8ulp_mu.c => sentinel/s4mu.c} (98%)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 12ec661ac3b..29b831422ff 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -922,6 +922,8 @@ config ARCH_IMX8ULP
select OF_CONTROL
select SUPPORT_SPL
select GPIO_EXTRA_HEADER
+ select MISC
+ select IMX_SENTINEL
imply CMD_DM
imply DM_EVENT
@@ -931,6 +933,8 @@ config ARCH_IMX9
select DM
select MACH_IMX
select SUPPORT_SPL
+ select MISC
+ select IMX_SENTINEL
imply CMD_DM
imply DM_EVENT
diff --git a/arch/arm/include/asm/global_data.h
b/arch/arm/include/asm/global_data.h
index 085e12b5d4d..09f352269e5 100644
--- a/arch/arm/include/asm/global_data.h
+++ b/arch/arm/include/asm/global_data.h
@@ -90,7 +90,7 @@ struct arch_global_data {
struct udevice *scu_dev;
#endif
-#ifdef CONFIG_ARCH_IMX8ULP
+#ifdef CONFIG_IMX_SENTINEL
struct udevice *s400_dev;
#endif
diff --git a/arch/arm/include/asm/arch-imx8ulp/mu_hal.h
b/arch/arm/include/asm/mach-imx/mu_hal.h
similarity index 79%
rename from arch/arm/include/asm/arch-imx8ulp/mu_hal.h
rename to arch/arm/include/asm/mach-imx/mu_hal.h
index 10d966d5d43..5db559c1ac5 100644
--- a/arch/arm/include/asm/arch-imx8ulp/mu_hal.h
+++ b/arch/arm/include/asm/mach-imx/mu_hal.h
@@ -3,8 +3,8 @@
* Copyright 2021 NXP
*/
-#ifndef __IMX8ULP_MU_HAL_H__
-#define __IMX8ULP_MU_HAL_H__
+#ifndef __SNT_MU_HAL_H__
+#define __SNT_MU_HAL_H__
void mu_hal_init(ulong base);
int mu_hal_sendmsg(ulong base, u32 reg_index, u32 msg);
diff --git a/arch/arm/include/asm/arch-imx8ulp/s400_api.h
b/arch/arm/include/asm/mach-imx/s400_api.h
similarity index 100%
rename from arch/arm/include/asm/arch-imx8ulp/s400_api.h
rename to arch/arm/include/asm/mach-imx/s400_api.h
diff --git a/arch/arm/mach-imx/imx8ulp/ahab.c b/arch/arm/mach-imx/imx8ulp/ahab.c
new file mode 100644
index 00000000000..87c4c66a087
--- /dev/null
+++ b/arch/arm/mach-imx/imx8ulp/ahab.c
@@ -0,0 +1,345 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2020 NXP
+ */
+
+#include <common.h>
+#include <command.h>
+#include <errno.h>
+#include <asm/io.h>
+#include <asm/mach-imx/s400_api.h>
+#include <asm/mach-imx/sys_proto.h>
+#include <asm/arch-imx/cpu.h>
+#include <asm/arch/sys_proto.h>
+#include <asm/mach-imx/image.h>
+#include <console.h>
+#include <cpu_func.h>
+#include <asm/mach-imx/ahab.h>
+#include <asm/global_data.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+#define IMG_CONTAINER_BASE (0x22010000UL)
+#define IMG_CONTAINER_END_BASE (IMG_CONTAINER_BASE + 0xFFFFUL)
+
+#define AHAB_NO_AUTHENTICATION_IND 0xee
+#define AHAB_BAD_KEY_HASH_IND 0xfa
+#define AHAB_INVALID_KEY_IND 0xf9
+#define AHAB_BAD_SIGNATURE_IND 0xf0
+#define AHAB_BAD_HASH_IND 0xf1
+
+static void display_ahab_auth_ind(u32 event)
+{
+ u8 resp_ind = (event >> 8) & 0xff;
+
+ switch (resp_ind) {
+ case AHAB_NO_AUTHENTICATION_IND:
+ printf("AHAB_NO_AUTHENTICATION_IND (0x%02X)\n\n", resp_ind);
+ break;
+ case AHAB_BAD_KEY_HASH_IND:
+ printf("AHAB_BAD_KEY_HASH_IND (0x%02X)\n\n", resp_ind);
+ break;
+ case AHAB_INVALID_KEY_IND:
+ printf("AHAB_INVALID_KEY_IND (0x%02X)\n\n", resp_ind);
+ break;
+ case AHAB_BAD_SIGNATURE_IND:
+ printf("AHAB_BAD_SIGNATURE_IND (0x%02X)\n\n", resp_ind);
+ break;
+ case AHAB_BAD_HASH_IND:
+ printf("AHAB_BAD_HASH_IND (0x%02X)\n\n", resp_ind);
+ break;
+ default:
+ printf("Unknown Indicator (0x%02X)\n\n", resp_ind);
+ break;
+ }
+}
+
+int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
+{
+ int err;
+ u32 resp;
+
+ memcpy((void *)IMG_CONTAINER_BASE, (const void *)container,
+ ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
+
+ flush_dcache_range(IMG_CONTAINER_BASE,
+ IMG_CONTAINER_BASE + ALIGN(length,
CONFIG_SYS_CACHELINE_SIZE) - 1);
+
+ err = ahab_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp);
+ if (err) {
+ printf("Authenticate container hdr failed, return %d, resp
0x%x\n",
+ err, resp);
+ display_ahab_auth_ind(resp);
+ }
+
+ return err;
+}
+
+int ahab_auth_release(void)
+{
+ int err;
+ u32 resp;
+
+ err = ahab_release_container(&resp);
+ if (err) {
+ printf("Error: release container failed, resp 0x%x!\n", resp);
+ display_ahab_auth_ind(resp);
+ }
+
+ return err;
+}
+
+int ahab_verify_cntr_image(struct boot_img_t *img, int image_index)
+{
+ int err;
+ u32 resp;
+
+ err = ahab_verify_image(image_index, &resp);
+ if (err) {
+ printf("Authenticate img %d failed, return %d, resp 0x%x\n",
+ image_index, err, resp);
+ display_ahab_auth_ind(resp);
+ return -EIO;
+ }
+
+ return 0;
+}
+
+static inline bool check_in_dram(ulong addr)
+{
+ int i;
+ struct bd_info *bd = gd->bd;
+
+ for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
+ if (bd->bi_dram[i].size) {
+ if (addr >= bd->bi_dram[i].start &&
+ addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
+ return true;
+ }
+ }
+
+ return false;
+}
+
+int authenticate_os_container(ulong addr)
+{
+ struct container_hdr *phdr;
+ int i, ret = 0;
+ int err;
+ u16 length;
+ struct boot_img_t *img;
+ unsigned long s, e;
+
+ if (addr % 4) {
+ puts("Error: Image's address is not 4 byte aligned\n");
+ return -EINVAL;
+ }
+
+ if (!check_in_dram(addr)) {
+ puts("Error: Image's address is invalid\n");
+ return -EINVAL;
+ }
+
+ phdr = (struct container_hdr *)addr;
+ if (phdr->tag != 0x87 || phdr->version != 0x0) {
+ printf("Error: Wrong container header\n");
+ return -EFAULT;
+ }
+
+ if (!phdr->num_images) {
+ printf("Error: Wrong container, no image found\n");
+ return -EFAULT;
+ }
+
+ length = phdr->length_lsb + (phdr->length_msb << 8);
+
+ debug("container length %u\n", length);
+
+ err = ahab_auth_cntr_hdr(phdr, length);
+ if (err) {
+ ret = -EIO;
+ goto exit;
+ }
+
+ debug("Verify images\n");
+
+ /* Copy images to dest address */
+ for (i = 0; i < phdr->num_images; i++) {
+ img = (struct boot_img_t *)(addr +
+ sizeof(struct container_hdr) +
+ i * sizeof(struct boot_img_t));
+
+ debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
+ i, (uint32_t)img->dst, img->offset + addr, img->size);
+
+ memcpy((void *)img->dst, (const void *)(img->offset + addr),
img->size);
+
+ s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
+ e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
+
+ flush_dcache_range(s, e);
+
+ ret = ahab_verify_cntr_image(img, i);
+ if (ret)
+ goto exit;
+ }
+
+exit:
+ debug("ahab_auth_release, 0x%x\n", ret);
+ ahab_auth_release();
+
+ return ret;
+}
+
+static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ ulong addr;
+
+ if (argc < 2)
+ return CMD_RET_USAGE;
+
+ addr = simple_strtoul(argv[1], NULL, 16);
+
+ printf("Authenticate OS container at 0x%lx\n", addr);
+
+ if (authenticate_os_container(addr))
+ return CMD_RET_FAILURE;
+
+ return CMD_RET_SUCCESS;
+}
+
+static void display_life_cycle(u32 lc)
+{
+ printf("Lifecycle: 0x%08X, ", lc);
+ switch (lc) {
+ case 0x1:
+ printf("BLANK\n\n");
+ break;
+ case 0x2:
+ printf("FAB\n\n");
+ break;
+ case 0x4:
+ printf("NXP Provisioned\n\n");
+ break;
+ case 0x8:
+ printf("OEM Open\n\n");
+ break;
+ case 0x10:
+ printf("OEM Secure World Closed\n\n");
+ break;
+ case 0x20:
+ printf("OEM closed\n\n");
+ break;
+ case 0x40:
+ printf("Field Return OEM\n\n");
+ break;
+ case 0x80:
+ printf("Field Return NXP\n\n");
+ break;
+ case 0x100:
+ printf("OEM Locked\n\n");
+ break;
+ case 0x200:
+ printf("BRICKED\n\n");
+ break;
+ default:
+ printf("Unknown\n\n");
+ break;
+ }
+}
+
+static int confirm_close(void)
+{
+ puts("Warning: Please ensure your sample is in NXP closed state, "
+ "OEM SRK hash has been fused, \n"
+ " and you are able to boot a signed image successfully "
+ "without any SECO events reported.\n"
+ " If not, your sample will be unrecoverable.\n"
+ "\nReally perform this operation? <y/N>\n");
+
+ if (confirm_yesno())
+ return 1;
+
+ puts("Ahab close aborted\n");
+ return 0;
+}
+
+static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ int err;
+ u32 resp;
+
+ if (!confirm_close())
+ return -EACCES;
+
+ err = ahab_forward_lifecycle(8, &resp);
+ if (err != 0) {
+ printf("Error in forward lifecycle to OEM closed\n");
+ return -EIO;
+ }
+
+ printf("Change to OEM closed successfully\n");
+
+ return 0;
+}
+
+int ahab_dump(void)
+{
+ u32 buffer[32];
+ int ret, i = 0;
+
+ do {
+ ret = ahab_dump_buffer(buffer, 32);
+ if (ret < 0) {
+ printf("Error in dump AHAB log\n");
+ return -EIO;
+ }
+
+ if (ret == 1)
+ break;
+
+ for (i = 0; i < ret; i++)
+ printf("0x%x\n", buffer[i]);
+ } while (ret >= 21);
+
+ return 0;
+}
+
+static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const
argv[])
+{
+ return ahab_dump();
+}
+
+static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char
*const argv[])
+{
+ u32 lc;
+
+ lc = readl(FSB_BASE_ADDR + 0x41c);
+ lc &= 0x3f;
+
+ display_life_cycle(lc);
+ return 0;
+}
+
+U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
+ "autenticate OS container via AHAB",
+ "addr\n"
+ "addr - OS container hex address\n"
+);
+
+U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
+ "Change AHAB lifecycle to OEM closed",
+ ""
+);
+
+U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump,
+ "Dump AHAB log for debug",
+ ""
+);
+
+U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status,
+ "display AHAB lifecycle only",
+ ""
+);
diff --git a/arch/arm/mach-imx/imx8ulp/rdc.c b/arch/arm/mach-imx/imx8ulp/rdc.c
index e2eca0633e3..cc47079d8f5 100644
--- a/arch/arm/mach-imx/imx8ulp/rdc.c
+++ b/arch/arm/mach-imx/imx8ulp/rdc.c
@@ -8,8 +8,8 @@
#include <asm/types.h>
#include <asm/arch/imx-regs.h>
#include <asm/arch/sys_proto.h>
-#include <asm/arch/mu_hal.h>
-#include <asm/arch/s400_api.h>
+#include <asm/mach-imx/mu_hal.h>
+#include <asm/mach-imx/s400_api.h>
#include <asm/arch/rdc.h>
#include <div64.h>
diff --git a/arch/arm/mach-imx/imx8ulp/soc.c b/arch/arm/mach-imx/imx8ulp/soc.c
index 529fda4594e..999fb1f301f 100644
--- a/arch/arm/mach-imx/imx8ulp/soc.c
+++ b/arch/arm/mach-imx/imx8ulp/soc.c
@@ -14,8 +14,8 @@
#include <event.h>
#include <spl.h>
#include <asm/arch/rdc.h>
-#include <asm/arch/s400_api.h>
-#include <asm/arch/mu_hal.h>
+#include <asm/mach-imx/s400_api.h>
+#include <asm/mach-imx/mu_hal.h>
#include <cpu_func.h>
#include <asm/setup.h>
#include <dm.h>
diff --git a/board/freescale/imx8ulp_evk/spl.c
b/board/freescale/imx8ulp_evk/spl.c
index ece9ff26e92..e672f6ee6cb 100644
--- a/board/freescale/imx8ulp_evk/spl.c
+++ b/board/freescale/imx8ulp_evk/spl.c
@@ -19,7 +19,7 @@
#include <asm/arch/ddr.h>
#include <asm/arch/rdc.h>
#include <asm/arch/upower.h>
-#include <asm/arch/s400_api.h>
+#include <asm/mach-imx/s400_api.h>
DECLARE_GLOBAL_DATA_PTR;
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index 28d5da49ff1..4603b54f598 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -330,6 +330,13 @@ config NPCM_OTP
To compile this driver as a module, choose M here: the module
will be called npcm_otp.
+config IMX_SENTINEL
+ bool "Enable i.MX Sentinel MU driver and API"
+ depends on MISC && (ARCH_IMX9 || ARCH_IMX8ULP)
+ help
+ If you say Y here to enable Message Unit driver to work with
+ Sentinel core on some NXP i.MX processors.
+
config NUVOTON_NCT6102D
bool "Enable Nuvoton NCT6102D Super I/O driver"
help
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index 0bf05ca05ef..dcba39a15fc 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -50,6 +50,8 @@ obj-$(CONFIG_$(SPL_)I2C_EEPROM) += i2c_eeprom.o
obj-$(CONFIG_IHS_FPGA) += ihs_fpga.o
obj-$(CONFIG_IMX8) += imx8/
obj-$(CONFIG_IMX8ULP) += imx8ulp/
+obj-$(CONFIG_IMX8ULP) += imx8ulp/
+obj-$(CONFIG_IMX_SENTINEL) += sentinel/
obj-$(CONFIG_LED_STATUS) += status_led.o
obj-$(CONFIG_LED_STATUS_GPIO) += gpio_led.o
obj-$(CONFIG_MPC83XX_SERDES) += mpc83xx_serdes.o
diff --git a/drivers/misc/imx8ulp/Makefile b/drivers/misc/imx8ulp/Makefile
index 927cc552163..450e615e645 100644
--- a/drivers/misc/imx8ulp/Makefile
+++ b/drivers/misc/imx8ulp/Makefile
@@ -1,4 +1,3 @@
# SPDX-License-Identifier: GPL-2.0+
-obj-y += s400_api.o imx8ulp_mu.o
obj-$(CONFIG_CMD_FUSE) += fuse.o
diff --git a/drivers/misc/imx8ulp/fuse.c b/drivers/misc/imx8ulp/fuse.c
index 090e702d9f7..83d2c25731f 100644
--- a/drivers/misc/imx8ulp/fuse.c
+++ b/drivers/misc/imx8ulp/fuse.c
@@ -10,7 +10,7 @@
#include <asm/arch/sys_proto.h>
#include <asm/arch/imx-regs.h>
#include <env.h>
-#include <asm/arch/s400_api.h>
+#include <asm/mach-imx/s400_api.h>
#include <asm/global_data.h>
DECLARE_GLOBAL_DATA_PTR;
diff --git a/drivers/misc/sentinel/Makefile b/drivers/misc/sentinel/Makefile
new file mode 100644
index 00000000000..3e2f623b278
--- /dev/null
+++ b/drivers/misc/sentinel/Makefile
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: GPL-2.0+
+
+obj-y += s400_api.o s4mu.o
diff --git a/drivers/misc/imx8ulp/s400_api.c b/drivers/misc/sentinel/s400_api.c
similarity index 98%
rename from drivers/misc/imx8ulp/s400_api.c
rename to drivers/misc/sentinel/s400_api.c
index 87f5880ccb8..3d791bc868e 100644
--- a/drivers/misc/imx8ulp/s400_api.c
+++ b/drivers/misc/sentinel/s400_api.c
@@ -9,7 +9,7 @@
#include <malloc.h>
#include <asm/io.h>
#include <dm.h>
-#include <asm/arch/s400_api.h>
+#include <asm/mach-imx/s400_api.h>
#include <misc.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -275,8 +275,8 @@ int ahab_release_caam(u32 core_did, u32 *response)
int ahab_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response)
{
struct udevice *dev = gd->arch.s400_dev;
- int size = sizeof(struct imx8ulp_s400_msg);
- struct imx8ulp_s400_msg msg;
+ int size = sizeof(struct sentinel_msg);
+ struct sentinel_msg msg;
int ret;
if (!dev) {
diff --git a/drivers/misc/imx8ulp/imx8ulp_mu.c b/drivers/misc/sentinel/s4mu.c
similarity index 98%
rename from drivers/misc/imx8ulp/imx8ulp_mu.c
rename to drivers/misc/sentinel/s4mu.c
index 333ebdf5765..121a81060a6 100644
--- a/drivers/misc/imx8ulp/imx8ulp_mu.c
+++ b/drivers/misc/sentinel/s4mu.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
/*
- * Copyright 2020 NXP
+ * Copyright 2020-2022 NXP
*/
#include <common.h>
@@ -9,7 +9,7 @@
#include <dm/lists.h>
#include <dm/root.h>
#include <dm/device-internal.h>
-#include <asm/arch/s400_api.h>
+#include <asm/mach-imx/s400_api.h>
#include <asm/arch/imx-regs.h>
#include <linux/iopoll.h>
#include <misc.h>
--
2.36.0
