Some TI K3 SoCs like J721S2, J784S4, and J722S have a HSM (High Security Module) M4F core in the Wakeup Voltage Domain which could be used to run secure services like Authentication. Boot flow for HSM M4 core is different than the general purpose M4F cores, and is as below:
1. Request control of HSM M4F remote processor. 2. Assert Reset on the HSM M4F remote processor. 3. Request Secure Entity to Authenticate and Load HSM firmware into core's internal SRAM memory region. For GP device, load the firmware manually into core's SRAM region. 4. Deassert Reset on the HSM M4F remote processor. 5. Release control of HSM M4F remote processor. This series adds support to boot HSM M4 core from R5 SPL stage. The HSM firmware is packed inside the tispl.bin fit image. The firmware is unpacked into a temporary DDR address which is then used to load HSM core. The configs to boot HSM M4 core are disabled by default. Note: This series is dependent on the device-tree changes series posted to Kernel mailing list: https://lore.kernel.org/all/[email protected]/ v3: Changelog: [Andrew]: 1. Added dedicated remoteproc driver for booting HSM core. 2. Added support for signing HSM firmware images in U-Boot. [Anshul] General: 1. Add support for booting HSM on J722S SoC as well. Link to v2: http://lore.kernel.org/all/[email protected]/ v2: Changelog: [Andrew]: 1. Added support in SPL to load FIT images with no 'load' property. 2. Removed 'default = n' in CONFIG option. 3. Used __maybe_unused to decrease preprocessing. 4. Better error messages with error code. [Udit]: 1. Added 'HSM' entries in enum at the last. 2. Added error condition in if-elseif-else ladder. 3. Hang System boot when HSM failed to boot properly. Link to v1: https://lore.kernel.org/all/[email protected]/ Testing done: 1. Tested HSM boot across GP, HS-FS, HS-SE device types for J721S2, J784S4 and J722S SoCs. Logs after enabling HSM boot configs: https://gist.github.com/3V3RYONE/ad33683652c8c49e4fedab49f0493e79 Beleswar Padhi (11): spl: Use FIT data address as fallback when 'load' property is absent arm: mach-k3: Use FIT image data addr as fallback if 'load' prop is missing arm: mach-k3: Explicitly identify TIFSSTUB images when discarding buffers arm: mach-k3: Add config option for packaging HSM firmware arm: dts: k3-binman: Add template for packing HSM firmware arm: dts: k3-{j721s2/j722s/j784s4}-binman: Pack HSM firmware inside tispl.bin binman: openssl: Add boot and load extensions to x509 cert arm: dts: k3-{j721s2/j722s/j784s4}-r5.dtsi: Enable HSM core remoteproc: k3-hsm: Introduce a remoteproc driver for K3 HSM core arm: mach-k3: r5: common: Invoke boot of HSM M4 core configs: j722s_evm_r5_hsmboot: Add new defconfig to show HSM boot MAINTAINERS | 1 + arch/arm/dts/k3-binman.dtsi | 20 ++ arch/arm/dts/k3-j721s2-binman.dtsi | 12 ++ arch/arm/dts/k3-j721s2-r5.dtsi | 5 + arch/arm/dts/k3-j722s-binman.dtsi | 12 ++ arch/arm/dts/k3-j722s-r5-evm.dts | 5 + arch/arm/dts/k3-j784s4-binman.dtsi | 14 ++ arch/arm/dts/k3-j784s4-r5.dtsi | 4 + arch/arm/mach-k3/Kconfig | 7 + arch/arm/mach-k3/r5/common.c | 43 ++++- common/spl/spl_fit.c | 16 +- configs/j722s_evm_r5_hsmboot_defconfig | 41 ++++ drivers/remoteproc/Kconfig | 10 + drivers/remoteproc/Makefile | 1 + drivers/remoteproc/ti_k3_hsm_rproc.c | 252 +++++++++++++++++++++++++ tools/binman/btool/openssl.py | 49 ++++- tools/binman/etype/ti_secure.py | 18 ++ tools/binman/etype/x509_cert.py | 4 +- 18 files changed, 505 insertions(+), 9 deletions(-) create mode 100644 configs/j722s_evm_r5_hsmboot_defconfig create mode 100644 drivers/remoteproc/ti_k3_hsm_rproc.c -- 2.34.1
