1 // SPDX-License-Identifier: GPL-2.0+
3 * K2x: Secure commands file
5 * Copyright (C) 2012-2019 Texas Instruments Incorporated - http://www.ti.com/
9 #include <asm/unaligned.h>
14 asm(".arch_extension sec\n\t");
16 int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr)
20 __asm__ __volatile__ (
30 : "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr)
31 : "cc", "r0", "r1", "r2", "r3", "memory");
35 int mon_power_on(int core_id, void *ep)
48 : "r" (core_id), "r" (ep)
49 : "cc", "r0", "r1", "r2", "memory");
53 int mon_power_off(int core_id)
66 : "cc", "r0", "r1", "memory");
70 #ifdef CONFIG_TI_SECURE_DEVICE
71 #define KS2_HS_SEC_HEADER_LEN 0x60
72 #define KS2_HS_SEC_TAG_OFFSET 0x34
73 #define KS2_AUTH_CMD 130
76 * k2_hs_bm_auth() - Invokes security functions using a
77 * proprietary TI interface. This binary and source for
78 * this is available in the secure development package or
79 * SECDEV. For details on how to access this please refer
80 * doc/README.ti-secure
82 * @cmd: Secure monitor command
83 * @arg1: Argument for command
85 * returns non-zero value on success, zero on error
87 static int k2_hs_bm_auth(int cmd, void *arg1)
92 "stmfd r13!, {r4-r12, lr}\n"
97 "ldmfd r13!, {r4-r12, lr}\n"
99 : "r" (cmd), "r" (arg1)
100 : "cc", "r0", "r1", "memory");
105 void board_fit_image_post_process(void **p_image, size_t *p_size)
108 void *image = *p_image;
110 if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) {
111 printf("No signature found in image!\n");
115 result = k2_hs_bm_auth(KS2_AUTH_CMD, image);
117 printf("Authentication failed!\n");
122 * Overwrite the image headers after authentication
123 * and decryption. Update size to reflect removal
124 * of header and restore original file size.
126 *p_size = get_unaligned_le32(image + (*p_size - 4));
127 memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size);
130 * Output notification of successful authentication to re-assure the
131 * user that the secure code is being processed as expected. However
132 * suppress any such log output in case of building for SPL and booting
133 * via YMODEM. This is done to avoid disturbing the YMODEM serial
134 * protocol transactions.
136 if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
137 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
138 spl_boot_device() == BOOT_DEVICE_UART))
139 printf("Authentication passed\n");