/*
* K3: Security functions
*
- * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
+ * Copyright (C) 2018-2022 Texas Instruments Incorporated - http://www.ti.com/
* Andrew F. Davis <afd@ti.com>
*/
+#include <asm/io.h>
#include <common.h>
#include <cpu_func.h>
#include <dm.h>
#include <spl.h>
#include <asm/arch/sys_proto.h>
+#include "common.h"
+
+static bool ti_secure_cert_detected(void *p_image)
+{
+ /* Primitive certificate detection, check for DER starting with
+ * two 4-Octet SEQUENCE tags
+ */
+ return (((u8 *)p_image)[0] == 0x30 && ((u8 *)p_image)[1] == 0x82 &&
+ ((u8 *)p_image)[4] == 0x30 && ((u8 *)p_image)[5] == 0x82);
+}
+
void ti_secure_image_post_process(void **p_image, size_t *p_size)
{
struct ti_sci_handle *ti_sci = get_ti_sci_handle();
image_addr = (uintptr_t)*p_image;
image_size = *p_size;
+ if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
+ !ti_secure_cert_detected(*p_image)) {
+ printf("Warning: Did not detect image signing certificate. "
+ "Skipping authentication to prevent boot failure. "
+ "This will fail on Security Enforcing(HS-SE) devices\n");
+ return;
+ }
+
debug("Authenticating image at address 0x%016llx\n", image_addr);
debug("Authenticating image of size %d bytes\n", image_size);
projects / platform / kernel / u-boot.git / commitdiff