diff options
author | Biju Das <biju.das.jz@bp.renesas.com> | 2020-12-16 11:11:09 +0000 |
---|---|---|
committer | Biju Das <biju.das.jz@bp.renesas.com> | 2021-01-13 13:03:49 +0000 |
commit | 9a0c8b7c579032817d0159a9c4474d18a3fd9ed9 (patch) | |
tree | 472b91fa2e7f528219bf92d767422ec30f71b98a /drivers/renesas/rcar | |
parent | 6f97490e2fd97a4e8fca82f4fb57cb1f52fa4958 (diff) | |
download | trusted-firmware-a-9a0c8b7c579032817d0159a9c4474d18a3fd9ed9.tar.gz |
drivers: renesas: auth: Move to common
Move authentication driver code to common directory, so that the
same code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I02592dfc714998bf89b9feaa78f685ae36be6f59
Diffstat (limited to 'drivers/renesas/rcar')
-rw-r--r-- | drivers/renesas/rcar/auth/auth_mod.c | 172 |
1 files changed, 0 insertions, 172 deletions
diff --git a/drivers/renesas/rcar/auth/auth_mod.c b/drivers/renesas/rcar/auth/auth_mod.c deleted file mode 100644 index 4aa86e2a4a..0000000000 --- a/drivers/renesas/rcar/auth/auth_mod.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2015-2020, Renesas Electronics Corporation. All rights - * reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include <stddef.h> - -#include <arch_helpers.h> -#include <common/debug.h> -#include <lib/mmio.h> -#include <plat/common/platform.h> - -#include <platform_def.h> -#include "rom_api.h" - -typedef int32_t(*secure_boot_api_f) (uint32_t a, uint32_t b, void *c); -extern int32_t rcar_get_certificate(const int32_t name, uint32_t *cert_addr); - -#define RCAR_IMAGE_ID_MAX (10) -#define RCAR_CERT_MAGIC_NUM (0xE291F358U) -#define RCAR_BOOT_KEY_CERT (0xE6300C00U) -#define RCAR_BOOT_KEY_CERT_NEW (0xE6300F00U) -#define RST_BASE (0xE6160000U) -#define RST_MODEMR (RST_BASE + 0x0060U) -#define MFISOFTMDR (0xE6260600U) -#define MODEMR_MD5_MASK (0x00000020U) -#define MODEMR_MD5_SHIFT (5U) -#define SOFTMD_BOOTMODE_MASK (0x00000001U) -#define SOFTMD_NORMALBOOT (0x1U) - -static secure_boot_api_f secure_boot_api; - -int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id) -{ - return 1; -} - -int auth_mod_verify_img(unsigned int img_id, void *ptr, unsigned int len) -{ - int32_t ret = 0, index = 0; - uint32_t cert_addr = 0U; - static const struct img_to_cert_t { - uint32_t id; - int32_t cert; - const char *name; - } image[RCAR_IMAGE_ID_MAX] = { - { BL31_IMAGE_ID, SOC_FW_CONTENT_CERT_ID, "BL31" }, - { BL32_IMAGE_ID, TRUSTED_OS_FW_CONTENT_CERT_ID, "BL32" }, - { BL33_IMAGE_ID, NON_TRUSTED_FW_CONTENT_CERT_ID, "BL33" }, - { BL332_IMAGE_ID, BL332_CERT_ID, "BL332" }, - { BL333_IMAGE_ID, BL333_CERT_ID, "BL333" }, - { BL334_IMAGE_ID, BL334_CERT_ID, "BL334" }, - { BL335_IMAGE_ID, BL335_CERT_ID, "BL335" }, - { BL336_IMAGE_ID, BL336_CERT_ID, "BL336" }, - { BL337_IMAGE_ID, BL337_CERT_ID, "BL337" }, - { BL338_IMAGE_ID, BL338_CERT_ID, "BL338" }, - }; - -#if IMAGE_BL2 - switch (img_id) { - case TRUSTED_KEY_CERT_ID: - case SOC_FW_KEY_CERT_ID: - case TRUSTED_OS_FW_KEY_CERT_ID: - case NON_TRUSTED_FW_KEY_CERT_ID: - case BL332_KEY_CERT_ID: - case BL333_KEY_CERT_ID: - case BL334_KEY_CERT_ID: - case BL335_KEY_CERT_ID: - case BL336_KEY_CERT_ID: - case BL337_KEY_CERT_ID: - case BL338_KEY_CERT_ID: - case SOC_FW_CONTENT_CERT_ID: - case TRUSTED_OS_FW_CONTENT_CERT_ID: - case NON_TRUSTED_FW_CONTENT_CERT_ID: - case BL332_CERT_ID: - case BL333_CERT_ID: - case BL334_CERT_ID: - case BL335_CERT_ID: - case BL336_CERT_ID: - case BL337_CERT_ID: - case BL338_CERT_ID: - return ret; - case BL31_IMAGE_ID: - case BL32_IMAGE_ID: - case BL33_IMAGE_ID: - case BL332_IMAGE_ID: - case BL333_IMAGE_ID: - case BL334_IMAGE_ID: - case BL335_IMAGE_ID: - case BL336_IMAGE_ID: - case BL337_IMAGE_ID: - case BL338_IMAGE_ID: - goto verify_image; - default: - return -1; - } - -verify_image: - for (index = 0; index < RCAR_IMAGE_ID_MAX; index++) { - if (img_id != image[index].id) - continue; - - ret = rcar_get_certificate(image[index].cert, &cert_addr); - break; - } - - if (ret || (index == RCAR_IMAGE_ID_MAX)) { - ERROR("Verification Failed for image id = %d\n", img_id); - return ret; - } -#if RCAR_BL2_DCACHE == 1 - /* clean and disable */ - write_sctlr_el3(read_sctlr_el3() & ~SCTLR_C_BIT); - dcsw_op_all(DCCISW); -#endif - ret = (mmio_read_32(RCAR_BOOT_KEY_CERT_NEW) == RCAR_CERT_MAGIC_NUM) ? - secure_boot_api(RCAR_BOOT_KEY_CERT_NEW, cert_addr, NULL) : - secure_boot_api(RCAR_BOOT_KEY_CERT, cert_addr, NULL); - if (ret) - ERROR("Verification Failed 0x%x, %s\n", ret, image[index].name); - -#if RCAR_BL2_DCACHE == 1 - /* enable */ - write_sctlr_el3(read_sctlr_el3() | SCTLR_C_BIT); -#endif /* RCAR_BL2_DCACHE */ - -#endif /* IMAGE_BL2 */ - return ret; -} - -static int32_t normal_boot_verify(uint32_t a, uint32_t b, void *c) -{ - return 0; -} - -void auth_mod_init(void) -{ -#if RCAR_SECURE_BOOT - uint32_t soft_md = mmio_read_32(MFISOFTMDR) & SOFTMD_BOOTMODE_MASK; - uint32_t md = mmio_read_32(RST_MODEMR) & MODEMR_MD5_MASK; - uint32_t lcs, ret; - - secure_boot_api = (secure_boot_api_f) &rcar_rom_secure_boot_api; - - ret = rcar_rom_get_lcs(&lcs); - if (ret) { - ERROR("BL2: Failed to get the LCS. (%d)\n", ret); - panic(); - } - - switch (lcs) { - case LCS_SE: - if (soft_md == SOFTMD_NORMALBOOT) - secure_boot_api = &normal_boot_verify; - break; - case LCS_SD: - secure_boot_api = &normal_boot_verify; - break; - default: - if (md >> MODEMR_MD5_SHIFT) - secure_boot_api = &normal_boot_verify; - } - - NOTICE("BL2: %s boot\n", - secure_boot_api == &normal_boot_verify ? "Normal" : "Secure"); -#else - NOTICE("BL2: Normal boot\n"); - secure_boot_api = &normal_boot_verify; -#endif -} |