diff options
| author | Siew Chin Lim <elly.siew.chin.lim@intel.com> | 2021-02-03 11:16:16 +0800 |
|---|---|---|
| committer | Yau Wai Gan <yau.wai.gan@intel.com> | 2021-02-08 19:16:01 +0800 |
| commit | f3e2b7e1cddfbd8ad53ae15725dff665b8af7ca6 (patch) | |
| tree | 11547ebc330c10a0fe476eb04e758fa763bccbcc | |
| parent | d36a18a84c52d176788772b5d81b3776a122f4fb (diff) | |
| download | u-boot-socfpga-f3e2b7e1cddfbd8ad53ae15725dff665b8af7ca6.tar.gz | |
HSD #22012007836: arm: socfpga: Relocate vab certificate to first memory block
Relocate vab certificate to first memory bank before trigger SMC call
to send mailbox command because ATF only able to access first memory bank.
This allow user to use the 'vab' command transparently, without
having to keep track which memory address can be used.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
---
v2: Return error if mbox_relocate_data_addr is NULL.
| -rw-r--r-- | arch/arm/mach-socfpga/secure_vab.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach-socfpga/secure_vab.c index 3362a17c95..34dbd7125c 100644 --- a/arch/arm/mach-socfpga/secure_vab.c +++ b/arch/arm/mach-socfpga/secure_vab.c @@ -44,8 +44,7 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size) u8 hash384[SHA384_SUM_LEN]; u64 img_addr, mbox_data_addr; size_t img_sz, mbox_data_sz; - u8 *cert_hash_ptr; - u32 backup_word; + u8 *cert_hash_ptr, *mbox_relocate_data_addr; u32 resp = 0, resp_len = 1; int ret; @@ -88,24 +87,35 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size) mbox_data_sz = (ALIGN(*p_size - img_sz, 4)) >> 2; debug("mbox_data_addr = 0x%016llx\n", mbox_data_addr); - debug("mbox_data_sz = %ld\n", mbox_data_sz); + debug("mbox_data_sz = %ld words\n", mbox_data_sz); - /* We need to use the 4 bytes before the certificate for T */ - backup_word = *(u32 *)mbox_data_addr; - /* T = 0 */ - *(u32 *)mbox_data_addr = 0; + /* + * Relocate certificate to first memory block before trigger SMC call + * to send mailbox command because ATF only able to access first + * memory block. + */ + mbox_relocate_data_addr = (u8 *)malloc(mbox_data_sz * sizeof(u32)); + if (mbox_relocate_data_addr == NULL) { + puts("Out of memory for VAB certificate relocation!\n"); + return -ENOMEM; + } + + memcpy(mbox_relocate_data_addr, (u8 *)mbox_data_addr, mbox_data_sz * sizeof(u32)); + *(u32 *)mbox_relocate_data_addr = 0; + + debug("mbox_relocate_data_addr = 0x%p\n", mbox_relocate_data_addr); do { #if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF) /* Invoke SMC call to ATF to send the VAB certificate to SDM */ ret = smc_send_mailbox(MBOX_VAB_SRC_CERT, mbox_data_sz, - (u32 *)mbox_data_addr, 0, &resp_len, + (u32 *)mbox_relocate_data_addr, 0, &resp_len, &resp); #else /* Send the VAB certficate to SDM for authentication */ ret = mbox_send_cmd(MBOX_ID_UBOOT, MBOX_VAB_SRC_CERT, MBOX_CMD_DIRECT, mbox_data_sz, - (u32 *)mbox_data_addr, 0, &resp_len, + (u32 *)mbox_relocate_data_addr, 0, &resp_len, &resp); #endif /* If SDM is not available, just delay 50ms and retry again */ @@ -115,8 +125,8 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size) break; } while (--retry_count); - /* Restore the original 4 bytes */ - *(u32 *)mbox_data_addr = backup_word; + /* Free the relocate certificate memory space */ + free(mbox_relocate_data_addr); /* Exclude the size of the VAB certificate from image size */ *p_size = img_sz; |