author | Haixiang Bao <haixiang.bao@amlogic.com> | 2018-12-19 12:52:01 (GMT) |
---|---|---|
committer | Luan Yuan <luan.yuan@amlogic.com> | 2018-12-20 13:59:14 (GMT) |
commit | 3b4fd437a14d0e9bbfef75035c5960e99a83217a (patch) | |
tree | baccf599ecf2b8fc0a848ad6e67721d3be39ec6b | |
parent | 54a6a7dd2bc86973887aef3c55f4ece2e3946170 (diff) | |
download | uboot-3b4fd437a14d0e9bbfef75035c5960e99a83217a.zip uboot-3b4fd437a14d0e9bbfef75035c5960e99a83217a.tar.gz uboot-3b4fd437a14d0e9bbfef75035c5960e99a83217a.tar.bz2 |
BL33: EFUSE: use EFUSE_LICX for Riscure review [1/1]
PD#SWPL-3175
Problem:
Riscure code review report EFUSE license should use EFUSE_LICx but not
AO_SEC_SD_CFG10/9 any more
Solution:
For G12A/G12B/TL1... which have EFUSE_LICx will use them instead
of AO_SEC_SD_CFG10/9
EFUSE_LIC0/1/2/3 -> AO_SEC_SD_CFG10/9
Verify:
axg/g12a/g12b/gxb/gxl/gxtvbb/tl1/txhd/txl/txlx skt board verify on the way
Change-Id: I13979aecf4e6e58f6d3469b110b500bc83d18e25
Signed-off-by: Haixiang Bao <haixiang.bao@amlogic.com>
-rw-r--r-- | common/aml_dt.c | 30 | ||||
-rw-r--r-- | common/cmd_bootm.c | 10 | ||||
-rw-r--r-- | common/cmd_imgread.c | 10 | ||||
-rw-r--r-- | drivers/efuse/Makefile | 1 | ||||
-rw-r--r-- | drivers/efuse/aml_efuse.c | 72 | ||||
-rw-r--r-- | drivers/keymanage/km_efuse_key.c | 6 | ||||
-rw-r--r-- | drivers/usb/gadget/v2_burning/v2_sdc_burn/optimus_sdc_burn.c | 11 | ||||
-rw-r--r-- | include/amlogic/aml_efuse.h | 70 |
8 files changed, 159 insertions, 51 deletions
diff --git a/common/aml_dt.c b/common/aml_dt.c index bbe6463..ca967de 100644 --- a/common/aml_dt.c +++ b/common/aml_dt.c @@ -8,6 +8,8 @@ #include <asm/arch/bl31_apis.h> #include <partition_table.h> +#include <amlogic/aml_efuse.h> + //#define AML_DT_DEBUG #ifdef AML_DT_DEBUG #define dbg_printf(...) printf(__VA_ARGS__) @@ -42,24 +44,6 @@ //#define readl(addr) (*(volatile unsigned int*)(addr)) extern int checkhw(char * name); -/* return 1 if dtb is encrpted */ -int is_dtb_encrypt(unsigned char *buffer) -{ -#if 0 - unsigned int magic = *(unsigned int*)buffer; - - if ((DT_HEADER_MAGIC == magic) - || (AML_DT_HEADER_MAGIC == magic) - || (IS_GZIP_FORMAT(magic))) - return 0; - return 1; -#else - const unsigned long cfg10 = readl(AO_SEC_SD_CFG10); - /*KM_MSG("cfg10=0x%lX\n", cfg10);*/ - return ( cfg10 & (0x1<< 4) ); -#endif//#if 0 -} - unsigned long __attribute__((unused)) get_multi_dt_entry(unsigned long fdt_addr){ unsigned int dt_magic = readl(fdt_addr); @@ -242,11 +226,6 @@ unsigned long __attribute__((unused)) return 0; } -static int is_secure_boot_enabled(void) -{ - const unsigned long cfg10 = readl(AO_SEC_SD_CFG10); - return ( cfg10 & (0x1<< 4) ); -} /* return 0 if dts is valid @@ -260,9 +239,8 @@ int check_valid_dts(unsigned char *buffer) unsigned char *sbuffer = (unsigned char *)getenv_hex("loadaddr", CONFIG_DTB_MEM_ADDR + 0x100000); /* g12a merge to trunk, use trunk code */ //unsigned char *sbuffer = (unsigned char *)0x1000000; - if (is_secure_boot_enabled()) { + if (IS_FEAT_BOOT_VERIFY()) { - if (is_dtb_encrypt(buffer)) { memcpy(sbuffer, buffer, AML_DTB_IMG_MAX_SZ); flush_cache((unsigned long)sbuffer, AML_DTB_IMG_MAX_SZ); ret = aml_sec_boot_check(AML_D_P_IMG_DECRYPT, (long unsigned)sbuffer, AML_DTB_IMG_MAX_SZ, 0); @@ -280,8 +258,6 @@ int check_valid_dts(unsigned char *buffer) memcpy(buffer, sbuffer + nCheckOffset, AML_DTB_IMG_MAX_SZ); } - - } #ifdef CONFIG_MULTI_DTB dt_addr = (char *)get_multi_dt_entry((unsigned long)buffer); #else diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index b78b2e2..860a0a8 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -29,6 +29,8 @@ #endif #include <asm/arch/secure_apb.h> +#include <amlogic/aml_efuse.h> + DECLARE_GLOBAL_DATA_PTR; #if defined(CONFIG_CMD_IMI) @@ -94,12 +96,6 @@ static int do_bootm_subcommand(cmd_tbl_t *cmdtp, int flag, int argc, return ret; } -static int is_secure_boot_enabled(void) -{ - const unsigned long cfg10 = readl(AO_SEC_SD_CFG10); - return ( cfg10 & (0x1<< 4) ); -} - /*******************************************************************/ /* bootm - boot application image from image in memory */ /*******************************************************************/ @@ -254,7 +250,7 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) #endif #endif//#ifndef CONFIG_AML_SIGNED_UBOOT - if (is_secure_boot_enabled()) + if (IS_FEAT_BOOT_VERIFY()) { /* Override load address argument to skip secure boot header (512). * Only skip if secure boot so normal boot can use plain boot.img+ */ diff --git a/common/cmd_imgread.c b/common/cmd_imgread.c index 1bb3330..ebf230d 100644 --- a/common/cmd_imgread.c +++ b/common/cmd_imgread.c @@ -18,6 +18,8 @@ #include <asm/arch/secure_apb.h> #include <libfdt.h> +#include <amlogic/aml_efuse.h> + typedef struct andr_img_hdr boot_img_hdr; #define debugP(fmt...) //printf("[Dbg imgread]L%d:", __LINE__),printf(fmt) @@ -78,12 +80,6 @@ typedef struct{ #define COMPILE_TYPE_ASSERT(expr, t) typedef char t[(expr) ? 1 : -1] COMPILE_TYPE_ASSERT(2048 >= sizeof(AmlSecureBootImgHeader), _cc); -static int is_secure_boot_enabled(void) -{ - const unsigned long cfg10 = readl(AO_SEC_SD_CFG10); - return ( cfg10 & (0x1<< 4) ); -} - static int is_andr_9_image(void* pBuffer) { int nReturn = 0; @@ -121,7 +117,7 @@ static int _aml_get_secure_boot_kernel_size(const void* pLoadaddr, unsigned* pTo unsigned int nBlkCnt = 0; const t_aml_enc_blk* pBlkInf = NULL; unsigned char *pAndHead = (unsigned char *)pLoadaddr; - unsigned int isSecure = is_secure_boot_enabled(); + unsigned int isSecure = IS_FEAT_BOOT_VERIFY(); rc = __LINE__; diff --git a/drivers/efuse/Makefile b/drivers/efuse/Makefile index 83988eb..164c1b8 100644 --- a/drivers/efuse/Makefile +++ b/drivers/efuse/Makefile @@ -22,6 +22,7 @@ # obj-$(CONFIG_EFUSE) += efuse.o +obj-$(CONFIG_EFUSE) += aml_efuse.o ifdef CONFIG_OF_LIBFDT obj-$(CONFIG_EFUSE) += efuse_usr_space_api.o endif diff --git a/drivers/efuse/aml_efuse.c b/drivers/efuse/aml_efuse.c new file mode 100644 index 0000000..c4e6887 --- a/dev/null +++ b/drivers/efuse/aml_efuse.c @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2014-2018 Amlogic, Inc. All rights reserved. + * + * All information contained herein is Amlogic confidential. + * + * This software is provided to you pursuant to Software License Agreement + * (SLA) with Amlogic Inc ("Amlogic"). This software may be used + * only in accordance with the terms of this agreement. + * + * Redistribution and use in source and binary forms, with or without + * modification is strictly prohibited without prior written permission from + * Amlogic. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/* + * + * Copyright (C) 2018 Amlogic, Inc. All rights reserved. +*/ + +#include <common.h> +#include <asm/arch/io.h> +#include <amlogic/aml_efuse.h> +#include <asm/arch/secure_apb.h> + +//weak function for EFUSE license query +//all following functions are defined with "weak" for customization of each SoC +//EFUSE_LICX --> AO_SEC_SD_CFG10/9 --> EFUSE mirror +int __attribute__((weak)) IS_FEAT_BOOT_VERIFY(void) +{ + #ifndef ADDR_IS_FEAT_BOOT_VERIFY + #ifdef EFUSE_LIC0 + #define ADDR_IS_FEAT_BOOT_VERIFY (EFUSE_LIC0) + #define OSET_IS_FEAT_BOOT_VERIFY (0) + #else + #define ADDR_IS_FEAT_BOOT_VERIFY (AO_SEC_SD_CFG10) + #define OSET_IS_FEAT_BOOT_VERIFY (4) + #endif + #endif + + return ((readl(ADDR_IS_FEAT_BOOT_VERIFY) >> OSET_IS_FEAT_BOOT_VERIFY) & 1); + + #undef ADDR_IS_FEAT_BOOT_VERIFY + #undef OSET_IS_FEAT_BOOT_VERIFY +} +int __attribute__((weak)) IS_FEAT_BOOT_ENCRYPT(void) +{ + #ifndef ADDR_IS_FEAT_BOOT_ENCRYPT + #ifdef EFUSE_LIC0 + #define ADDR_IS_FEAT_BOOT_ENCRYPT (EFUSE_LIC0) + #define OSET_IS_FEAT_BOOT_ENCRYPT (1) + #else + #define ADDR_IS_FEAT_BOOT_ENCRYPT (AO_SEC_SD_CFG10) + #define OSET_IS_FEAT_BOOT_ENCRYPT (28) + #endif + #endif + + return ((readl(ADDR_IS_FEAT_BOOT_ENCRYPT) >> OSET_IS_FEAT_BOOT_ENCRYPT) & 1); + + #undef ADDR_IS_FEAT_BOOT_ENCRYPT + #undef OSET_IS_FEAT_BOOT_ENCRYPT +} diff --git a/drivers/keymanage/km_efuse_key.c b/drivers/keymanage/km_efuse_key.c index ded4a51..d71b0ef 100644 --- a/drivers/keymanage/km_efuse_key.c +++ b/drivers/keymanage/km_efuse_key.c @@ -13,6 +13,8 @@ #include <asm/arch/secure_apb.h> #include <asm/io.h> +#include <amlogic/aml_efuse.h> + #define SECURE_BOOT_KEY_NAME "secure_boot_set" extern int efuse_usr_api_init_dtb(const char* dt_addr); @@ -91,9 +93,9 @@ int keymanage_efuse_exist(const char* keyname) if (!strcmp(SECURE_BOOT_KEY_NAME, keyname)) { - const unsigned long cfg10 = readl(AO_SEC_SD_CFG10); + const unsigned long cfg10 = IS_FEAT_BOOT_VERIFY(); KM_MSG("cfg10=0x%lX\n", cfg10); - return ( cfg10 & (0x1<< 4) ); + return ( cfg10 ); } else { diff --git a/drivers/usb/gadget/v2_burning/v2_sdc_burn/optimus_sdc_burn.c b/drivers/usb/gadget/v2_burning/v2_sdc_burn/optimus_sdc_burn.c index 2e4a68c..16cb239 100644 --- a/drivers/usb/gadget/v2_burning/v2_sdc_burn/optimus_sdc_burn.c +++ b/drivers/usb/gadget/v2_burning/v2_sdc_burn/optimus_sdc_burn.c @@ -14,6 +14,8 @@ #include <asm/arch/secure_apb.h> #include <asm/io.h> +#include <amlogic/aml_efuse.h> + static int is_bootloader_old(void) { int sdc_boot = is_tpl_loaded_from_ext_sdmmc(); @@ -325,13 +327,6 @@ int optimus_report_burn_complete_sta(int isFailed, int rebootAfterBurn) return 0; } -static int _check_if_secureboot_enabled(void) -{ - const unsigned long cfg10 = readl(AO_SEC_SD_CFG10); - DWN_MSG("cfg10=0x%lX\n", cfg10); - return ( cfg10 & (0x1<< 4) ); -} - int optimus_sdc_burn_dtb_load(HIMAGE hImg) { s64 itemSz = 0; @@ -342,7 +337,7 @@ int optimus_sdc_burn_dtb_load(HIMAGE hImg) unsigned char* dtbTransferBuf = (unsigned char*)partBaseOffset; //meson1.dtb but not meson.dtb for m8 compatible - if (_check_if_secureboot_enabled()) { + if (IS_FEAT_BOOT_VERIFY()) { DWN_MSG("SecureEnabled, use meson1_ENC\n"); hImgItem = image_item_open(hImg, partName, "meson1_ENC"); } diff --git a/include/amlogic/aml_efuse.h b/include/amlogic/aml_efuse.h new file mode 100644 index 0000000..72ce961 --- a/dev/null +++ b/include/amlogic/aml_efuse.h @@ -0,0 +1,70 @@ + +/* + * + * Copyright (C) 2018 Amlogic, Inc. All rights reserved. +*/ + +#ifndef __BL2_EFUSE_H__ +#define __BL2_EFUSE_H__ + +#if 0 +//just keep following CFG10/9 for new API implement +#define IS_FEAT_USB_PD_CHK_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 1)) +#define IS_FEAT_THERMAL_CALIBRATED() (readl(AO_SEC_SD_CFG10) & (1 << 2)) +#define IS_FEAT_BOOT_VERIFY() (readl(AO_SEC_SD_CFG10) & (1 << 4)) +#define IS_FEAT_ROOT_KEY_BURNED() (readl(AO_SEC_SD_CFG10) & (1 << 5)) +#define IS_FEAT_PLL_SET_BURNED() (readl(AO_SEC_SD_CFG10) & (1 << 6)) +#define IS_FEAT_M3_PLL_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 7)) +#define IS_FEAT_M4_PLL_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 7)) +#define IS_FEAT_A53_PLL_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 8)) +#define IS_FEAT_NAMD_EXT_CMD_BURNED() (readl(AO_SEC_SD_CFG10) & (1 << 9)) +#define IS_FEAT_JTG_PD_CHK_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 11)) +#define IS_FEAT_JTG_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 12)) +#define IS_FEAT_CHIP_ID_BURNED (readl(AO_SEC_SD_CFG10) & (1 << 13)) +#define IS_FEAT_DTS_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 14)) +#define IS_FEAT_DISK_ENC_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 15)) +#define IS_FEAT_DOLBY_AUDIO_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 16)) +#define IS_FEAT_SCN_PD_CHK_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 17)) +#define IS_FEAT_USB_BOOT_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 19)) +#define IS_FEAT_SPI_BOOT_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 20)) +#define IS_FEAT_RECOVERY_BOOT_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 21)) +#define IS_FEAT_SD_BOOT_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 22)) +#define IS_FEAT_NAND_EMMC_BOOT_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 23)) +#define IS_FEAT_ANTIROLLBACK_ENABLE (readl(AO_SEC_SD_CFG10) & (1 << 25)) +#define IS_FEAT_BOOT_ENCRYPT() (readl(AO_SEC_SD_CFG10) & (1 << 28)) +#define IS_FEAT_A53_L1_ENABLE() (readl(AO_SEC_SD_CFG10) & (1 << 29)) +#define IS_FEAT_KEY_LDR_INIT() (readl(AO_SEC_SD_CFG10) & (1 << 30)) +#define IS_FEAT_AP_COLD_BOOT_LOCK() (readl(AO_SEC_SD_CFG10) & (1 << 31)) +#define IS_FEAT_BOOT_M3_ENCRYPT() (readl(AO_SEC_SD_CFG9) & (1 << 5)) +#define IS_FEAT_BOOT_M4_ENCRYPT() (readl(AO_SEC_SD_CFG9) & (1 << 6)) +#define IS_FEAT_NAND_BL2_BKP_RETRY() (readl(AO_SEC_SD_CFG9) & (1 << 10)) +#define IS_FEAT_EMMC_BL2_BKP_RETRY() (readl(AO_SEC_SD_CFG9) & (1 << 11)) +#define IS_FEAT_SCAN_DISABLE() (readl(AO_SEC_SD_CFG9) & (1 << 12)) +#define IS_FEAT_NAND_128P_DISABLE() (readl(AO_SEC_SD_CFG9) & (1 << 13)) +#define IS_FEAT_EMMC_LAST_ENABLE() (readl(AO_SEC_SD_CFG9) & (1 << 14)) +#define IS_FEAT_HIGH_USB_ENABLE() (readl(AO_SEC_SD_CFG9) & (1 << 15)) +#define IS_FEAT_BOOT_M3_VERIFY() (readl(AO_SEC_SD_CFG9) & (1 << 16)) +#define IS_FEAT_BOOT_M4_VERIFY() (readl(AO_SEC_SD_CFG9) & (1 << 17)) +#define IS_FEAT_CORNOR_INFO_BURNED() (readl(AO_SEC_SD_CFG9) & (1 << 19)) +#define IS_FEAT_SCK_BURNED() (readl(AO_SEC_SD_CFG9) & (1 << 20)) +#define IS_FEAT_BLK0_WR_LOCKED() (readl(AO_SEC_SD_CFG9) & (1 << 21)) +#define IS_FEAT_M4_DISABLE() (readl(AO_SEC_SD_CFG9) & (1 << 22)) +#define IS_FEAT_M4_SP_MODE_ENABLE() (readl(AO_SEC_SD_CFG9) & (1 << 23)) +#define IS_FEAT_A53_CLK_12G() (readl(AO_SEC_SD_CFG9) & (1 << 24)) +#define IS_FEAT_A53_CLK_15G() (readl(AO_SEC_SD_CFG9) & (1 << 25)) +#define IS_FEAT_A53_CLK_20G() (readl(AO_SEC_SD_CFG9) & (1 << 26)) +#define IS_FEAT_USB_PLL_ENABLE() (readl(AO_SEC_SD_CFG9) & (1 << 27)) +#define IS_FEAT_RMA_ENABLE() (readl(AO_SEC_SD_CFG9) & (1 << 28)) +#define IS_FEAT_OPS_CLI_BURNED() (readl(AO_SEC_SD_CFG9) & (1 << 29)) +#define IS_FEAT_M4_UNLOCK_ENABLE() (readl(AO_SEC_SD_CFG9) & (1 << 31)) +#define IS_FEAT_DISABLE_PRINT() (readl(EFUSE_LIC0) & (1 << 22))) +#endif + +//weak function for each SoC implement +//Unify EFUSE license query API +//all following functions are defined with "weak" for customization of each SoC +//EFUSE_LICX --> AO_SEC_SD_CFG10/9 --> EFUSE mirror +int IS_FEAT_BOOT_VERIFY(void); +int IS_FEAT_BOOT_ENCRYPT(void); + +#endif /* __BL2_EFUSE_H__ */ |