diff options
| author | Dave Gerlach | 2020-04-22 16:03:49 -0500 |
|---|---|---|
| committer | Dave Gerlach | 2020-04-23 15:09:38 -0500 |
| commit | 6d96ae8865fc0dc6df019e474e0c580bf3057524 (patch) | |
| tree | eeb95b0d86b4ee1ba5e45196d5df3349a45741e8 | |
| parent | c9e26b71b5349d885eb0866e0edffd983f5d505b (diff) | |
| download | k3-image-gen-6d96ae8865fc0dc6df019e474e0c580bf3057524.tar.gz k3-image-gen-6d96ae8865fc0dc6df019e474e0c580bf3057524.tar.xz k3-image-gen-6d96ae8865fc0dc6df019e474e0c580bf3057524.zip | |
sec-cfg: Add dkek_config section
Update the common.h headers to add new defines from SYSFW 2020.03.
Starting from SYSFW v2020.03, a dkek_config section is mandatory in
the security config. Otherwise the boot fails.
Fix this by adding a section for dkek_config with HOST_ID_ALL in
allowed_hosts and allow_dkek_export_tisci set.
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Tested-by: Suman Anna <s-anna@ti.com>
| -rw-r--r-- | include/common.h | 11 | ||||
| -rw-r--r-- | soc/am65x/evm/sec-cfg.c | 11 | ||||
| -rw-r--r-- | soc/am65x_sr2/evm/sec-cfg.c | 11 | ||||
| -rw-r--r-- | soc/j721e/evm/sec-cfg.c | 11 |
4 files changed, 44 insertions, 0 deletions
diff --git a/include/common.h b/include/common.h index 03e88e2a9..af01a4396 100644 --- a/include/common.h +++ b/include/common.h | |||
| @@ -80,6 +80,7 @@ typedef u8 ftbool; | |||
| 80 | #define BOARDCFG_DBG_CFG_MAGIC_NUM 0x020C | 80 | #define BOARDCFG_DBG_CFG_MAGIC_NUM 0x020C |
| 81 | #define BOARDCFG_PMIC_CFG_MAGIC_NUM 0x3172 | 81 | #define BOARDCFG_PMIC_CFG_MAGIC_NUM 0x3172 |
| 82 | #define BOARDCFG_OTP_CFG_MAGIC_NUM 0x4081 | 82 | #define BOARDCFG_OTP_CFG_MAGIC_NUM 0x4081 |
| 83 | #define BOARDCFG_DKEK_CFG_MAGIC_NUM 0x5170 | ||
| 83 | 84 | ||
| 84 | struct boardcfg_substructure_header { | 85 | struct boardcfg_substructure_header { |
| 85 | u16 magic; | 86 | u16 magic; |
| @@ -231,11 +232,21 @@ struct boardcfg_extended_otp { | |||
| 231 | u8 write_host_id; | 232 | u8 write_host_id; |
| 232 | } __attribute__((__packed__)); | 233 | } __attribute__((__packed__)); |
| 233 | 234 | ||
| 235 | #define MAX_NUM_DKEK_ALLOWED_HOSTS 4 | ||
| 236 | |||
| 237 | struct boardcfg_dkek { | ||
| 238 | struct boardcfg_substructure_header subhdr; | ||
| 239 | u8 allowed_hosts[MAX_NUM_DKEK_ALLOWED_HOSTS]; | ||
| 240 | u8 allow_dkek_export_tisci; | ||
| 241 | u8 rsvd[3]; | ||
| 242 | } __attribute__((__packed__)); | ||
| 243 | |||
| 234 | struct boardcfg_security { | 244 | struct boardcfg_security { |
| 235 | struct boardcfg_abi_rev rev; | 245 | struct boardcfg_abi_rev rev; |
| 236 | struct boardcfg_proc_acl processor_acl_list; | 246 | struct boardcfg_proc_acl processor_acl_list; |
| 237 | struct boardcfg_host_hierarchy host_hierarchy; | 247 | struct boardcfg_host_hierarchy host_hierarchy; |
| 238 | struct boardcfg_extended_otp otp_config; | 248 | struct boardcfg_extended_otp otp_config; |
| 249 | struct boardcfg_dkek dkek_config; | ||
| 239 | } __attribute__((__packed__)); | 250 | } __attribute__((__packed__)); |
| 240 | 251 | ||
| 241 | /** | 252 | /** |
diff --git a/soc/am65x/evm/sec-cfg.c b/soc/am65x/evm/sec-cfg.c index 291b2af65..b15030749 100644 --- a/soc/am65x/evm/sec-cfg.c +++ b/soc/am65x/evm/sec-cfg.c | |||
| @@ -71,4 +71,15 @@ const struct boardcfg_security am65_boardcfg_security_data = { | |||
| 71 | /* This is an array with 32 entries */ | 71 | /* This is an array with 32 entries */ |
| 72 | .otp_entry = {{ 0 } }, | 72 | .otp_entry = {{ 0 } }, |
| 73 | }, | 73 | }, |
| 74 | |||
| 75 | /* DKEK configuration */ | ||
| 76 | .dkek_config = { | ||
| 77 | .subhdr = { | ||
| 78 | .magic = BOARDCFG_DKEK_CFG_MAGIC_NUM, | ||
| 79 | .size = sizeof(struct boardcfg_dkek), | ||
| 80 | }, | ||
| 81 | .allowed_hosts = { HOST_ID_ALL, 0, 0, 0 }, | ||
| 82 | .allow_dkek_export_tisci = 0x5A, | ||
| 83 | .rsvd = {0, 0, 0}, | ||
| 84 | }, | ||
| 74 | }; | 85 | }; |
diff --git a/soc/am65x_sr2/evm/sec-cfg.c b/soc/am65x_sr2/evm/sec-cfg.c index ea7007664..9e1cfb9c5 100644 --- a/soc/am65x_sr2/evm/sec-cfg.c +++ b/soc/am65x_sr2/evm/sec-cfg.c | |||
| @@ -70,4 +70,15 @@ const struct boardcfg_security am65_boardcfg_security_data = { | |||
| 70 | /* This is an array with 32 entries */ | 70 | /* This is an array with 32 entries */ |
| 71 | .otp_entry = {{ 0 } }, | 71 | .otp_entry = {{ 0 } }, |
| 72 | }, | 72 | }, |
| 73 | |||
| 74 | /* DKEK configuration */ | ||
| 75 | .dkek_config = { | ||
| 76 | .subhdr = { | ||
| 77 | .magic = BOARDCFG_DKEK_CFG_MAGIC_NUM, | ||
| 78 | .size = sizeof(struct boardcfg_dkek), | ||
| 79 | }, | ||
| 80 | .allowed_hosts = { HOST_ID_ALL, 0, 0, 0 }, | ||
| 81 | .allow_dkek_export_tisci = 0x5A, | ||
| 82 | .rsvd = {0, 0, 0}, | ||
| 83 | }, | ||
| 73 | }; | 84 | }; |
diff --git a/soc/j721e/evm/sec-cfg.c b/soc/j721e/evm/sec-cfg.c index 4392a3188..153f059c5 100644 --- a/soc/j721e/evm/sec-cfg.c +++ b/soc/j721e/evm/sec-cfg.c | |||
| @@ -71,4 +71,15 @@ const struct boardcfg_security j721e_boardcfg_security_data = { | |||
| 71 | /* This is an array with 32 entries */ | 71 | /* This is an array with 32 entries */ |
| 72 | .otp_entry = {{ 0 } }, | 72 | .otp_entry = {{ 0 } }, |
| 73 | }, | 73 | }, |
| 74 | |||
| 75 | /* DKEK configuration */ | ||
| 76 | .dkek_config = { | ||
| 77 | .subhdr = { | ||
| 78 | .magic = BOARDCFG_DKEK_CFG_MAGIC_NUM, | ||
| 79 | .size = sizeof(struct boardcfg_dkek), | ||
| 80 | }, | ||
| 81 | .allowed_hosts = { HOST_ID_ALL, 0, 0, 0 }, | ||
| 82 | .allow_dkek_export_tisci = 0x5A, | ||
| 83 | .rsvd = {0, 0, 0}, | ||
| 84 | }, | ||
| 74 | }; | 85 | }; |