Merge patch series "Adding support to load secure firmware for HS devices"

Udit Kumar <u-kumar1@ti.com> says: Some use case needs rproc firmware to be loaded at u-boot stage, using following commands at u-boot shell, firmware could be loaded => setenv dorprocboot 1 => run boot_rprocs For Secure devices, secure version of rproc firmware should be loaded, which is appended by sec keyword[0]. but currently non-secure firmware is loaded even for secure devices. So adding support for loading secure firmware on Secured devices. [0]: https://gist.github.com/uditkumarti/cd8bf6a448079b59145d17a0e8bf13b7 Bootlogs: GP : https://gist.github.com/uditkumarti/23a00c313e1c28b62537aab733a585df#file-gp_device line 65 onwards HS : https://gist.github.com/uditkumarti/23a00c313e1c28b62537aab733a585df#file-hs-device line 60 onwards
2025-04-26 15:28:50 +00:00 · 2024-06-07 14:01:15 -06:00 · 2024-06-07 14:01:15 -06:00 · 30060e0480
commit 30060e0480
parent bf3d5baa86 4db7d62f85
7 changed files with 30 additions and 4 deletions
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@ -283,8 +283,10 @@ int misc_init_r(void)
 	}

 	/* Default FIT boot on HS-SE devices */
-	if (get_device_type() == K3_DEVICE_TYPE_HS_SE)
+	if (get_device_type() == K3_DEVICE_TYPE_HS_SE) {
 		env_set("boot_fit", "1");
+		env_set("secure_rprocs", "1");
+	}

 	return 0;
 }
--- a/arch/arm/mach-k3/common.h
+++ b/arch/arm/mach-k3/common.h
@ -2,12 +2,13 @@
 /*
 * K3: Architecture common definitions
 *
- * Copyright (C) 2018 Texas Instruments Incorporated - https://www.ti.com/
+ * Copyright (C) 2018-2024 Texas Instruments Incorporated - https://www.ti.com/
 *	Lokesh Vutla <lokeshvutla@ti.com>
 */

 #include <asm/armv7_mpu.h>
 #include <asm/hardware.h>
+#include <mach/security.h>

 #define K3_FIREWALL_BACKGROUND_BIT (8)

@ -41,7 +42,6 @@ void spl_enable_cache(void);
 void mmr_unlock(uintptr_t base, u32 partition);
 bool is_rom_loaded_sysfw(struct rom_extended_boot_data *data);
 enum k3_device_type get_device_type(void);
-void ti_secure_image_post_process(void **p_image, size_t *p_size);
 struct ti_sci_handle *get_ti_sci_handle(void);
 void do_board_detect(void);
 void ti_secure_image_check_binary(void **p_image, size_t *p_size);
--- a/arch/arm/mach-k3/include/mach/security.h
+++ b/arch/arm/mach-k3/include/mach/security.h
@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * K3: Security related definitions
+ *
+ * Copyright (C) 2024 Texas Instruments Incorporated - https://www.ti.com/
+ *	Manorit Chawdhry <m-chawdhry@ti.com>
+ */
+
+#include <linux/types.h>
+
+void ti_secure_image_post_process(void **p_image, size_t *p_size);
--- a/drivers/remoteproc/ti_k3_dsp_rproc.c
+++ b/drivers/remoteproc/ti_k3_dsp_rproc.c
@ -21,6 +21,7 @@
 #include <linux/sizes.h>
 #include <linux/soc/ti/ti_sci_protocol.h>
 #include "ti_sci_proc.h"
+#include <mach/security.h>

 #define KEYSTONE_RPROC_LOCAL_ADDRESS_MASK	(SZ_16M - 1)

@ -127,6 +128,7 @@ static int k3_dsp_load(struct udevice *dev, ulong addr, ulong size)
 	struct k3_dsp_privdata *dsp = dev_get_priv(dev);
 	struct k3_dsp_boot_data *data = dsp->data;
 	u32 boot_vector;
+	void *image_addr = (void *)addr;
 	int ret;

 	if (dsp->in_use) {
@ -148,6 +150,8 @@ static int k3_dsp_load(struct udevice *dev, ulong addr, ulong size)
 		goto proc_release;
 	}

+	ti_secure_image_post_process(&image_addr, &size);
+
 	ret = rproc_elf_load_image(dev, addr, size);
 	if (ret < 0) {
 		dev_err(dev, "Loading elf failed %d\n", ret);
--- a/drivers/remoteproc/ti_k3_r5f_rproc.c
+++ b/drivers/remoteproc/ti_k3_r5f_rproc.c
@ -20,6 +20,7 @@
 #include <linux/kernel.h>
 #include <linux/soc/ti/ti_sci_protocol.h>
 #include "ti_sci_proc.h"
+#include <mach/security.h>

 /*
 * R5F's view of this address can either be for ATCM or BTCM with the other
@ -306,6 +307,7 @@ static int k3_r5f_load(struct udevice *dev, ulong addr, ulong size)
 	u64 boot_vector;
 	u32 ctrl, sts, cfg = 0;
 	bool mem_auto_init;
+	void *image_addr = (void *)addr;
 	int ret;

 	dev_dbg(dev, "%s addr = 0x%lx, size = 0x%lx\n", __func__, addr, size);
@ -333,6 +335,8 @@ static int k3_r5f_load(struct udevice *dev, ulong addr, ulong size)

 	k3_r5f_init_tcm_memories(core, mem_auto_init);

+	ti_secure_image_post_process(&image_addr, &size);
+
 	ret = rproc_elf_load_image(dev, addr, size);
 	if (ret < 0) {
 		dev_err(dev, "Loading elf failedi %d\n", ret);
--- a/include/env/ti/k3_rproc.env
+++ b/include/env/ti/k3_rproc.env
@ -13,11 +13,15 @@ rproc_load_and_boot_one=
 boot_rprocs_mmc=
 	env set rproc_id;
 	env set rproc_fw;
+	env set secure_suffix;
+	if test ${secure_rprocs} -eq 1; then
+		env set secure_suffix -sec;
+	fi;
 	for i in ${rproc_fw_binaries} ; do
 		if test -z "${rproc_id}" ; then
 			env set rproc_id $i;
 		else
-			env set rproc_fw $i;
+			env set rproc_fw $i${secure_suffix};
 			run rproc_load_and_boot_one;
 			env set rproc_id;
 			env set rproc_fw;
--- a/include/env/ti/ti_common.env
+++ b/include/env/ti/ti_common.env
@ -12,6 +12,7 @@ bootm_size=0x10000000
 boot_fdt=try

 boot_fit=0
+secure_rprocs=0
 addr_fit=0x90000000
 name_fit=fitImage
 update_to_fit=setenv loadaddr ${addr_fit}; setenv bootfile ${name_fit}