arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Clean image out of cache before authentication

On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

common: Move hang() to the same header as panic()

At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>

arm: k3: Use get_ti_sci_handle() where ever possible

Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>

arm: mach-k3: Add secure device support

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

arm: mach-k3: security: Lower verbosity of cert message for GP

When we find a certificate on an image to be booted on a GP device we
print out a message explaining that the certificate is being skipped.
This message is rather long and is printed for every image. Shorten
the message and make the long version into a debug message.

Signed-off-by: Andrew Davis <afd@ti.com>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>

tree-wide: Replace http:// link with https:// link for ti.com

Replace instances of http://www.ti.com with https://www.ti.com

Signed-off-by: Nishanth Menon <nm@ti.com>

ti: k3: Drop <common.h> usage

None of these files need <common.h> to be included, drop it.

Signed-off-by: Tom Rini <trini@konsulko.com>

mach-k3: security: improve the checks around authentication

The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arch: mach-k3: security: fix the check for authentication

Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a24759374 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: security: separate out validating binary logic

K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

arm: mach-k3: Remove empty sys_proto.h include

This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

arm: mach-k3: security: Use dma-mapping for cache ops

This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Remove certificate if detected on GP device

If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

arm: mach-k3: security: Bypass image signing at runtime for GP devices

We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: security: Allow signing bypass if type is HS-FS

On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>

arm: mach-k3: add support for detecting firmware images from FIT

Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: fit: Update board_fit_image_post_process() to pass fit and node_offset

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>