2 * Copyright (c) 2015-2017, Renesas Electronics Corporation. All rights
5 * SPDX-License-Identifier: BSD-3-Clause
8 #include <arch_helpers.h>
12 #include <platform_def.h>
17 typedef int32_t(*secure_boot_api_f
) (uint32_t a
, uint32_t b
, void *c
);
18 extern int32_t rcar_get_certificate(const int32_t name
, uint32_t *cert_addr
);
20 #define RCAR_IMAGE_ID_MAX (10)
21 #define RCAR_CERT_MAGIC_NUM (0xE291F358U)
22 #define RCAR_BOOT_KEY_CERT (0xE6300C00U)
23 #define RCAR_BOOT_KEY_CERT_NEW (0xE6300F00U)
24 #define RST_BASE (0xE6160000U)
25 #define RST_MODEMR (RST_BASE + 0x0060U)
26 #define MFISSOFTMDR (0xE6260600U)
27 #define MODEMR_MD5_MASK (0x00000020U)
28 #define MODEMR_MD5_SHIFT (5U)
29 #define SOFTMD_BOOTMODE_MASK (0x00000001U)
30 #define SOFTMD_NORMALBOOT (0x1U)
32 static secure_boot_api_f secure_boot_api
;
34 int auth_mod_get_parent_id(unsigned int img_id
, unsigned int *parent_id
)
39 int auth_mod_verify_img(unsigned int img_id
, void *ptr
, unsigned int len
)
41 int32_t ret
= 0, index
= 0;
42 uint32_t cert_addr
= 0U;
43 static const struct img_to_cert_t
{
47 } image
[RCAR_IMAGE_ID_MAX
] = {
48 { BL31_IMAGE_ID
, SOC_FW_CONTENT_CERT_ID
, "BL31" },
49 { BL32_IMAGE_ID
, TRUSTED_OS_FW_CONTENT_CERT_ID
, "BL32" },
50 { BL33_IMAGE_ID
, NON_TRUSTED_FW_CONTENT_CERT_ID
, "BL33" },
51 { BL332_IMAGE_ID
, BL332_CERT_ID
, "BL332" },
52 { BL333_IMAGE_ID
, BL333_CERT_ID
, "BL333" },
53 { BL334_IMAGE_ID
, BL334_CERT_ID
, "BL334" },
54 { BL335_IMAGE_ID
, BL335_CERT_ID
, "BL335" },
55 { BL336_IMAGE_ID
, BL336_CERT_ID
, "BL336" },
56 { BL337_IMAGE_ID
, BL337_CERT_ID
, "BL337" },
57 { BL338_IMAGE_ID
, BL338_CERT_ID
, "BL338" },
62 case TRUSTED_KEY_CERT_ID
:
63 case SOC_FW_KEY_CERT_ID
:
64 case TRUSTED_OS_FW_KEY_CERT_ID
:
65 case NON_TRUSTED_FW_KEY_CERT_ID
:
66 case BL332_KEY_CERT_ID
:
67 case BL333_KEY_CERT_ID
:
68 case BL334_KEY_CERT_ID
:
69 case BL335_KEY_CERT_ID
:
70 case BL336_KEY_CERT_ID
:
71 case BL337_KEY_CERT_ID
:
72 case BL338_KEY_CERT_ID
:
73 case SOC_FW_CONTENT_CERT_ID
:
74 case TRUSTED_OS_FW_CONTENT_CERT_ID
:
75 case NON_TRUSTED_FW_CONTENT_CERT_ID
:
100 for (index
= 0; index
< RCAR_IMAGE_ID_MAX
; index
++) {
101 if (img_id
!= image
[index
].id
)
104 ret
= rcar_get_certificate(image
[index
].cert
, &cert_addr
);
108 if (ret
|| (index
== RCAR_IMAGE_ID_MAX
)) {
109 ERROR("Verification Failed for image id = %d\n", img_id
);
112 #if RCAR_BL2_DCACHE == 1
113 /* clean and disable */
114 write_sctlr_el1(read_sctlr_el1() & ~SCTLR_C_BIT
);
117 ret
= (mmio_read_32(RCAR_BOOT_KEY_CERT_NEW
) == RCAR_CERT_MAGIC_NUM
) ?
118 secure_boot_api(RCAR_BOOT_KEY_CERT_NEW
, cert_addr
, NULL
) :
119 secure_boot_api(RCAR_BOOT_KEY_CERT
, cert_addr
, NULL
);
121 ERROR("Verification Failed 0x%x, %s\n", ret
, image
[index
].name
);
123 #if RCAR_BL2_DCACHE == 1
125 write_sctlr_el1(read_sctlr_el1() | SCTLR_C_BIT
);
132 static int32_t normal_boot_verify(uint32_t a
, uint32_t b
, void *c
)
137 void auth_mod_init(void)
140 uint32_t soft_md
= mmio_read_32(MFISSOFTMDR
) & SOFTMD_BOOTMODE_MASK
;
141 uint32_t md
= mmio_read_32(RST_MODEMR
) & MODEMR_MD5_MASK
;
144 secure_boot_api
= (secure_boot_api_f
) &rcar_rom_secure_boot_api
;
146 ret
= rcar_rom_get_lcs(&lcs
);
148 ERROR("BL2: Failed to get the LCS. (%d)\n", ret
);
154 if (soft_md
== SOFTMD_NORMALBOOT
)
155 secure_boot_api
= &normal_boot_verify
;
158 secure_boot_api
= &normal_boot_verify
;
161 if (md
>> MODEMR_MD5_SHIFT
)
162 secure_boot_api
= &normal_boot_verify
;
165 NOTICE("BL2: %s boot\n",
166 secure_boot_api
== &normal_boot_verify
? "Normal" : "Secure");
168 NOTICE("BL2: Normal boot\n");
169 secure_boot_api
= &normal_boot_verify
;