[U-Boot] [PATCH 0/7] AM65x HS device support

[U-Boot] [PATCH 0/7] AM65x HS device support

[Andrew F. Davis]

Hello all,

This series brings up HS device support on the AM65x platform. Support
for HS on K3 family devices is a bit different than previous devices
but for the most part all that has been abstracted into the SECDEV
package, allowing for a rather straight forward implementation here.

Thanks,
Andrew

Andrew F. Davis (7):
  arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded
  firmware: ti_sci: Add support for firewall management
  firmware: ti_sci: Modify auth_boot TI-SCI API to match new version
  arm: mach-k3: Add secure device support
  arm: mach-k3: Add secure device build support
  configs: Add a config for AM65x High Security EVM
  doc: Update info on using K3 secure devices

 MAINTAINERS                                  |   4 +
 arch/arm/Kconfig                             |   2 +-
 arch/arm/mach-k3/Makefile                    |   1 +
 arch/arm/mach-k3/am6_init.c                  |   8 +-
 arch/arm/mach-k3/config.mk                   |  25 +++
 arch/arm/mach-k3/config_secure.mk            |  44 ++++
 arch/arm/mach-k3/include/mach/am6_hardware.h |   3 -
 arch/arm/mach-k3/security.c                  |  63 ++++++
 configs/am65x_hs_evm_a53_defconfig           |  74 +++++++
 configs/am65x_hs_evm_r5_defconfig            |  90 +++++++++
 doc/README.ti-secure                         |  20 +-
 drivers/firmware/ti_sci.c                    | 202 ++++++++++++++++++-
 drivers/firmware/ti_sci.h                    | 139 ++++++++++++-
 include/linux/soc/ti/ti_sci_protocol.h       |  68 ++++++-
 tools/k3_fit_atf.sh                          |   8 +-
 15 files changed, 722 insertions(+), 29 deletions(-)
 create mode 100644 arch/arm/mach-k3/config_secure.mk
 create mode 100644 arch/arm/mach-k3/security.c
 create mode 100644 configs/am65x_hs_evm_a53_defconfig
 create mode 100644 configs/am65x_hs_evm_r5_defconfig

-- 
2.19.1

[U-Boot] [PATCH 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded

[Andrew F. Davis]

On HS devices the 512b region of reset isolated memory called
MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
cannot use this memory. It is only used to store a single value
left at the end of SRAM by ROM that will be needed later. Save
that value to a global variable stored in the .data section.
This section is used as .bss will be cleared between saving
this value and using it.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/mach-k3/am6_init.c                  | 8 +++-----
 arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
index a5553190b4..462538e45d 100644
--- a/arch/arm/mach-k3/am6_init.c
+++ b/arch/arm/mach-k3/am6_init.c
@@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void)
 	mmr_unlock(CTRL_MMR0_BASE, 7);
 }
 
+u32 bootindex __attribute__((section(".data")));
+
 static void store_boot_index_from_rom(void)
 {
-	u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
-
-	*boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
+	bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
 }
 
 void board_init_f(ulong dummy)
@@ -94,7 +94,6 @@ u32 spl_boot_mode(const u32 boot_device)
 {
 #if defined(CONFIG_SUPPORT_EMMC_BOOT)
 	u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
-	u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
 
 	u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >>
 			CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
@@ -170,7 +169,6 @@ static u32 __get_primary_bootmedia(u32 devstat)
 u32 spl_boot_device(void)
 {
 	u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
-	u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
 
 	if (bootindex == K3_PRIMARY_BOOTMODE)
 		return __get_primary_bootmedia(devstat);
diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h
index b5244609af..3343233aa3 100644
--- a/arch/arm/mach-k3/include/mach/am6_hardware.h
+++ b/arch/arm/mach-k3/include/mach/am6_hardware.h
@@ -44,7 +44,4 @@
 #define CTRLMMR_LOCK_KICK1				0x0100c
 #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL			0xd172bc5a
 
-/* MCU SCRATCHPAD usage */
-#define K3_BOOT_PARAM_TABLE_INDEX_VAL	CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE
-
 #endif /* __ASM_ARCH_AM6_HARDWARE_H */
-- 
2.19.1

[U-Boot] [PATCH 2/7] firmware: ti_sci: Add support for firewall management

[Andrew F. Davis]

TI-SCI message protocol provides support for controlling the firewall
configurations available in SoC.

Introduce support for the set of TI-SCI message protocol APIs that
provide us with this capability of controlling firewalls.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 drivers/firmware/ti_sci.c              | 177 +++++++++++++++++++++++++
 drivers/firmware/ti_sci.h              | 130 ++++++++++++++++++
 include/linux/soc/ti/ti_sci_protocol.h |  64 +++++++++
 3 files changed, 371 insertions(+)

diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index 9148126041..edd6e094df 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -1803,6 +1803,178 @@ static int ti_sci_cmd_get_proc_boot_status(const struct ti_sci_handle *handle,
 	return ret;
 }
 
+/**
+ * ti_sci_cmd_set_fwl_region() - Request for configuring a firewall region
+ * @handle:	pointer to TI SCI handle
+ * @region:	region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_set_fwl_region(const struct ti_sci_handle *handle,
+				     const struct ti_sci_msg_fwl_region *region)
+{
+	struct ti_sci_msg_fwl_set_firewall_region_req req;
+	struct ti_sci_msg_fwl_set_firewall_region_resp *resp;
+	struct ti_sci_info *info;
+	struct ti_sci_xfer *xfer;
+	int ret = 0;
+
+	if (IS_ERR(handle))
+		return PTR_ERR(handle);
+	if (!handle)
+		return -EINVAL;
+
+	info = handle_to_ti_sci_info(handle);
+
+	xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_SET,
+				     TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
+				     (u32 *)&req, sizeof(req), sizeof(*resp));
+	if (IS_ERR(xfer)) {
+		ret = PTR_ERR(xfer);
+		dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+		return ret;
+	}
+
+	req.fwl_id = region->fwl_id;
+	req.region = region->region;
+	req.n_permission_regs = region->n_permission_regs;
+	req.control = region->control;
+	req.permissions[0] = region->permissions[0];
+	req.permissions[1] = region->permissions[1];
+	req.permissions[2] = region->permissions[2];
+	req.start_address = region->start_address;
+	req.end_address = region->end_address;
+
+	ret = ti_sci_do_xfer(info, xfer);
+	if (ret) {
+		dev_err(info->dev, "Mbox send fail %d\n", ret);
+		return ret;
+	}
+
+	resp = (struct ti_sci_msg_fwl_set_firewall_region_resp *)xfer->tx_message.buf;
+
+	if (!ti_sci_is_response_ack(resp))
+		return -ENODEV;
+
+	return 0;
+}
+
+/**
+ * ti_sci_cmd_get_fwl_region() - Request for getting a firewall region
+ * @handle:	pointer to TI SCI handle
+ * @region:	region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_get_fwl_region(const struct ti_sci_handle *handle,
+				     struct ti_sci_msg_fwl_region *region)
+{
+	struct ti_sci_msg_fwl_get_firewall_region_req req;
+	struct ti_sci_msg_fwl_get_firewall_region_resp *resp;
+	struct ti_sci_info *info;
+	struct ti_sci_xfer *xfer;
+	int ret = 0;
+
+	if (IS_ERR(handle))
+		return PTR_ERR(handle);
+	if (!handle)
+		return -EINVAL;
+
+	info = handle_to_ti_sci_info(handle);
+
+	xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET,
+				     TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
+				     (u32 *)&req, sizeof(req), sizeof(*resp));
+	if (IS_ERR(xfer)) {
+		ret = PTR_ERR(xfer);
+		dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+		return ret;
+	}
+
+	req.fwl_id = region->fwl_id;
+	req.region = region->region;
+	req.n_permission_regs = region->n_permission_regs;
+
+	ret = ti_sci_do_xfer(info, xfer);
+	if (ret) {
+		dev_err(info->dev, "Mbox send fail %d\n", ret);
+		return ret;
+	}
+
+	resp = (struct ti_sci_msg_fwl_get_firewall_region_resp *)xfer->tx_message.buf;
+
+	if (!ti_sci_is_response_ack(resp))
+		return -ENODEV;
+
+	region->fwl_id = resp->fwl_id;
+	region->region = resp->region;
+	region->n_permission_regs = resp->n_permission_regs;
+	region->control = resp->control;
+	region->permissions[0] = resp->permissions[0];
+	region->permissions[1] = resp->permissions[1];
+	region->permissions[2] = resp->permissions[2];
+	region->start_address = resp->start_address;
+	region->end_address = resp->end_address;
+
+	return 0;
+}
+
+/**
+ * ti_sci_cmd_change_fwl_owner() - Request for changing a firewall owner
+ * @handle:	pointer to TI SCI handle
+ * @region:	region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_change_fwl_owner(const struct ti_sci_handle *handle,
+				       struct ti_sci_msg_fwl_owner *owner)
+{
+	struct ti_sci_msg_fwl_change_owner_info_req req;
+	struct ti_sci_msg_fwl_change_owner_info_resp *resp;
+	struct ti_sci_info *info;
+	struct ti_sci_xfer *xfer;
+	int ret = 0;
+
+	if (IS_ERR(handle))
+		return PTR_ERR(handle);
+	if (!handle)
+		return -EINVAL;
+
+	info = handle_to_ti_sci_info(handle);
+
+	xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET,
+				     TISCI_MSG_FWL_CHANGE_OWNER,
+				     (u32 *)&req, sizeof(req), sizeof(*resp));
+	if (IS_ERR(xfer)) {
+		ret = PTR_ERR(xfer);
+		dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+		return ret;
+	}
+
+	req.fwl_id = owner->fwl_id;
+	req.region = owner->region;
+	req.owner_index = owner->owner_index;
+
+	ret = ti_sci_do_xfer(info, xfer);
+	if (ret) {
+		dev_err(info->dev, "Mbox send fail %d\n", ret);
+		return ret;
+	}
+
+	resp = (struct ti_sci_msg_fwl_change_owner_info_resp *)xfer->tx_message.buf;
+
+	if (!ti_sci_is_response_ack(resp))
+		return -ENODEV;
+
+	owner->fwl_id = resp->fwl_id;
+	owner->region = resp->region;
+	owner->owner_index = resp->owner_index;
+	owner->owner_privid = resp->owner_privid;
+	owner->owner_permission_bits = resp->owner_permission_bits;
+
+	return ret;
+}
+
 /*
  * ti_sci_setup_ops() - Setup the operations structures
  * @info:	pointer to TISCI pointer
@@ -1815,6 +1987,7 @@ static void ti_sci_setup_ops(struct ti_sci_info *info)
 	struct ti_sci_clk_ops *cops = &ops->clk_ops;
 	struct ti_sci_core_ops *core_ops = &ops->core_ops;
 	struct ti_sci_proc_ops *pops = &ops->proc_ops;
+	struct ti_sci_fwl_ops *fwl_ops = &ops->fwl_ops;
 
 	bops->board_config = ti_sci_cmd_set_board_config;
 	bops->board_config_rm = ti_sci_cmd_set_board_config_rm;
@@ -1857,6 +2030,10 @@ static void ti_sci_setup_ops(struct ti_sci_info *info)
 	pops->set_proc_boot_ctrl = ti_sci_cmd_set_proc_boot_ctrl;
 	pops->proc_auth_boot_image = ti_sci_cmd_proc_auth_boot_image;
 	pops->get_proc_boot_status = ti_sci_cmd_get_proc_boot_status;
+
+	fwl_ops->set_fwl_region = ti_sci_cmd_set_fwl_region;
+	fwl_ops->get_fwl_region = ti_sci_cmd_get_fwl_region;
+	fwl_ops->change_fwl_owner = ti_sci_cmd_change_fwl_owner;
 }
 
 /**
diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h
index 81591fb0c7..2c92f475ed 100644
--- a/drivers/firmware/ti_sci.h
+++ b/drivers/firmware/ti_sci.h
@@ -50,6 +50,10 @@
 #define TISCI_MSG_PROC_AUTH_BOOT_IMIAGE	0xc120
 #define TISCI_MSG_GET_PROC_BOOT_STATUS	0xc400
 
+#define TISCI_MSG_FWL_SET		0x9000
+#define TISCI_MSG_FWL_GET		0x9001
+#define TISCI_MSG_FWL_CHANGE_OWNER	0x9002
+
 /**
  * struct ti_sci_msg_hdr - Generic Message Header for All messages and responses
  * @type:	Type of messages: One of TI_SCI_MSG* values
@@ -677,4 +681,130 @@ struct ti_sci_msg_resp_get_proc_boot_status {
 	u32 status_flags;
 } __packed;
 
+#define FWL_MAX_PRIVID_SLOTS 3U
+
+/**
+ * struct ti_sci_msg_fwl_set_firewall_region_req - Request for configuring the firewall permissions.
+ *
+ * @hdr:		Generic Header
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to set config info
+ *			This field is unused in case of a simple firewall  and must be initialized
+ *			to zero.  In case of a region based firewall, this field indicates the
+ *			region in question. (index starting from 0) In case of a channel based
+ *			firewall, this field indicates the channel in question (index starting
+ *			from 0)
+ * @n_permission_regs:	Number of permission registers to set
+ * @control:		Contents of the firewall CONTROL register to set
+ * @permissions:	Contents of the firewall PERMISSION register to set
+ * @start_address:	Contents of the firewall START_ADDRESS register to set
+ * @end_address:	Contents of the firewall END_ADDRESS register to set
+ */
+
+struct ti_sci_msg_fwl_set_firewall_region_req {
+	struct ti_sci_msg_hdr	hdr;
+	u16			fwl_id;
+	u16			region;
+	u32			n_permission_regs;
+	u32			control;
+	u32			permissions[FWL_MAX_PRIVID_SLOTS];
+	u64			start_address;
+	u64			end_address;
+} __packed;
+
+/**
+ * struct ti_sci_msg_fwl_set_firewall_region_resp - Response for configuring the firewall permissions
+ *
+ * @hdr:		Generic Header
+ */
+struct ti_sci_msg_fwl_set_firewall_region_resp {
+	struct ti_sci_msg_hdr hdr;
+} __packed;
+
+/**
+ * struct ti_sci_msg_fwl_get_firewall_region_req - Request for retrieving the firewall permissions
+ *
+ * @hdr:		Generic Header
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to get config info
+ *			This field is unused in case of a simple firewall and must be initialized
+ *			to zero.  In case of a region based firewall, this field indicates the
+ *			region in question (index starting from 0). In case of a channel based
+ *			firewall, this field indicates the channel in question (index starting
+ *			from 0).
+ * @n_permission_regs:	Number of permission registers to retrieve
+ */
+struct ti_sci_msg_fwl_get_firewall_region_req {
+	struct ti_sci_msg_hdr	hdr;
+	u16			fwl_id;
+	u16			region;
+	u32			n_permission_regs;
+} __packed;
+
+/**
+ * struct ti_sci_msg_fwl_get_firewall_region_resp - Response for retrieving the firewall permissions
+ *
+ * @hdr:		Generic Header
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to set config info This field is
+ *			unused in case of a simple firewall  and must be initialized to zero.  In
+ *			case of a region based firewall, this field indicates the region in
+ *			question. (index starting from 0) In case of a channel based firewall, this
+ *			field indicates the channel in question (index starting from 0)
+ * @n_permission_regs:	Number of permission registers retrieved
+ * @control:		Contents of the firewall CONTROL register
+ * @permissions:	Contents of the firewall PERMISSION registers
+ * @start_address:	Contents of the firewall START_ADDRESS register This is not applicable for channelized firewalls.
+ * @end_address:	Contents of the firewall END_ADDRESS register This is not applicable for channelized firewalls.
+ */
+struct ti_sci_msg_fwl_get_firewall_region_resp {
+	struct ti_sci_msg_hdr	hdr;
+	u16			fwl_id;
+	u16			region;
+	u32			n_permission_regs;
+	u32			control;
+	u32			permissions[FWL_MAX_PRIVID_SLOTS];
+	u64			start_address;
+	u64			end_address;
+} __packed;
+
+/**
+ * struct ti_sci_msg_fwl_change_owner_info_req - Request for a firewall owner change
+ *
+ * @hdr:		Generic Header
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number if applicable
+ * @owner_index:	New owner index to transfer ownership to
+ */
+struct ti_sci_msg_fwl_change_owner_info_req {
+	struct ti_sci_msg_hdr	hdr;
+	u16			fwl_id;
+	u16			region;
+	u8			owner_index;
+} __packed;
+
+/**
+ * struct ti_sci_msg_fwl_change_owner_info_resp - Response for a firewall owner change
+ *
+ * @hdr:		Generic Header
+ *
+ * @fwl_id:		Firewall ID specified in request
+ * @region:		Region or channel number specified in request
+ * @owner_index:	Owner index specified in request
+ * @owner_privid:	New owner priv-ID returned by DMSC.
+ * @owner_permission_bits:	New owner permission bits returned by DMSC.
+ */
+struct ti_sci_msg_fwl_change_owner_info_resp {
+	struct ti_sci_msg_hdr	hdr;
+	u16			fwl_id;
+	u16			region;
+	u8			owner_index;
+	u8			owner_privid;
+	u16			owner_permission_bits;
+} __packed;
+
 #endif /* __TI_SCI_H */
diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h
index 90d5053636..f3c5b72860 100644
--- a/include/linux/soc/ti/ti_sci_protocol.h
+++ b/include/linux/soc/ti/ti_sci_protocol.h
@@ -257,6 +257,68 @@ struct ti_sci_proc_ops {
 				    u32 *sts_flags);
 };
 
+/**
+ * struct ti_sci_msg_fwl_region_cfg - Request and Response for firewalls settings
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to set config info
+ *			This field is unused in case of a simple firewall  and must be initialized
+ *			to zero.  In case of a region based firewall, this field indicates the
+ *			region in question. (index starting from 0) In case of a channel based
+ *			firewall, this field indicates the channel in question (index starting
+ *			from 0)
+ * @n_permission_regs:	Number of permission registers to set
+ * @control:		Contents of the firewall CONTROL register to set
+ * @permissions:	Contents of the firewall PERMISSION register to set
+ * @start_address:	Contents of the firewall START_ADDRESS register to set
+ * @end_address:	Contents of the firewall END_ADDRESS register to set
+ */
+struct ti_sci_msg_fwl_region {
+	u16 fwl_id;
+	u16 region;
+	u32 n_permission_regs;
+	u32 control;
+	u32 permissions[3];
+	u64 start_address;
+	u64 end_address;
+} __packed;
+
+/**
+ * \brief Request and Response for firewall owner change
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to set config info
+ *			This field is unused in case of a simple firewall  and must be initialized
+ *			to zero.  In case of a region based firewall, this field indicates the
+ *			region in question. (index starting from 0) In case of a channel based
+ *			firewall, this field indicates the channel in question (index starting
+ *			from 0)
+ * @n_permission_regs:	Number of permission registers <= 3
+ * @control:		Control register value for this region
+ * @owner_index:	New owner index to change to. Owner indexes are setup in DMSC firmware boot configuration data
+ * @owner_privid:	New owner priv-id, used to lookup owner_index is not known, must be set to zero otherwise
+ * @owner_permission_bits: New owner permission bits
+ */
+struct ti_sci_msg_fwl_owner {
+	u16 fwl_id;
+	u16 region;
+	u8 owner_index;
+	u8 owner_privid;
+	u16 owner_permission_bits;
+} __packed;
+
+/**
+ * struct ti_sci_fwl_ops - Firewall specific operations
+ * @set_fwl_region: Request for configuring the firewall permissions.
+ * @get_fwl_region: Request for retrieving the firewall permissions.
+ * @change_fwl_owner: Request for a change of firewall owner.
+ */
+struct ti_sci_fwl_ops {
+	int (*set_fwl_region)(const struct ti_sci_handle *handle, const struct ti_sci_msg_fwl_region *region);
+	int (*get_fwl_region)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_region *region);
+	int (*change_fwl_owner)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_owner *owner);
+};
+
 /**
  * struct ti_sci_ops - Function support for TI SCI
  * @board_ops:	Miscellaneous operations
@@ -264,6 +326,7 @@ struct ti_sci_proc_ops {
  * @clk_ops:	Clock specific operations
  * @core_ops:	Core specific operations
  * @proc_ops:	Processor specific operations
+ * @fw_ops:	Firewall specific operations
  */
 struct ti_sci_ops {
 	struct ti_sci_board_ops board_ops;
@@ -271,6 +334,7 @@ struct ti_sci_ops {
 	struct ti_sci_clk_ops clk_ops;
 	struct ti_sci_core_ops core_ops;
 	struct ti_sci_proc_ops proc_ops;
+	struct ti_sci_fwl_ops fwl_ops;
 };
 
 /**
-- 
2.19.1

[U-Boot] [PATCH 3/7] firmware: ti_sci: Modify auth_boot TI-SCI API to match new version

[Andrew F. Davis]

SYSFW version 2019.01 introduces a slightly modified version of this API,
add support for it here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 drivers/firmware/ti_sci.c              | 25 ++++++++++++++++---------
 drivers/firmware/ti_sci.h              |  9 +++++++--
 include/linux/soc/ti/ti_sci_protocol.h |  4 ++--
 3 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index edd6e094df..d1612eb551 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -1700,16 +1700,19 @@ static int ti_sci_cmd_set_proc_boot_ctrl(const struct ti_sci_handle *handle,
  * ti_sci_cmd_proc_auth_boot_image() - Command to authenticate and load the
  *			image and then set the processor configuration flags.
  * @handle:	Pointer to TI SCI handle
- * @proc_id:	Processor ID this request is for
- * @cert_addr:	Memory address at which payload image certificate is located.
+ * @image_addr:	Memory address at which payload image and certificate is
+ *		located in memory, this is updated if the image data is
+ *		moved during authentication.
+ * @image_size: This is updated with the final size of the image after
+ *		authentication.
  *
  * Return: 0 if all went well, else returns appropriate error value.
  */
 static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle,
-					   u8 proc_id, u64 cert_addr)
+					   u64 *image_addr, u32 *image_size)
 {
 	struct ti_sci_msg_req_proc_auth_boot_image req;
-	struct ti_sci_msg_hdr *resp;
+	struct ti_sci_msg_resp_proc_auth_boot_image *resp;
 	struct ti_sci_info *info;
 	struct ti_sci_xfer *xfer;
 	int ret = 0;
@@ -1729,9 +1732,8 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle,
 		dev_err(info->dev, "Message alloc failed(%d)\n", ret);
 		return ret;
 	}
-	req.processor_id = proc_id;
-	req.cert_addr_low = cert_addr & TISCI_ADDR_LOW_MASK;
-	req.cert_addr_high = (cert_addr & TISCI_ADDR_HIGH_MASK) >>
+	req.cert_addr_low = *image_addr & TISCI_ADDR_LOW_MASK;
+	req.cert_addr_high = (*image_addr & TISCI_ADDR_HIGH_MASK) >>
 				TISCI_ADDR_HIGH_SHIFT;
 
 	ret = ti_sci_do_xfer(info, xfer);
@@ -1740,10 +1742,15 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle,
 		return ret;
 	}
 
-	resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf;
+	resp = (struct ti_sci_msg_resp_proc_auth_boot_image *)xfer->tx_message.buf;
 
 	if (!ti_sci_is_response_ack(resp))
-		ret = -ENODEV;
+		return -ENODEV;
+
+	*image_addr = (resp->image_addr_low & TISCI_ADDR_LOW_MASK) |
+			(((u64)resp->image_addr_high <<
+			  TISCI_ADDR_HIGH_SHIFT) & TISCI_ADDR_HIGH_MASK);
+	*image_size = resp->image_size;
 
 	return ret;
 }
diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h
index 2c92f475ed..c49e8b6358 100644
--- a/drivers/firmware/ti_sci.h
+++ b/drivers/firmware/ti_sci.h
@@ -622,7 +622,6 @@ struct ti_sci_msg_req_set_proc_boot_ctrl {
 /**
  * struct ti_sci_msg_req_proc_auth_start_image - Authenticate and start image
  * @hdr:		Generic Header
- * @processor_id:	ID of processor
  * @cert_addr_low:	Lower 32bit (Little Endian) of certificate
  * @cert_addr_high:	Higher 32bit (Little Endian) of certificate
  *
@@ -631,11 +630,17 @@ struct ti_sci_msg_req_set_proc_boot_ctrl {
  */
 struct ti_sci_msg_req_proc_auth_boot_image {
 	struct ti_sci_msg_hdr hdr;
-	u8 processor_id;
 	u32 cert_addr_low;
 	u32 cert_addr_high;
 } __packed;
 
+struct ti_sci_msg_resp_proc_auth_boot_image {
+	struct ti_sci_msg_hdr hdr;
+	u32 image_addr_low;
+	u32 image_addr_high;
+	u32 image_size;
+} __packed;
+
 /**
  * struct ti_sci_msg_req_get_proc_boot_status - Get processor boot status
  * @hdr:		Generic Header
diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h
index f3c5b72860..c3bfa57253 100644
--- a/include/linux/soc/ti/ti_sci_protocol.h
+++ b/include/linux/soc/ti/ti_sci_protocol.h
@@ -250,8 +250,8 @@ struct ti_sci_proc_ops {
 				 u64 bv, u32 cfg_set, u32 cfg_clr);
 	int (*set_proc_boot_ctrl)(const struct ti_sci_handle *handle, u8 pid,
 				  u32 ctrl_set, u32 ctrl_clr);
-	int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, u8 pid,
-				    u64 caddr);
+	int (*proc_auth_boot_image)(const struct ti_sci_handle *handle,
+				    u64 *image_addr, u32 *image_size);
 	int (*get_proc_boot_status)(const struct ti_sci_handle *handle, u8 pid,
 				    u64 *bv, u32 *cfg_flags, u32 *ctrl_flags,
 				    u32 *sts_flags);
-- 
2.19.1

[U-Boot] [PATCH 4/7] arm: mach-k3: Add secure device support

[Andrew F. Davis]

K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 MAINTAINERS                 |  1 +
 arch/arm/Kconfig            |  2 +-
 arch/arm/mach-k3/Makefile   |  1 +
 arch/arm/mach-k3/security.c | 63 +++++++++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 arch/arm/mach-k3/security.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 29449ffed6..18cdca9447 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -716,6 +716,7 @@ S:	Supported
 F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
 F:	arch/arm/mach-omap2/sec-common.c
 F:	arch/arm/mach-omap2/config_secure.mk
+F:	arch/arm/mach-k3/security.c
 F:	configs/am335x_hs_evm_defconfig
 F:	configs/am335x_hs_evm_uart_defconfig
 F:	configs/am43xx_hs_evm_defconfig
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 455f06cfee..da397097e5 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1417,7 +1417,7 @@ endchoice
 
 config TI_SECURE_DEVICE
 	bool "HS Device Type Support"
-	depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS
+	depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3
 	help
 	  If a high secure (HS) device type is being used, this config
 	  must be set. This option impacts various aspects of the
diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile
index bd4ab361b2..0c3a4f7db1 100644
--- a/arch/arm/mach-k3/Makefile
+++ b/arch/arm/mach-k3/Makefile
@@ -6,4 +6,5 @@
 obj-$(CONFIG_SOC_K3_AM6) += am6_init.o
 obj-$(CONFIG_ARM64) += arm64-mmu.o
 obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o
+obj-$(CONFIG_TI_SECURE_DEVICE) += security.o
 obj-y += common.o
diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
new file mode 100644
index 0000000000..52f49bf01f
--- /dev/null
+++ b/arch/arm/mach-k3/security.c
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * K3: Security functions
+ *
+ * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
+ *	Andrew F. Davis <afd@ti.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <linux/soc/ti/ti_sci_protocol.h>
+#include <mach/spl.h>
+#include <spl.h>
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+	struct udevice *dev;
+	struct ti_sci_handle *ti_sci;
+	struct ti_sci_proc_ops *proc_ops;
+	u64 image_addr;
+	u32 image_size;
+	int ret;
+
+	/* Get handle to Device Management and Security Controller (SYSFW) */
+	ret = uclass_get_device_by_name(UCLASS_FIRMWARE, "dmsc", &dev);
+	if (ret) {
+		printf("Failed to get handle to SYSFW (%d)\n", ret);
+		hang();
+	}
+	ti_sci = (struct ti_sci_handle *)(ti_sci_get_handle_from_sysfw(dev));
+	proc_ops = &ti_sci->ops.proc_ops;
+
+	image_addr = (uintptr_t)*p_image;
+
+	debug("Authenticating image at address 0x%016llx\n", image_addr);
+
+	/* Authenticate image */
+	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
+	if (ret) {
+		printf("Authentication failed!\n");
+		hang();
+	}
+
+	/*
+	 * The image_size returned may be 0 when the authentication process has
+	 * moved the image. When this happens no further processing on the
+	 * image is needed or often even possible as it may have also been
+	 * placed behind a firewall when moved.
+	 */
+	*p_size = image_size;
+
+	/*
+	 * Output notification of successful authentication to re-assure the
+	 * user that the secure code is being processed as expected. However
+	 * suppress any such log output in case of building for SPL and booting
+	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
+	 * protocol transactions.
+	 */
+	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
+	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
+	      spl_boot_device() == BOOT_DEVICE_UART))
+		printf("Authentication passed\n");
+}
-- 
2.19.1

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Andrew F. Davis]

K3 HS devices require signed binaries for boot, use the SECDEV tools
to sign the boot artifacts during build.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 MAINTAINERS                       |  1 +
 arch/arm/mach-k3/config.mk        | 25 ++++++++++++++++++
 arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++
 tools/k3_fit_atf.sh               |  8 ++++--
 4 files changed, 76 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm/mach-k3/config_secure.mk

diff --git a/MAINTAINERS b/MAINTAINERS
index 18cdca9447..ac6bd8cfca 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -717,6 +717,7 @@ F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
 F:	arch/arm/mach-omap2/sec-common.c
 F:	arch/arm/mach-omap2/config_secure.mk
 F:	arch/arm/mach-k3/security.c
+F:	arch/arm/mach-k3/config_secure.mk
 F:	configs/am335x_hs_evm_defconfig
 F:	configs/am335x_hs_evm_uart_defconfig
 F:	configs/am43xx_hs_evm_defconfig
diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
index be00d79fb0..2d8f61f9db 100644
--- a/arch/arm/mach-k3/config.mk
+++ b/arch/arm/mach-k3/config.mk
@@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo
 # If external key is not provided, generate key using openssl.
 ifeq ($(CONFIG_SYS_K3_KEY), "")
 KEY=u-boot-spl-eckey.pem
+# On HS use real key or warn if not available
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
+KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
+else
+$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
+endif
+endif
 else
 KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
 endif
@@ -65,6 +73,15 @@ ALL-y	+= tiboot3.bin
 endif
 
 ifdef CONFIG_ARM64
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+SPL_ITS := u-boot-spl-k3_HS.its
+$(SPL_ITS): FORCE
+	IS_HS=1 \
+	$(srctree)/tools/k3_fit_atf.sh \
+	$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+
+ALL-y	+= tispl.bin_HS
+else
 SPL_ITS := u-boot-spl-k3.its
 $(SPL_ITS): FORCE
 	$(srctree)/tools/k3_fit_atf.sh \
@@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
 
 ALL-y	+= tispl.bin
 endif
+endif
+
+else
 
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+ALL-y	+= u-boot.img_HS
 else
 ALL-y	+= u-boot.img
 endif
+endif
+
+include $(srctree)/arch/arm/mach-k3/config_secure.mk
diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk
new file mode 100644
index 0000000000..6d63c57665
--- /dev/null
+++ b/arch/arm/mach-k3/config_secure.mk
@@ -0,0 +1,44 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
+#	Andrew F. Davis <afd@ti.com>
+
+quiet_cmd_k3secureimg = SECURE  $@
+ifneq ($(TI_SECURE_DEV_PKG),)
+ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
+cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
+	$< $@ \
+	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else
+cmd_k3secureimg = echo "WARNING:" \
+	"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
+	"$@ was NOT secured!"; cp $< $@
+endif
+else
+cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
+	"variable must be defined for TI secure devices." \
+	"$@ was NOT secured!"; cp $< $@
+endif
+
+%.dtb_HS: %.dtb FORCE
+	$(call if_changed,k3secureimg)
+
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
+	$(call if_changed,k3secureimg)
+
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
+	$(call if_changed,mkfitimage)
+
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
+	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
+	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
+	$(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
+
+OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
+$(OF_LIST_TARGETS): dtbs
+
+u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
+	$(call if_changed,k3secureimg)
+
+u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
+	$(call if_changed,mkimage)
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
index 430b5ca616..4e9f69c087 100755
--- a/tools/k3_fit_atf.sh
+++ b/tools/k3_fit_atf.sh
@@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then
 	TEE=/dev/null
 fi
 
+if [ ! -z "$IS_HS" ]; then
+	HS_APPEND=_HS
+fi
+
 cat << __HEADER_EOF
 /dts-v1/;
 
@@ -51,7 +55,7 @@ cat << __HEADER_EOF
 		};
 		spl {
 			description = "SPL (64-bit)";
-			data = /incbin/("spl/u-boot-spl-nodtb.bin");
+			data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND");
 			type = "standalone";
 			os = "U-Boot";
 			arch = "arm64";
@@ -66,7 +70,7 @@ do
 	cat << __FDT_IMAGE_EOF
 		$(basename $dtname) {
 			description = "$(basename $dtname .dtb)";
-			data = /incbin/("$dtname");
+			data = /incbin/("$dtname$HS_APPEND");
 			type = "flat_dt";
 			arch = "arm";
 			compression = "none";
-- 
2.19.1

[U-Boot] [PATCH 6/7] configs: Add a config for AM65x High Security EVM

[Andrew F. Davis]

Add new defconfig files for the AM65x High Security EVM.

This defconfigs are the same as for the non-secure part, except for:
    CONFIG_TI_SECURE_DEVICE option set to 'y'
    CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
    CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 MAINTAINERS                        |  2 +
 configs/am65x_hs_evm_a53_defconfig | 74 ++++++++++++++++++++++++
 configs/am65x_hs_evm_r5_defconfig  | 90 ++++++++++++++++++++++++++++++
 3 files changed, 166 insertions(+)
 create mode 100644 configs/am65x_hs_evm_a53_defconfig
 create mode 100644 configs/am65x_hs_evm_r5_defconfig

diff --git a/MAINTAINERS b/MAINTAINERS
index ac6bd8cfca..af1ebfd275 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -729,6 +729,8 @@ F:	configs/k2hk_hs_evm_defconfig
 F:	configs/k2e_hs_evm_defconfig
 F:	configs/k2g_hs_evm_defconfig
 F:	configs/k2l_hs_evm_defconfig
+F:	configs/am65x_hs_evm_r5_defconfig
+F:	configs/am65x_hs_evm_a53_defconfig
 
 TQ GROUP
 #M:	Martin Krause <martin.krause@tq-systems.de>
diff --git a/configs/am65x_hs_evm_a53_defconfig b/configs/am65x_hs_evm_a53_defconfig
new file mode 100644
index 0000000000..b9b5a921af
--- /dev/null
+++ b/configs/am65x_hs_evm_a53_defconfig
@@ -0,0 +1,74 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_SOC_K3_AM6=y
+CONFIG_TARGET_AM654_A53_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x82000000
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_NR_DRAM_BANKS=2
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_FIT_IMAGE_POST_PROCESS=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run get_kern_${boot}; run get_fdt_${boot}; run run_kern"
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_REMOTEPROC=y
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_REMOTEPROC=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+# CONFIG_ISO_PARTITION is not set
+# CONFIG_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_ENV_IS_IN_FAT=y
+CONFIG_ENV_FAT_INTERFACE="mmc"
+CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_CLK=y
+CONFIG_SPL_CLK=y
+CONFIG_CLK_TI_SCI=y
+CONFIG_TI_SCI_PROTOCOL=y
+CONFIG_DM_MAILBOX=y
+CONFIG_K3_SEC_PROXY=y
+CONFIG_MISC=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_K3_ARASAN=y
+CONFIG_PINCTRL=y
+# CONFIG_PINCTRL_GENERIC is not set
+CONFIG_SPL_PINCTRL=y
+# CONFIG_SPL_PINCTRL_GENERIC is not set
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_K3_SYSTEM_CONTROLLER=y
+CONFIG_REMOTEPROC_K3=y
+CONFIG_DM_RESET=y
+CONFIG_RESET_TI_SCI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SYSRESET=y
+CONFIG_SYSRESET_TI_SCI=y
diff --git a/configs/am65x_hs_evm_r5_defconfig b/configs/am65x_hs_evm_r5_defconfig
new file mode 100644
index 0000000000..1b9c138c03
--- /dev/null
+++ b/configs/am65x_hs_evm_r5_defconfig
@@ -0,0 +1,90 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_GPIO_SUPPORT=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_SOC_K3_AM6=y
+CONFIG_TARGET_AM654_R5_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x82000000
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_NR_DRAM_BANKS=2
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_USE_BOOTCOMMAND=y
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_SUPPORT=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_RAM_SUPPORT=y
+CONFIG_SPL_RAM_DEVICE=y
+CONFIG_SPL_REMOTEPROC=y
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_REMOTEPROC=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-am654-r5-base-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_ENV_IS_IN_FAT=y
+CONFIG_ENV_FAT_INTERFACE="mmc"
+CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_SPL_OF_TRANSLATE=y
+CONFIG_CLK=y
+CONFIG_SPL_CLK=y
+CONFIG_CLK_TI_SCI=y
+CONFIG_TI_SCI_PROTOCOL=y
+CONFIG_DM_GPIO=y
+CONFIG_DA8XX_GPIO=y
+CONFIG_DM_MAILBOX=y
+CONFIG_K3_SEC_PROXY=y
+CONFIG_MISC=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_K3_ARASAN=y
+CONFIG_PINCTRL=y
+# CONFIG_PINCTRL_GENERIC is not set
+CONFIG_SPL_PINCTRL=y
+# CONFIG_SPL_PINCTRL_GENERIC is not set
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_DM_REGULATOR=y
+CONFIG_SPL_DM_REGULATOR=y
+CONFIG_DM_REGULATOR_GPIO=y
+CONFIG_SPL_DM_REGULATOR_GPIO=y
+CONFIG_RAM=y
+CONFIG_SPL_RAM=y
+CONFIG_K3_SYSTEM_CONTROLLER=y
+CONFIG_REMOTEPROC_K3=y
+CONFIG_DM_RESET=y
+CONFIG_RESET_TI_SCI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SYSRESET=y
+CONFIG_SYSRESET_TI_SCI=y
+CONFIG_TIMER=y
+CONFIG_SPL_TIMER=y
+CONFIG_OMAP_TIMER=y
-- 
2.19.1

[U-Boot] [PATCH 7/7] doc: Update info on using K3 secure devices

[Andrew F. Davis]

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 doc/README.ti-secure | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/doc/README.ti-secure b/doc/README.ti-secure
index 76950253ac..27c0eaa77f 100644
--- a/doc/README.ti-secure
+++ b/doc/README.ti-secure
@@ -138,7 +138,7 @@ Booting of U-Boot SPL
 	<INPUT_FILE>
 
 	Invoking the script for Keystone2 Secure Devices
-	=============================================
+	================================================
 
 	create-boot-image.sh \
 		<UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED>
@@ -157,6 +157,18 @@ Booting of U-Boot SPL
 		boot from all media. Secure boot from SPI NOR flash is not
 		currently supported.
 
+	Invoking the script for K3 Secure Devices
+	=========================================
+
+	The signing steps required to produce a bootable SPL image on secure
+	K3 TI devices are the same as those performed on non-secure devices.
+	The only difference is the key is not checked on non-secure devices so
+	a dummy key is used when building U-Boot for those devices. For secure
+	K3 TI devices simply use the real hardware key for your device. This
+	real key can be set with the Kconfig option "K3_KEY". The environment
+	variable TI_SECURE_DEV_PKG is also searched for real keys when the
+	build targets secure devices.
+
 Booting of Primary U-Boot (u-boot.img)
 ======================================
 
@@ -181,10 +193,8 @@ Booting of Primary U-Boot (u-boot.img)
 	is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which
 	must be enabled for the secure boot scheme to work. In order to allow
 	verifying proper operation of the secure boot chain in case of successful
-	authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are
-	output by the SPL to the console for each blob that got extracted from the
-	FIT image. Note that the last part of this log message is the (truncated)
-	name of the signing certificate embedded into the blob that got processed.
+	authentication messages like "Authentication passed" are output by the
+	SPL to the console for each blob that got extracted from the FIT image.
 
 	The exact details of the how the images are secured is handled by the
 	SECDEV package. Within the SECDEV package exists a script to process
-- 
2.19.1

[U-Boot] [PATCH 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:06PM -0600, Andrew F. Davis wrote:
> On HS devices the 512b region of reset isolated memory called
> MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
> cannot use this memory. It is only used to store a single value
> left at the end of SRAM by ROM that will be needed later. Save
> that value to a global variable stored in the .data section.
> This section is used as .bss will be cleared between saving
> this value and using it.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> ---
>  arch/arm/mach-k3/am6_init.c                  | 8 +++-----
>  arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
>  2 files changed, 3 insertions(+), 8 deletions(-)
> 
> diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
> index a5553190b4..462538e45d 100644
> --- a/arch/arm/mach-k3/am6_init.c
> +++ b/arch/arm/mach-k3/am6_init.c
> @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void)
>  	mmr_unlock(CTRL_MMR0_BASE, 7);
>  }
>  
> +u32 bootindex __attribute__((section(".data")));
> +

We need a comment above this one so it's clear down the line to others
why we're doing something odd like this, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/c35a341a/attachment.sig>

[U-Boot] [PATCH 2/7] firmware: ti_sci: Add support for firewall management

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:07PM -0600, Andrew F. Davis wrote:

> TI-SCI message protocol provides support for controlling the firewall
> configurations available in SoC.
> 
> Introduce support for the set of TI-SCI message protocol APIs that
> provide us with this capability of controlling firewalls.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/0c40fa2a/attachment.sig>

[U-Boot] [PATCH 3/7] firmware: ti_sci: Modify auth_boot TI-SCI API to match new version

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:08PM -0600, Andrew F. Davis wrote:

> SYSFW version 2019.01 introduces a slightly modified version of this API,
> add support for it here.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/88afd09d/attachment.sig>

[U-Boot] [PATCH 4/7] arm: mach-k3: Add secure device support

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:09PM -0600, Andrew F. Davis wrote:

> K3 devices have High Security (HS) variants along with the non-HS already
> supported. Like the previous generation devices (OMAP/Keystone2) K3
> supports boot chain-of-trust by authenticating and optionally decrypting
> images as they are unpacked from FIT images. Add support for this here.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/360d995e/attachment.sig>

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:10PM -0600, Andrew F. Davis wrote:

> K3 HS devices require signed binaries for boot, use the SECDEV tools
> to sign the boot artifacts during build.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

In general, since I suppose the answer to my question is "no", so:
Reviewed-by: Tom Rini <trini@konsulko.com>

But it feels like we're copying a lot of make-magic around that we have
for other hs devices.  Can we find a common place for it for all TI
platforms?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/43613b00/attachment.sig>

[U-Boot] [PATCH 6/7] configs: Add a config for AM65x High Security EVM

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:11PM -0600, Andrew F. Davis wrote:

> Add new defconfig files for the AM65x High Security EVM.
> 
> This defconfigs are the same as for the non-secure part, except for:
>     CONFIG_TI_SECURE_DEVICE option set to 'y'
>     CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
>     CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/3a8d6867/attachment.sig>

[U-Boot] [PATCH 7/7] doc: Update info on using K3 secure devices

[Tom Rini]

On Wed, Feb 13, 2019 at 12:37:12PM -0600, Andrew F. Davis wrote:

> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190213/5e422b0e/attachment.sig>

[U-Boot] [PATCH 0/7] AM65x HS device support

[Andreas Dannenberg]

On Wed, Feb 13, 2019 at 12:37:05PM -0600, Andrew F. Davis wrote:
> Hello all,
> 
> This series brings up HS device support on the AM65x platform. Support
> for HS on K3 family devices is a bit different than previous devices
> but for the most part all that has been abstracted into the SECDEV
> package, allowing for a rather straight forward implementation here.
> 
> Thanks,
> Andrew
> 
> Andrew F. Davis (7):
>   arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded
>   firmware: ti_sci: Add support for firewall management
>   firmware: ti_sci: Modify auth_boot TI-SCI API to match new version
>   arm: mach-k3: Add secure device support
>   arm: mach-k3: Add secure device build support
>   configs: Add a config for AM65x High Security EVM
>   doc: Update info on using K3 secure devices
>

For the series...

Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>

--
Andreas Dannenberg
Texas Instruments Inc

>  MAINTAINERS                                  |   4 +
>  arch/arm/Kconfig                             |   2 +-
>  arch/arm/mach-k3/Makefile                    |   1 +
>  arch/arm/mach-k3/am6_init.c                  |   8 +-
>  arch/arm/mach-k3/config.mk                   |  25 +++
>  arch/arm/mach-k3/config_secure.mk            |  44 ++++
>  arch/arm/mach-k3/include/mach/am6_hardware.h |   3 -
>  arch/arm/mach-k3/security.c                  |  63 ++++++
>  configs/am65x_hs_evm_a53_defconfig           |  74 +++++++
>  configs/am65x_hs_evm_r5_defconfig            |  90 +++++++++
>  doc/README.ti-secure                         |  20 +-
>  drivers/firmware/ti_sci.c                    | 202 ++++++++++++++++++-
>  drivers/firmware/ti_sci.h                    | 139 ++++++++++++-
>  include/linux/soc/ti/ti_sci_protocol.h       |  68 ++++++-
>  tools/k3_fit_atf.sh                          |   8 +-
>  15 files changed, 722 insertions(+), 29 deletions(-)
>  create mode 100644 arch/arm/mach-k3/config_secure.mk
>  create mode 100644 arch/arm/mach-k3/security.c
>  create mode 100644 configs/am65x_hs_evm_a53_defconfig
>  create mode 100644 configs/am65x_hs_evm_r5_defconfig
> 
> -- 
> 2.19.1
> 
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded

[Andrew F. Davis]

On 2/13/19 2:27 PM, Tom Rini wrote:
> On Wed, Feb 13, 2019 at 12:37:06PM -0600, Andrew F. Davis wrote:
>> On HS devices the 512b region of reset isolated memory called
>> MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
>> cannot use this memory. It is only used to store a single value
>> left at the end of SRAM by ROM that will be needed later. Save
>> that value to a global variable stored in the .data section.
>> This section is used as .bss will be cleared between saving
>> this value and using it.
>>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>> ---
>>  arch/arm/mach-k3/am6_init.c                  | 8 +++-----
>>  arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
>>  2 files changed, 3 insertions(+), 8 deletions(-)
>>
>> diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
>> index a5553190b4..462538e45d 100644
>> --- a/arch/arm/mach-k3/am6_init.c
>> +++ b/arch/arm/mach-k3/am6_init.c
>> @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void)
>>  	mmr_unlock(CTRL_MMR0_BASE, 7);
>>  }
>>  
>> +u32 bootindex __attribute__((section(".data")));
>> +
> 
> We need a comment above this one so it's clear down the line to others
> why we're doing something odd like this, thanks!
> 

No problem, will add.

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Andrew F. Davis]

On 2/13/19 2:27 PM, Tom Rini wrote:
> On Wed, Feb 13, 2019 at 12:37:10PM -0600, Andrew F. Davis wrote:
> 
>> K3 HS devices require signed binaries for boot, use the SECDEV tools
>> to sign the boot artifacts during build.
>>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
> 
> In general, since I suppose the answer to my question is "no", so:
> Reviewed-by: Tom Rini <trini@konsulko.com>
> 
> But it feels like we're copying a lot of make-magic around that we have
> for other hs devices.  Can we find a common place for it for all TI
> platforms?  Thanks!
> 

Well actually the answer is more a "maybe", I just don't know the right
spot.

For mach-keystone/config.mk HS we link to the make-magic in
mach-omap2/config_secure.mk. I did consider doing the same for this, but
putting stuff in mach-omap2, even stuff that is not available on any
OMAP platform device seemed wrong. Perhaps we could factor the HS magic
out into a top-level makefile at some point.

[U-Boot] [PATCH 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded

[Lokesh Vutla]

On 14/02/19 12:07 AM, Andrew F. Davis wrote:
> On HS devices the 512b region of reset isolated memory called
> MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
> cannot use this memory. It is only used to store a single value
> left at the end of SRAM by ROM that will be needed later. Save
> that value to a global variable stored in the .data section.
> This section is used as .bss will be cleared between saving
> this value and using it.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> ---
>  arch/arm/mach-k3/am6_init.c                  | 8 +++-----
>  arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
>  2 files changed, 3 insertions(+), 8 deletions(-)
> 
> diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
> index a5553190b4..462538e45d 100644
> --- a/arch/arm/mach-k3/am6_init.c
> +++ b/arch/arm/mach-k3/am6_init.c
> @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void)
>  	mmr_unlock(CTRL_MMR0_BASE, 7);
>  }
>  
> +u32 bootindex __attribute__((section(".data")));

After thinking a bit more I realized that backup bootmode might fail. R5 SPL is
fine but when it jumps to A53 SPL it is trying to read the bootindex again from
K3_BOOT_PARAM_TABLE_INDEX_VAL(this is already the case and is wrong). It is not
guaranteed that R5 SPL did not damage this ROM param table. We should somehow
pass bootindex to A53 SPL using scratchpad space.

> +
>  static void store_boot_index_from_rom(void)
>  {
> -	u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
> -
> -	*boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
> +	bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
>  }
>  
>  void board_init_f(ulong dummy)
> @@ -94,7 +94,6 @@ u32 spl_boot_mode(const u32 boot_device)
>  {
>  #if defined(CONFIG_SUPPORT_EMMC_BOOT)
>  	u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
> -	u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
>  
>  	u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >>
>  			CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
> @@ -170,7 +169,6 @@ static u32 __get_primary_bootmedia(u32 devstat)
>  u32 spl_boot_device(void)
>  {
>  	u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
> -	u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
>  
>  	if (bootindex == K3_PRIMARY_BOOTMODE)
>  		return __get_primary_bootmedia(devstat);
> diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h
> index b5244609af..3343233aa3 100644
> --- a/arch/arm/mach-k3/include/mach/am6_hardware.h
> +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h
> @@ -44,7 +44,4 @@
>  #define CTRLMMR_LOCK_KICK1				0x0100c
>  #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL			0xd172bc5a
>  
> -/* MCU SCRATCHPAD usage */
> -#define K3_BOOT_PARAM_TABLE_INDEX_VAL	CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE

Can we move scratchpad base to a different location ? This will be used for
eeprom storing also.

Thanks and regards,
Lokesh

> -
>  #endif /* __ASM_ARCH_AM6_HARDWARE_H */
> 

[U-Boot] [PATCH 2/7] firmware: ti_sci: Add support for firewall management

[Lokesh Vutla]

[...snip..]

>  /**
> diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h
> index 81591fb0c7..2c92f475ed 100644
> --- a/drivers/firmware/ti_sci.h
> +++ b/drivers/firmware/ti_sci.h
> @@ -50,6 +50,10 @@
>  #define TISCI_MSG_PROC_AUTH_BOOT_IMIAGE	0xc120
>  #define TISCI_MSG_GET_PROC_BOOT_STATUS	0xc400
>  
> +#define TISCI_MSG_FWL_SET		0x9000
> +#define TISCI_MSG_FWL_GET		0x9001
> +#define TISCI_MSG_FWL_CHANGE_OWNER	0x9002
> +
>  /**
>   * struct ti_sci_msg_hdr - Generic Message Header for All messages and responses
>   * @type:	Type of messages: One of TI_SCI_MSG* values
> @@ -677,4 +681,130 @@ struct ti_sci_msg_resp_get_proc_boot_status {
>  	u32 status_flags;
>  } __packed;
>  
> +#define FWL_MAX_PRIVID_SLOTS 3U
> +
> +/**
> + * struct ti_sci_msg_fwl_set_firewall_region_req - Request for configuring the firewall permissions.
> + *
> + * @hdr:		Generic Header
> + *
> + * @fwl_id:		Firewall ID in question
> + * @region:		Region or channel number to set config info
> + *			This field is unused in case of a simple firewall  and must be initialized
> + *			to zero.  In case of a region based firewall, this field indicates the
> + *			region in question. (index starting from 0) In case of a channel based
> + *			firewall, this field indicates the channel in question (index starting
> + *			from 0)
> + * @n_permission_regs:	Number of permission registers to set
> + * @control:		Contents of the firewall CONTROL register to set
> + * @permissions:	Contents of the firewall PERMISSION register to set
> + * @start_address:	Contents of the firewall START_ADDRESS register to set
> + * @end_address:	Contents of the firewall END_ADDRESS register to set
> + */
> +
> +struct ti_sci_msg_fwl_set_firewall_region_req {
> +	struct ti_sci_msg_hdr	hdr;
> +	u16			fwl_id;
> +	u16			region;
> +	u32			n_permission_regs;
> +	u32			control;
> +	u32			permissions[FWL_MAX_PRIVID_SLOTS];
> +	u64			start_address;
> +	u64			end_address;
> +} __packed;
> +
> +/**
> + * struct ti_sci_msg_fwl_set_firewall_region_resp - Response for configuring the firewall permissions
> + *
> + * @hdr:		Generic Header
> + */
> +struct ti_sci_msg_fwl_set_firewall_region_resp {
> +	struct ti_sci_msg_hdr hdr;
> +} __packed;

If it is just the header then you can drop this structure. Use the header
directly in the commands.


Thanks and regards,
Lokesh

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Lokesh Vutla]

On 14/02/19 12:07 AM, Andrew F. Davis wrote:
> K3 HS devices require signed binaries for boot, use the SECDEV tools
> to sign the boot artifacts during build.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> ---
>  MAINTAINERS                       |  1 +
>  arch/arm/mach-k3/config.mk        | 25 ++++++++++++++++++
>  arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++
>  tools/k3_fit_atf.sh               |  8 ++++--
>  4 files changed, 76 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm/mach-k3/config_secure.mk
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 18cdca9447..ac6bd8cfca 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -717,6 +717,7 @@ F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
>  F:	arch/arm/mach-omap2/sec-common.c
>  F:	arch/arm/mach-omap2/config_secure.mk
>  F:	arch/arm/mach-k3/security.c
> +F:	arch/arm/mach-k3/config_secure.mk
>  F:	configs/am335x_hs_evm_defconfig
>  F:	configs/am335x_hs_evm_uart_defconfig
>  F:	configs/am43xx_hs_evm_defconfig
> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
> index be00d79fb0..2d8f61f9db 100644
> --- a/arch/arm/mach-k3/config.mk
> +++ b/arch/arm/mach-k3/config.mk
> @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo
>  # If external key is not provided, generate key using openssl.
>  ifeq ($(CONFIG_SYS_K3_KEY), "")
>  KEY=u-boot-spl-eckey.pem
> +# On HS use real key or warn if not available
> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
> +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
> +else
> +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
> +endif
> +endif
>  else
>  KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
>  endif
> @@ -65,6 +73,15 @@ ALL-y	+= tiboot3.bin
>  endif
>  
>  ifdef CONFIG_ARM64
> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> +SPL_ITS := u-boot-spl-k3_HS.its
> +$(SPL_ITS): FORCE
> +	IS_HS=1 \
> +	$(srctree)/tools/k3_fit_atf.sh \
> +	$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
> +
> +ALL-y	+= tispl.bin_HS
> +else
>  SPL_ITS := u-boot-spl-k3.its
>  $(SPL_ITS): FORCE
>  	$(srctree)/tools/k3_fit_atf.sh \
> @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
>  
>  ALL-y	+= tispl.bin
>  endif
> +endif
> +
> +else
>  
> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> +ALL-y	+= u-boot.img_HS
>  else
>  ALL-y	+= u-boot.img
>  endif
> +endif
> +
> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
> diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk
> new file mode 100644
> index 0000000000..6d63c57665
> --- /dev/null
> +++ b/arch/arm/mach-k3/config_secure.mk
> @@ -0,0 +1,44 @@
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
> +#	Andrew F. Davis <afd@ti.com>
> +
> +quiet_cmd_k3secureimg = SECURE  $@
> +ifneq ($(TI_SECURE_DEV_PKG),)
> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
> +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
> +	$< $@ \
> +	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
> +else
> +cmd_k3secureimg = echo "WARNING:" \
> +	"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
> +	"$@ was NOT secured!"; cp $< $@
> +endif
> +else
> +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
> +	"variable must be defined for TI secure devices." \
> +	"$@ was NOT secured!"; cp $< $@
> +endif
> +
> +%.dtb_HS: %.dtb FORCE
> +	$(call if_changed,k3secureimg)
> +
> +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
> +	$(call if_changed,k3secureimg)
> +
> +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
> +	$(call if_changed,mkfitimage)
> +
> +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
> +	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> +	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
> +	$(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))

I guess these HS postfixed dtbs will never get cleaned. I see the same issue
with other TI secure devices as well. Can you update the clean rules as well?

Thanks and regards,
Lokesh

> +
> +OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
> +$(OF_LIST_TARGETS): dtbs
> +
> +u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
> +	$(call if_changed,k3secureimg)
> +
> +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
> +	$(call if_changed,mkimage)
> diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
> index 430b5ca616..4e9f69c087 100755
> --- a/tools/k3_fit_atf.sh
> +++ b/tools/k3_fit_atf.sh
> @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then
>  	TEE=/dev/null
>  fi
>  
> +if [ ! -z "$IS_HS" ]; then
> +	HS_APPEND=_HS
> +fi
> +
>  cat << __HEADER_EOF
>  /dts-v1/;
>  
> @@ -51,7 +55,7 @@ cat << __HEADER_EOF
>  		};
>  		spl {
>  			description = "SPL (64-bit)";
> -			data = /incbin/("spl/u-boot-spl-nodtb.bin");
> +			data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND");
>  			type = "standalone";
>  			os = "U-Boot";
>  			arch = "arm64";
> @@ -66,7 +70,7 @@ do
>  	cat << __FDT_IMAGE_EOF
>  		$(basename $dtname) {
>  			description = "$(basename $dtname .dtb)";
> -			data = /incbin/("$dtname");
> +			data = /incbin/("$dtname$HS_APPEND");
>  			type = "flat_dt";
>  			arch = "arm";
>  			compression = "none";
> 

[U-Boot] [PATCH 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded

[Andrew F. Davis]

On 2/13/19 9:32 PM, Lokesh Vutla wrote:
> 
> 
> On 14/02/19 12:07 AM, Andrew F. Davis wrote:
>> On HS devices the 512b region of reset isolated memory called
>> MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
>> cannot use this memory. It is only used to store a single value
>> left at the end of SRAM by ROM that will be needed later. Save
>> that value to a global variable stored in the .data section.
>> This section is used as .bss will be cleared between saving
>> this value and using it.
>>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>> ---
>>  arch/arm/mach-k3/am6_init.c                  | 8 +++-----
>>  arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
>>  2 files changed, 3 insertions(+), 8 deletions(-)
>>
>> diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
>> index a5553190b4..462538e45d 100644
>> --- a/arch/arm/mach-k3/am6_init.c
>> +++ b/arch/arm/mach-k3/am6_init.c
>> @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void)
>>  	mmr_unlock(CTRL_MMR0_BASE, 7);
>>  }
>>  
>> +u32 bootindex __attribute__((section(".data")));
> 
> After thinking a bit more I realized that backup bootmode might fail. R5 SPL is
> fine but when it jumps to A53 SPL it is trying to read the bootindex again from
> K3_BOOT_PARAM_TABLE_INDEX_VAL(this is already the case and is wrong). It is not
> guaranteed that R5 SPL did not damage this ROM param table. We should somehow
> pass bootindex to A53 SPL using scratchpad space.
> 

I don't know of any super good way to pass data from R5-SPL to A53-SPL,
but I don't think MCU_PSRAM0 will be the way to do it. For all we know
before A53-SPL has started the R5-SPL may have shutdown and something
else has booted, which could have used that MCU local RAM space. I think
we need something that gets passed to A53 anyway, maybe a DT fixup?

>> +
>>  static void store_boot_index_from_rom(void)
>>  {
>> -	u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
>> -
>> -	*boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
>> +	bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
>>  }
>>  
>>  void board_init_f(ulong dummy)
>> @@ -94,7 +94,6 @@ u32 spl_boot_mode(const u32 boot_device)
>>  {
>>  #if defined(CONFIG_SUPPORT_EMMC_BOOT)
>>  	u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
>> -	u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
>>  
>>  	u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >>
>>  			CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
>> @@ -170,7 +169,6 @@ static u32 __get_primary_bootmedia(u32 devstat)
>>  u32 spl_boot_device(void)
>>  {
>>  	u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
>> -	u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
>>  
>>  	if (bootindex == K3_PRIMARY_BOOTMODE)
>>  		return __get_primary_bootmedia(devstat);
>> diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h b/arch/arm/mach-k3/include/mach/am6_hardware.h
>> index b5244609af..3343233aa3 100644
>> --- a/arch/arm/mach-k3/include/mach/am6_hardware.h
>> +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h
>> @@ -44,7 +44,4 @@
>>  #define CTRLMMR_LOCK_KICK1				0x0100c
>>  #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL			0xd172bc5a
>>  
>> -/* MCU SCRATCHPAD usage */
>> -#define K3_BOOT_PARAM_TABLE_INDEX_VAL	CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE
> 
> Can we move scratchpad base to a different location ? This will be used for
> eeprom storing also.
> 

It's okay to use MCU_PSRAM0 after SYSFW has been loaded, does the EEPROM
data need to be moved between SPLs? Or is it local to each?

Andrew

> Thanks and regards,
> Lokesh
> 
>> -
>>  #endif /* __ASM_ARCH_AM6_HARDWARE_H */
>>

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Andrew F. Davis]

On 2/13/19 9:46 PM, Lokesh Vutla wrote:
> 
> 
> On 14/02/19 12:07 AM, Andrew F. Davis wrote:
>> K3 HS devices require signed binaries for boot, use the SECDEV tools
>> to sign the boot artifacts during build.
>>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>> ---
>>  MAINTAINERS                       |  1 +
>>  arch/arm/mach-k3/config.mk        | 25 ++++++++++++++++++
>>  arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++
>>  tools/k3_fit_atf.sh               |  8 ++++--
>>  4 files changed, 76 insertions(+), 2 deletions(-)
>>  create mode 100644 arch/arm/mach-k3/config_secure.mk
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 18cdca9447..ac6bd8cfca 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -717,6 +717,7 @@ F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
>>  F:	arch/arm/mach-omap2/sec-common.c
>>  F:	arch/arm/mach-omap2/config_secure.mk
>>  F:	arch/arm/mach-k3/security.c
>> +F:	arch/arm/mach-k3/config_secure.mk
>>  F:	configs/am335x_hs_evm_defconfig
>>  F:	configs/am335x_hs_evm_uart_defconfig
>>  F:	configs/am43xx_hs_evm_defconfig
>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
>> index be00d79fb0..2d8f61f9db 100644
>> --- a/arch/arm/mach-k3/config.mk
>> +++ b/arch/arm/mach-k3/config.mk
>> @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo
>>  # If external key is not provided, generate key using openssl.
>>  ifeq ($(CONFIG_SYS_K3_KEY), "")
>>  KEY=u-boot-spl-eckey.pem
>> +# On HS use real key or warn if not available
>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
>> +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
>> +else
>> +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
>> +endif
>> +endif
>>  else
>>  KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
>>  endif
>> @@ -65,6 +73,15 @@ ALL-y	+= tiboot3.bin
>>  endif
>>  
>>  ifdef CONFIG_ARM64
>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>> +SPL_ITS := u-boot-spl-k3_HS.its
>> +$(SPL_ITS): FORCE
>> +	IS_HS=1 \
>> +	$(srctree)/tools/k3_fit_atf.sh \
>> +	$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
>> +
>> +ALL-y	+= tispl.bin_HS
>> +else
>>  SPL_ITS := u-boot-spl-k3.its
>>  $(SPL_ITS): FORCE
>>  	$(srctree)/tools/k3_fit_atf.sh \
>> @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
>>  
>>  ALL-y	+= tispl.bin
>>  endif
>> +endif
>> +
>> +else
>>  
>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>> +ALL-y	+= u-boot.img_HS
>>  else
>>  ALL-y	+= u-boot.img
>>  endif
>> +endif
>> +
>> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
>> diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk
>> new file mode 100644
>> index 0000000000..6d63c57665
>> --- /dev/null
>> +++ b/arch/arm/mach-k3/config_secure.mk
>> @@ -0,0 +1,44 @@
>> +# SPDX-License-Identifier: GPL-2.0
>> +#
>> +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
>> +#	Andrew F. Davis <afd@ti.com>
>> +
>> +quiet_cmd_k3secureimg = SECURE  $@
>> +ifneq ($(TI_SECURE_DEV_PKG),)
>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
>> +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
>> +	$< $@ \
>> +	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
>> +else
>> +cmd_k3secureimg = echo "WARNING:" \
>> +	"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
>> +	"$@ was NOT secured!"; cp $< $@
>> +endif
>> +else
>> +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
>> +	"variable must be defined for TI secure devices." \
>> +	"$@ was NOT secured!"; cp $< $@
>> +endif
>> +
>> +%.dtb_HS: %.dtb FORCE
>> +	$(call if_changed,k3secureimg)
>> +
>> +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
>> +	$(call if_changed,k3secureimg)
>> +
>> +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
>> +	$(call if_changed,mkfitimage)
>> +
>> +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
>> +	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
>> +	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
>> +	$(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
> 
> I guess these HS postfixed dtbs will never get cleaned. I see the same issue
> with other TI secure devices as well. Can you update the clean rules as well?
> 

tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried
adding them to clean-files and CLEAN_FILES, neither worked. Outside of
manually deleting them on an appended clean rule I don't know what the
recommended trick is for this.

> Thanks and regards,
> Lokesh
> 
>> +
>> +OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
>> +$(OF_LIST_TARGETS): dtbs
>> +
>> +u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
>> +	$(call if_changed,k3secureimg)
>> +
>> +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
>> +	$(call if_changed,mkimage)
>> diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
>> index 430b5ca616..4e9f69c087 100755
>> --- a/tools/k3_fit_atf.sh
>> +++ b/tools/k3_fit_atf.sh
>> @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then
>>  	TEE=/dev/null
>>  fi
>>  
>> +if [ ! -z "$IS_HS" ]; then
>> +	HS_APPEND=_HS
>> +fi
>> +
>>  cat << __HEADER_EOF
>>  /dts-v1/;
>>  
>> @@ -51,7 +55,7 @@ cat << __HEADER_EOF
>>  		};
>>  		spl {
>>  			description = "SPL (64-bit)";
>> -			data = /incbin/("spl/u-boot-spl-nodtb.bin");
>> +			data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND");
>>  			type = "standalone";
>>  			os = "U-Boot";
>>  			arch = "arm64";
>> @@ -66,7 +70,7 @@ do
>>  	cat << __FDT_IMAGE_EOF
>>  		$(basename $dtname) {
>>  			description = "$(basename $dtname .dtb)";
>> -			data = /incbin/("$dtname");
>> +			data = /incbin/("$dtname$HS_APPEND");
>>  			type = "flat_dt";
>>  			arch = "arm";
>>  			compression = "none";
>>

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Lokesh Vutla]

On 2/15/2019 4:25 AM, Andrew F. Davis wrote:
> On 2/13/19 9:46 PM, Lokesh Vutla wrote:
>>
>>
>> On 14/02/19 12:07 AM, Andrew F. Davis wrote:
>>> K3 HS devices require signed binaries for boot, use the SECDEV tools
>>> to sign the boot artifacts during build.
>>>
>>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>>> ---
>>>  MAINTAINERS                       |  1 +
>>>  arch/arm/mach-k3/config.mk        | 25 ++++++++++++++++++
>>>  arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++
>>>  tools/k3_fit_atf.sh               |  8 ++++--
>>>  4 files changed, 76 insertions(+), 2 deletions(-)
>>>  create mode 100644 arch/arm/mach-k3/config_secure.mk
>>>
>>> diff --git a/MAINTAINERS b/MAINTAINERS
>>> index 18cdca9447..ac6bd8cfca 100644
>>> --- a/MAINTAINERS
>>> +++ b/MAINTAINERS
>>> @@ -717,6 +717,7 @@ F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
>>>  F:	arch/arm/mach-omap2/sec-common.c
>>>  F:	arch/arm/mach-omap2/config_secure.mk
>>>  F:	arch/arm/mach-k3/security.c
>>> +F:	arch/arm/mach-k3/config_secure.mk
>>>  F:	configs/am335x_hs_evm_defconfig
>>>  F:	configs/am335x_hs_evm_uart_defconfig
>>>  F:	configs/am43xx_hs_evm_defconfig
>>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
>>> index be00d79fb0..2d8f61f9db 100644
>>> --- a/arch/arm/mach-k3/config.mk
>>> +++ b/arch/arm/mach-k3/config.mk
>>> @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo
>>>  # If external key is not provided, generate key using openssl.
>>>  ifeq ($(CONFIG_SYS_K3_KEY), "")
>>>  KEY=u-boot-spl-eckey.pem
>>> +# On HS use real key or warn if not available
>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
>>> +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
>>> +else
>>> +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
>>> +endif
>>> +endif
>>>  else
>>>  KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
>>>  endif
>>> @@ -65,6 +73,15 @@ ALL-y	+= tiboot3.bin
>>>  endif
>>>  
>>>  ifdef CONFIG_ARM64
>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>> +SPL_ITS := u-boot-spl-k3_HS.its
>>> +$(SPL_ITS): FORCE
>>> +	IS_HS=1 \
>>> +	$(srctree)/tools/k3_fit_atf.sh \
>>> +	$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
>>> +
>>> +ALL-y	+= tispl.bin_HS
>>> +else
>>>  SPL_ITS := u-boot-spl-k3.its
>>>  $(SPL_ITS): FORCE
>>>  	$(srctree)/tools/k3_fit_atf.sh \
>>> @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
>>>  
>>>  ALL-y	+= tispl.bin
>>>  endif
>>> +endif
>>> +
>>> +else
>>>  
>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>> +ALL-y	+= u-boot.img_HS
>>>  else
>>>  ALL-y	+= u-boot.img
>>>  endif
>>> +endif
>>> +
>>> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
>>> diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk
>>> new file mode 100644
>>> index 0000000000..6d63c57665
>>> --- /dev/null
>>> +++ b/arch/arm/mach-k3/config_secure.mk
>>> @@ -0,0 +1,44 @@
>>> +# SPDX-License-Identifier: GPL-2.0
>>> +#
>>> +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
>>> +#	Andrew F. Davis <afd@ti.com>
>>> +
>>> +quiet_cmd_k3secureimg = SECURE  $@
>>> +ifneq ($(TI_SECURE_DEV_PKG),)
>>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
>>> +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
>>> +	$< $@ \
>>> +	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
>>> +else
>>> +cmd_k3secureimg = echo "WARNING:" \
>>> +	"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
>>> +	"$@ was NOT secured!"; cp $< $@
>>> +endif
>>> +else
>>> +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
>>> +	"variable must be defined for TI secure devices." \
>>> +	"$@ was NOT secured!"; cp $< $@
>>> +endif
>>> +
>>> +%.dtb_HS: %.dtb FORCE
>>> +	$(call if_changed,k3secureimg)
>>> +
>>> +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
>>> +	$(call if_changed,k3secureimg)
>>> +
>>> +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
>>> +	$(call if_changed,mkfitimage)
>>> +
>>> +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
>>> +	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
>>> +	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
>>> +	$(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
>>
>> I guess these HS postfixed dtbs will never get cleaned. I see the same issue
>> with other TI secure devices as well. Can you update the clean rules as well?
>>
> 
> tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried

Yeah, these should be cleaned as well.

> adding them to clean-files and CLEAN_FILES, neither worked. Outside of

looks like clean-files is relative to the current directory. You can
update arch/arm/dts/Makefile but it might be very generic.

Tom, any suggestions to clean files in this case?

Thanks and regards,
Lokesh


> manually deleting them on an appended clean rule I don't know what the
> recommended trick is for this.
> 
>> Thanks and regards,
>> Lokesh
>>
>>> +
>>> +OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
>>> +$(OF_LIST_TARGETS): dtbs
>>> +
>>> +u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
>>> +	$(call if_changed,k3secureimg)
>>> +
>>> +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
>>> +	$(call if_changed,mkimage)
>>> diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
>>> index 430b5ca616..4e9f69c087 100755
>>> --- a/tools/k3_fit_atf.sh
>>> +++ b/tools/k3_fit_atf.sh
>>> @@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then
>>>  	TEE=/dev/null
>>>  fi
>>>  
>>> +if [ ! -z "$IS_HS" ]; then
>>> +	HS_APPEND=_HS
>>> +fi
>>> +
>>>  cat << __HEADER_EOF
>>>  /dts-v1/;
>>>  
>>> @@ -51,7 +55,7 @@ cat << __HEADER_EOF
>>>  		};
>>>  		spl {
>>>  			description = "SPL (64-bit)";
>>> -			data = /incbin/("spl/u-boot-spl-nodtb.bin");
>>> +			data = /incbin/("spl/u-boot-spl-nodtb.bin$HS_APPEND");
>>>  			type = "standalone";
>>>  			os = "U-Boot";
>>>  			arch = "arm64";
>>> @@ -66,7 +70,7 @@ do
>>>  	cat << __FDT_IMAGE_EOF
>>>  		$(basename $dtname) {
>>>  			description = "$(basename $dtname .dtb)";
>>> -			data = /incbin/("$dtname");
>>> +			data = /incbin/("$dtname$HS_APPEND");
>>>  			type = "flat_dt";
>>>  			arch = "arm";
>>>  			compression = "none";
>>>

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Tom Rini]

On Fri, Feb 15, 2019 at 05:43:32PM +0530, Lokesh Vutla wrote:
> 
> 
> On 2/15/2019 4:25 AM, Andrew F. Davis wrote:
> > On 2/13/19 9:46 PM, Lokesh Vutla wrote:
> >>
> >>
> >> On 14/02/19 12:07 AM, Andrew F. Davis wrote:
> >>> K3 HS devices require signed binaries for boot, use the SECDEV tools
> >>> to sign the boot artifacts during build.
> >>>
> >>> Signed-off-by: Andrew F. Davis <afd@ti.com>
> >>> ---
> >>>  MAINTAINERS                       |  1 +
> >>>  arch/arm/mach-k3/config.mk        | 25 ++++++++++++++++++
> >>>  arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++
> >>>  tools/k3_fit_atf.sh               |  8 ++++--
> >>>  4 files changed, 76 insertions(+), 2 deletions(-)
> >>>  create mode 100644 arch/arm/mach-k3/config_secure.mk
> >>>
> >>> diff --git a/MAINTAINERS b/MAINTAINERS
> >>> index 18cdca9447..ac6bd8cfca 100644
> >>> --- a/MAINTAINERS
> >>> +++ b/MAINTAINERS
> >>> @@ -717,6 +717,7 @@ F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
> >>>  F:	arch/arm/mach-omap2/sec-common.c
> >>>  F:	arch/arm/mach-omap2/config_secure.mk
> >>>  F:	arch/arm/mach-k3/security.c
> >>> +F:	arch/arm/mach-k3/config_secure.mk
> >>>  F:	configs/am335x_hs_evm_defconfig
> >>>  F:	configs/am335x_hs_evm_uart_defconfig
> >>>  F:	configs/am43xx_hs_evm_defconfig
> >>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
> >>> index be00d79fb0..2d8f61f9db 100644
> >>> --- a/arch/arm/mach-k3/config.mk
> >>> +++ b/arch/arm/mach-k3/config.mk
> >>> @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo
> >>>  # If external key is not provided, generate key using openssl.
> >>>  ifeq ($(CONFIG_SYS_K3_KEY), "")
> >>>  KEY=u-boot-spl-eckey.pem
> >>> +# On HS use real key or warn if not available
> >>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> >>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
> >>> +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
> >>> +else
> >>> +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
> >>> +endif
> >>> +endif
> >>>  else
> >>>  KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
> >>>  endif
> >>> @@ -65,6 +73,15 @@ ALL-y	+= tiboot3.bin
> >>>  endif
> >>>  
> >>>  ifdef CONFIG_ARM64
> >>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> >>> +SPL_ITS := u-boot-spl-k3_HS.its
> >>> +$(SPL_ITS): FORCE
> >>> +	IS_HS=1 \
> >>> +	$(srctree)/tools/k3_fit_atf.sh \
> >>> +	$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
> >>> +
> >>> +ALL-y	+= tispl.bin_HS
> >>> +else
> >>>  SPL_ITS := u-boot-spl-k3.its
> >>>  $(SPL_ITS): FORCE
> >>>  	$(srctree)/tools/k3_fit_atf.sh \
> >>> @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
> >>>  
> >>>  ALL-y	+= tispl.bin
> >>>  endif
> >>> +endif
> >>> +
> >>> +else
> >>>  
> >>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> >>> +ALL-y	+= u-boot.img_HS
> >>>  else
> >>>  ALL-y	+= u-boot.img
> >>>  endif
> >>> +endif
> >>> +
> >>> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
> >>> diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk
> >>> new file mode 100644
> >>> index 0000000000..6d63c57665
> >>> --- /dev/null
> >>> +++ b/arch/arm/mach-k3/config_secure.mk
> >>> @@ -0,0 +1,44 @@
> >>> +# SPDX-License-Identifier: GPL-2.0
> >>> +#
> >>> +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
> >>> +#	Andrew F. Davis <afd@ti.com>
> >>> +
> >>> +quiet_cmd_k3secureimg = SECURE  $@
> >>> +ifneq ($(TI_SECURE_DEV_PKG),)
> >>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
> >>> +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
> >>> +	$< $@ \
> >>> +	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
> >>> +else
> >>> +cmd_k3secureimg = echo "WARNING:" \
> >>> +	"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
> >>> +	"$@ was NOT secured!"; cp $< $@
> >>> +endif
> >>> +else
> >>> +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
> >>> +	"variable must be defined for TI secure devices." \
> >>> +	"$@ was NOT secured!"; cp $< $@
> >>> +endif
> >>> +
> >>> +%.dtb_HS: %.dtb FORCE
> >>> +	$(call if_changed,k3secureimg)
> >>> +
> >>> +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
> >>> +	$(call if_changed,k3secureimg)
> >>> +
> >>> +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
> >>> +	$(call if_changed,mkfitimage)
> >>> +
> >>> +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
> >>> +	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> >>> +	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
> >>> +	$(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
> >>
> >> I guess these HS postfixed dtbs will never get cleaned. I see the same issue
> >> with other TI secure devices as well. Can you update the clean rules as well?
> >>
> > 
> > tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried
> 
> Yeah, these should be cleaned as well.
> 
> > adding them to clean-files and CLEAN_FILES, neither worked. Outside of
> 
> looks like clean-files is relative to the current directory. You can
> update arch/arm/dts/Makefile but it might be very generic.
> 
> Tom, any suggestions to clean files in this case?

I guess we need to update clean-files in arch/arm/dts/Makefile then,
yes.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190216/11ac90bb/attachment.sig>

[U-Boot] [PATCH 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded

[Lokesh Vutla]

On 15/02/19 3:21 AM, Andrew F. Davis wrote:
> On 2/13/19 9:32 PM, Lokesh Vutla wrote:
>>
>>
>> On 14/02/19 12:07 AM, Andrew F. Davis wrote:
>>> On HS devices the 512b region of reset isolated memory called
>>> MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
>>> cannot use this memory. It is only used to store a single value
>>> left at the end of SRAM by ROM that will be needed later. Save
>>> that value to a global variable stored in the .data section.
>>> This section is used as .bss will be cleared between saving
>>> this value and using it.
>>>
>>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>>> ---
>>>  arch/arm/mach-k3/am6_init.c                  | 8 +++-----
>>>  arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
>>>  2 files changed, 3 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
>>> index a5553190b4..462538e45d 100644
>>> --- a/arch/arm/mach-k3/am6_init.c
>>> +++ b/arch/arm/mach-k3/am6_init.c
>>> @@ -49,11 +49,11 @@ static void ctrl_mmr_unlock(void)
>>>  	mmr_unlock(CTRL_MMR0_BASE, 7);
>>>  }
>>>  
>>> +u32 bootindex __attribute__((section(".data")));
>>
>> After thinking a bit more I realized that backup bootmode might fail. R5 SPL is
>> fine but when it jumps to A53 SPL it is trying to read the bootindex again from
>> K3_BOOT_PARAM_TABLE_INDEX_VAL(this is already the case and is wrong). It is not
>> guaranteed that R5 SPL did not damage this ROM param table. We should somehow
>> pass bootindex to A53 SPL using scratchpad space.
>>
> 
> I don't know of any super good way to pass data from R5-SPL to A53-SPL,
> but I don't think MCU_PSRAM0 will be the way to do it. For all we know

Agreed.

> before A53-SPL has started the R5-SPL may have shutdown and something
> else has booted, which could have used that MCU local RAM space. I think
> we need something that gets passed to A53 anyway, maybe a DT fixup?

Yeah or we can update spl_boot_list array with both primary and secondary
bootdevices.

Actually this patch as such has no issues and is not introducing any new
regressions.

Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>

For backup boot modes Ill take a look and try to address in a cleaner way.

Thanks and regards,
Lokesh

[U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support

[Andrew F. Davis]

On 2/16/19 4:18 PM, Tom Rini wrote:
> On Fri, Feb 15, 2019 at 05:43:32PM +0530, Lokesh Vutla wrote:
>>
>>
>> On 2/15/2019 4:25 AM, Andrew F. Davis wrote:
>>> On 2/13/19 9:46 PM, Lokesh Vutla wrote:
>>>>
>>>>
>>>> On 14/02/19 12:07 AM, Andrew F. Davis wrote:
>>>>> K3 HS devices require signed binaries for boot, use the SECDEV tools
>>>>> to sign the boot artifacts during build.
>>>>>
>>>>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>>>>> ---
>>>>>  MAINTAINERS                       |  1 +
>>>>>  arch/arm/mach-k3/config.mk        | 25 ++++++++++++++++++
>>>>>  arch/arm/mach-k3/config_secure.mk | 44 +++++++++++++++++++++++++++++++
>>>>>  tools/k3_fit_atf.sh               |  8 ++++--
>>>>>  4 files changed, 76 insertions(+), 2 deletions(-)
>>>>>  create mode 100644 arch/arm/mach-k3/config_secure.mk
>>>>>
>>>>> diff --git a/MAINTAINERS b/MAINTAINERS
>>>>> index 18cdca9447..ac6bd8cfca 100644
>>>>> --- a/MAINTAINERS
>>>>> +++ b/MAINTAINERS
>>>>> @@ -717,6 +717,7 @@ F:	arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
>>>>>  F:	arch/arm/mach-omap2/sec-common.c
>>>>>  F:	arch/arm/mach-omap2/config_secure.mk
>>>>>  F:	arch/arm/mach-k3/security.c
>>>>> +F:	arch/arm/mach-k3/config_secure.mk
>>>>>  F:	configs/am335x_hs_evm_defconfig
>>>>>  F:	configs/am335x_hs_evm_uart_defconfig
>>>>>  F:	configs/am43xx_hs_evm_defconfig
>>>>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
>>>>> index be00d79fb0..2d8f61f9db 100644
>>>>> --- a/arch/arm/mach-k3/config.mk
>>>>> +++ b/arch/arm/mach-k3/config.mk
>>>>> @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed $(SED_OPTS) > u-boo
>>>>>  # If external key is not provided, generate key using openssl.
>>>>>  ifeq ($(CONFIG_SYS_K3_KEY), "")
>>>>>  KEY=u-boot-spl-eckey.pem
>>>>> +# On HS use real key or warn if not available
>>>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>>>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
>>>>> +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
>>>>> +else
>>>>> +$(warning "WARNING: signing key not found. Random key will NOT work on HS hardware!")
>>>>> +endif
>>>>> +endif
>>>>>  else
>>>>>  KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
>>>>>  endif
>>>>> @@ -65,6 +73,15 @@ ALL-y	+= tiboot3.bin
>>>>>  endif
>>>>>  
>>>>>  ifdef CONFIG_ARM64
>>>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>>>> +SPL_ITS := u-boot-spl-k3_HS.its
>>>>> +$(SPL_ITS): FORCE
>>>>> +	IS_HS=1 \
>>>>> +	$(srctree)/tools/k3_fit_atf.sh \
>>>>> +	$(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
>>>>> +
>>>>> +ALL-y	+= tispl.bin_HS
>>>>> +else
>>>>>  SPL_ITS := u-boot-spl-k3.its
>>>>>  $(SPL_ITS): FORCE
>>>>>  	$(srctree)/tools/k3_fit_atf.sh \
>>>>> @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
>>>>>  
>>>>>  ALL-y	+= tispl.bin
>>>>>  endif
>>>>> +endif
>>>>> +
>>>>> +else
>>>>>  
>>>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>>>>> +ALL-y	+= u-boot.img_HS
>>>>>  else
>>>>>  ALL-y	+= u-boot.img
>>>>>  endif
>>>>> +endif
>>>>> +
>>>>> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
>>>>> diff --git a/arch/arm/mach-k3/config_secure.mk b/arch/arm/mach-k3/config_secure.mk
>>>>> new file mode 100644
>>>>> index 0000000000..6d63c57665
>>>>> --- /dev/null
>>>>> +++ b/arch/arm/mach-k3/config_secure.mk
>>>>> @@ -0,0 +1,44 @@
>>>>> +# SPDX-License-Identifier: GPL-2.0
>>>>> +#
>>>>> +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
>>>>> +#	Andrew F. Davis <afd@ti.com>
>>>>> +
>>>>> +quiet_cmd_k3secureimg = SECURE  $@
>>>>> +ifneq ($(TI_SECURE_DEV_PKG),)
>>>>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
>>>>> +cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
>>>>> +	$< $@ \
>>>>> +	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
>>>>> +else
>>>>> +cmd_k3secureimg = echo "WARNING:" \
>>>>> +	"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
>>>>> +	"$@ was NOT secured!"; cp $< $@
>>>>> +endif
>>>>> +else
>>>>> +cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
>>>>> +	"variable must be defined for TI secure devices." \
>>>>> +	"$@ was NOT secured!"; cp $< $@
>>>>> +endif
>>>>> +
>>>>> +%.dtb_HS: %.dtb FORCE
>>>>> +	$(call if_changed,k3secureimg)
>>>>> +
>>>>> +$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
>>>>> +	$(call if_changed,k3secureimg)
>>>>> +
>>>>> +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
>>>>> +	$(call if_changed,mkfitimage)
>>>>> +
>>>>> +MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
>>>>> +	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
>>>>> +	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
>>>>> +	$(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
>>>>
>>>> I guess these HS postfixed dtbs will never get cleaned. I see the same issue
>>>> with other TI secure devices as well. Can you update the clean rules as well?
>>>>
>>>
>>> tiboot3.bin and tispl.bin also don't seem to be getting cleaned. I tried
>>
>> Yeah, these should be cleaned as well.
>>
>>> adding them to clean-files and CLEAN_FILES, neither worked. Outside of
>>
>> looks like clean-files is relative to the current directory. You can
>> update arch/arm/dts/Makefile but it might be very generic.
>>
>> Tom, any suggestions to clean files in this case?
> 
> I guess we need to update clean-files in arch/arm/dts/Makefile then,
> yes.
> 

Then I will update that for all our extra artifacts in a separate patch
on top of this series.

Thanks,
Andrew