From a0379c6fe3bfac4e0d7633830b9d23166f3edacf Mon Sep 17 00:00:00 2001 From: Andrew Davis Date: Fri, 15 Jul 2022 11:34:34 -0500 Subject: [PATCH] arm: mach-k3: security: Bypass image signing at runtime for GP devices We can skip the image authentication check at runtime if the device is GP. This reduces the delta between GP and HS U-Boot builds. End goal is to re-unify the two build types into one build that can run on all device types. Signed-off-by: Andrew Davis --- arch/arm/mach-k3/Makefile | 3 +-- arch/arm/mach-k3/common.c | 2 -- arch/arm/mach-k3/security.c | 3 +++ 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile index 0dce8802db..6ac2b61c3d 100644 --- a/arch/arm/mach-k3/Makefile +++ b/arch/arm/mach-k3/Makefile @@ -8,7 +8,6 @@ obj-$(CONFIG_SOC_K3_J721S2) += j721s2/ obj-$(CONFIG_SOC_K3_AM625) += am62x/ obj-$(CONFIG_ARM64) += arm64-mmu.o obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o -obj-$(CONFIG_TI_SECURE_DEVICE) += security.o obj-$(CONFIG_ARM64) += cache.o ifeq ($(CONFIG_SPL_BUILD),y) obj-$(CONFIG_SOC_K3_AM654) += am654_init.o @@ -18,4 +17,4 @@ obj-$(CONFIG_SOC_K3_AM642) += am642_init.o obj-$(CONFIG_SOC_K3_AM625) += am625_init.o obj-$(CONFIG_K3_LOAD_SYSFW) += sysfw-loader.o endif -obj-y += common.o +obj-y += common.o security.o diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c index ac14975694..3962f2800f 100644 --- a/arch/arm/mach-k3/common.c +++ b/arch/arm/mach-k3/common.c @@ -290,9 +290,7 @@ void board_fit_image_post_process(const void *fit, int node, void **p_image, } #endif -#if IS_ENABLED(CONFIG_TI_SECURE_DEVICE) ti_secure_image_post_process(p_image, p_size); -#endif } #endif diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c index 5bfcecd44d..add7f413a4 100644 --- a/arch/arm/mach-k3/security.c +++ b/arch/arm/mach-k3/security.c @@ -41,6 +41,9 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size) image_addr = (uintptr_t)*p_image; image_size = *p_size; + if (!image_size || get_device_type() == K3_DEVICE_TYPE_GP) + return; + if (get_device_type() != K3_DEVICE_TYPE_HS_SE && !ti_secure_cert_detected(*p_image)) { printf("Warning: Did not detect image signing certificate. " -- 2.39.5