From: Ye Li Date: Mon, 28 Apr 2025 10:37:36 +0000 (+0800) Subject: spl: imx: use trampoline buffer to load images to secure region X-Git-Tag: v2025.07-rc2~36^2~11 X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f8b24d5cc34e5c4c466a29539e5a01b14423cac;p=pandora-u-boot.git spl: imx: use trampoline buffer to load images to secure region When SPL loading image to secure region, for example, ATF and tee to DDR secure region. Because the USDHC controller is non-secure master, it can't access this region and will cause loading issue. So use a trampoline buffer in non-secure region, then use CPU to copy the image from trampoline buffer to destination secure region. Signed-off-by: Ye Li Signed-off-by: Alice Guo Reviewed-by: Peng Fan --- diff --git a/arch/arm/mach-imx/imx9/scmi/soc.c b/arch/arm/mach-imx/imx9/scmi/soc.c index 3a5bdddd785..d2b0455bff9 100644 --- a/arch/arm/mach-imx/imx9/scmi/soc.c +++ b/arch/arm/mach-imx/imx9/scmi/soc.c @@ -729,3 +729,21 @@ enum boot_device get_boot_device(void) return boot_dev; } #endif + +bool arch_check_dst_in_secure(void *start, ulong size) +{ + ulong ns_end = CFG_SYS_SDRAM_BASE + PHYS_SDRAM_SIZE; +#ifdef PHYS_SDRAM_2_SIZE + ns_end += PHYS_SDRAM_2_SIZE; +#endif + + if ((ulong)start < CFG_SYS_SDRAM_BASE || (ulong)start + size > ns_end) + return true; + + return false; +} + +void *arch_get_container_trampoline(void) +{ + return (void *)((ulong)CFG_SYS_SDRAM_BASE + PHYS_SDRAM_SIZE - SZ_16M); +} diff --git a/common/spl/Kconfig b/common/spl/Kconfig index b076f49ac00..0bc96d0a781 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -363,6 +363,12 @@ config SPL_LOAD_IMX_CONTAINER Support booting U-Boot from an i.MX8 container image. If you are not using i.MX8, say 'n'. +config SPL_IMX_CONTAINER_USE_TRAMPOLINE + bool + depends on SPL + help + Enable SPL load reader to load data to a trampoline buffer. + config IMX_CONTAINER_CFG string "i.MX8 Container config file" depends on SPL && SPL_LOAD_IMX_CONTAINER diff --git a/common/spl/spl_imx_container.c b/common/spl/spl_imx_container.c index 2c31777fcd3..b3565efb225 100644 --- a/common/spl/spl_imx_container.c +++ b/common/spl/spl_imx_container.c @@ -14,6 +14,16 @@ #include #endif +__weak bool arch_check_dst_in_secure(void *start, ulong size) +{ + return false; +} + +__weak void *arch_get_container_trampoline(void) +{ + return NULL; +} + static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, struct spl_load_info *info, struct container_hdr *container, @@ -22,6 +32,7 @@ static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, { struct boot_img_t *images; ulong offset, overhead, size; + void *buf, *trampoline; if (image_index > container->num_images) { debug("Invalid image number\n"); @@ -42,12 +53,27 @@ static struct boot_img_t *read_auth_image(struct spl_image_info *spl_image, debug("%s: container: %p offset: %lu size: %lu\n", __func__, container, offset, size); - if (info->read(info, offset, size, - map_sysmem(images[image_index].dst - overhead, - images[image_index].size)) < - images[image_index].size) { - printf("%s wrong\n", __func__); - return NULL; + + buf = map_sysmem(images[image_index].dst - overhead, images[image_index].size); + if (IS_ENABLED(CONFIG_SPL_IMX_CONTAINER_USE_TRAMPOLINE) && + arch_check_dst_in_secure(buf, size)) { + trampoline = arch_get_container_trampoline(); + if (!trampoline) { + printf("%s: trampoline size is zero\n", __func__); + return NULL; + } + + if (info->read(info, offset, size, trampoline) < images[image_index].size) { + printf("%s: failed to load image to a trampoline buffer\n", __func__); + return NULL; + } + + memcpy(buf, trampoline, images[image_index].size); + } else { + if (info->read(info, offset, size, buf) < images[image_index].size) { + printf("%s: failed to load image to a non-secure region\n", __func__); + return NULL; + } } #ifdef CONFIG_AHAB_BOOT