Merge patch series "remoteproc: k3-r5: Build fixes and security improvements"

Philippe Schenker <philippe.schenker@impulsing.ch> says: This series fixes compilation errors when building for R5 cores and addresses a security issue where authenticated images were not being used correctly. Patch 1: Cosmetic removal of duplicate code Patches 2-3: Fix build errors caused by type mismatches between function signatures and the types used in R5 builds. Patches 4-5: fix a bug where ti_secure_image_post_process() relocates images during authentication, but callers were still using the original unverified addresses. Patch 6: Implements is_running operation to allow querying R5F core status. Link: https://lore.kernel.org/r/20251111071756.1257488-1-dev@pschenker.ch
2025-12-22 09:51:28 +01:00 · 2025-11-18 12:50:38 -06:00 · 2025-11-18 12:50:38 -06:00 · abf15eb60c
commit abf15eb60c
parent 96edadab54 0c192f52cf
4 changed files with 26 additions and 8 deletions
--- a/arch/arm/dts/k3-am642-evm-u-boot.dtsi
+++ b/arch/arm/dts/k3-am642-evm-u-boot.dtsi
@ -19,10 +19,6 @@
 	dr_mode="peripheral";
 };

-&main_mmc1_pins_default {
-	bootph-all;
-};
-
 &sdhci0 {
 	bootph-all;
 };
--- a/arch/arm/mach-k3/security.c
+++ b/arch/arm/mach-k3/security.c
@ -119,6 +119,8 @@ void ti_secure_image_post_process(void **p_image, size_t *p_size)
 	 */
 	*p_size = image_size;

+	*p_image = (void *)(uintptr_t)image_addr;
+
 	/*
 	 * Output notification of successful authentication to re-assure the
 	 * user that the secure code is being processed as expected. However
--- a/drivers/remoteproc/ti_k3_r5f_rproc.c
+++ b/drivers/remoteproc/ti_k3_r5f_rproc.c
@ -315,6 +315,7 @@ static int k3_r5f_load(struct udevice *dev, ulong addr, ulong size)
 	bool mem_auto_init;
 	void *image_addr = (void *)addr;
 	int ret;
+	size_t size_img;

 	dev_dbg(dev, "%s addr = 0x%lx, size = 0x%lx\n", __func__, addr, size);

@ -341,15 +342,17 @@ static int k3_r5f_load(struct udevice *dev, ulong addr, ulong size)

 	k3_r5f_init_tcm_memories(core, mem_auto_init);

-	ti_secure_image_post_process(&image_addr, &size);
+	size_img = size;
+	ti_secure_image_post_process(&image_addr, &size_img);
+	size = size_img;

-	ret = rproc_elf_load_image(dev, addr, size);
+	ret = rproc_elf_load_image(dev, (ulong)image_addr, size);
 	if (ret < 0) {
 		dev_err(dev, "Loading elf failedi %d\n", ret);
 		goto proc_release;
 	}

-	boot_vector = rproc_elf_get_boot_addr(dev, addr);
+	boot_vector = rproc_elf_get_boot_addr(dev, (ulong)image_addr);

 	dev_dbg(dev, "%s: Boot vector = 0x%llx\n", __func__, boot_vector);

@ -570,6 +573,22 @@ static void *k3_r5f_da_to_va(struct udevice *dev, ulong da, ulong size, bool *is
 	return map_physmem(da, size, MAP_NOCACHE);
 }

+static int k3_r5f_is_running(struct udevice *dev)
+{
+	struct k3_r5f_core *core = dev_get_priv(dev);
+	u32 cfg, ctrl, sts;
+	u64 boot_vec;
+	int ret;
+
+	dev_dbg(dev, "%s\n", __func__);
+
+	ret = ti_sci_proc_get_status(&core->tsp, &boot_vec, &cfg, &ctrl, &sts);
+	if (ret)
+		return -1;
+
+	return !!(ctrl & PROC_BOOT_CTRL_FLAG_R5_CORE_HALT);
+}
+
 static int k3_r5f_init(struct udevice *dev)
 {
 	return 0;
@ -587,6 +606,7 @@ static const struct dm_rproc_ops k3_r5f_rproc_ops = {
 	.stop = k3_r5f_stop,
 	.load = k3_r5f_load,
 	.device_to_virt = k3_r5f_da_to_va,
+	.is_running = k3_r5f_is_running,
 };

 static int k3_r5f_rproc_configure(struct k3_r5f_core *core)
--- a/drivers/soc/ti/pruss.c
+++ b/drivers/soc/ti/pruss.c
@ -163,7 +163,7 @@ static int pruss_probe(struct udevice *dev)
 	for (i = 0; i < ARRAY_SIZE(mem_names); i++) {
 		idx = ofnode_stringlist_search(memories, "reg-names", mem_names[i]);
 		priv->mem_regions[i].pa = ofnode_get_addr_size_index(memories, idx,
-						       (u64 *)&priv->mem_regions[i].size);
+						       (fdt_size_t *)&priv->mem_regions[i].size);
 	}

 	sub_node = ofnode_find_subnode(node, "cfg");