Table Of Content
This Secure driver provides an interface to secure_load firmware APIs to load a secure partition.
HW IP Features
Features supported in driver
- Sysfs interface to load the secure partition.
- Sysfs interface to load the AES key used to decrypt the secure partition.
Firmware driver is by default enabled for ZynqMP platform. The following config options should be enabled in order to build the ZynqMP firmware driver.
Please note as the data provided in user space will be located in virtual space, linux driver before handing off to ATF converts the data buffers to physical address.
The following config option should be enabled to load secure partition from the Linux.
Create a primary boot image with PMUFW, FSBL, U-boot and ATF. Example .bif is provided below.
Create single partition image (authenticated or encrypted or authenticated + encrypted). The example .bif is provided below.
Points to be noted :
- To view the error code PMU should be built with PM_LOG_LEVEL set to 2
- If load address is not specified in single partition bin , after decryption the image overrides the source.
- If load address is specified in the bif , decrypted image will be stored in the load address.
- Please make sure to release the kernel memory after reading the decrypted image from the load address using below command.
echo 1 > /sys/devices/platform/securefw/secure_load_done
- This driver is currently not available in mainline kernel.
- zynqmp: firmware: Adds a driver for loading secure partition from Linux
- 386d33zynqmp: firmware: Adds a driver for loading secure partition from Linux
- 9d4968 firmware: xilinx: Handle error pointer correctly
- b1331d zynqmp-secure: Fix for crash seen with secure image loading
- 07bb52 firmware: zynqmp-secure: Correct error handling for secure_load
- 6a6344 drivers: Defer probe if firmware is not ready
- 3f9e46drivers: xilinx: Reorganize firmware driver for zynqmp