From 5b30e27a8e69473779de0c0873ce534412f1499c Mon Sep 17 00:00:00 2001
From: Kavin A <quic_kavia@quicinc.com>
Date: Fri, 7 Jan 2022 11:49:23 +0530
Subject: [PATCH 1/3] ipq9574: Remove "NSSUTCM.BIN" from crashdump collection

Change-Id: I2d0d03cc4885c1bd2cc51efb806b196bfe0cc654
Signed-off-by: Kavin A <quic_kavia@quicinc.com>
---
 board/qca/arm/ipq9574/ipq9574.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/board/qca/arm/ipq9574/ipq9574.c b/board/qca/arm/ipq9574/ipq9574.c
index bb2e457186..62e648d598 100644
--- a/board/qca/arm/ipq9574/ipq9574.c
+++ b/board/qca/arm/ipq9574/ipq9574.c
@@ -1321,7 +1321,6 @@ struct dumpinfo_t dumpinfo_n[] = {
 	{ "DATARAM.BIN", 0x00290000, 0x00014000, 0 },
 	{ "MSGRAM.BIN", 0x00060000, 0x00006000, 1 },
 	{ "IMEM.BIN", 0x08600000, 0x00001000, 0 },
-	{ "NSSUTCM.BIN", 0x08600658, 0x00030000, 0, 1, 0x2000 },
 	{ "UNAME.BIN", 0, 0, 0, 0, 0, MINIMAL_DUMP },
 	{ "CPU_INFO.BIN", 0, 0, 0, 0, 0, MINIMAL_DUMP },
 	{ "DMESG.BIN", 0, 0, 0, 0, 0, MINIMAL_DUMP },
@@ -1345,7 +1344,6 @@ struct dumpinfo_t dumpinfo_s[] = {
 	{ "DATARAM.BIN", 0x00290000, 0x00014000, 0 },
 	{ "MSGRAM.BIN", 0x00060000, 0x00006000, 1 },
 	{ "IMEM.BIN", 0x08600000, 0x00001000, 0 },
-	{ "NSSUTCM.BIN", 0x08600658, 0x00030000, 0, 1, 0x2000 },
 	{ "UNAME.BIN", 0, 0, 0, 0, 0, MINIMAL_DUMP },
 	{ "CPU_INFO.BIN", 0, 0, 0, 0, 0, MINIMAL_DUMP },
 	{ "DMESG.BIN", 0, 0, 0, 0, 0, MINIMAL_DUMP },

From 92575b1451b54de69bf8db306b71dcbfed322ede Mon Sep 17 00:00:00 2001
From: Anusha Rao <quic_anusha@quicinc.com>
Date: Tue, 4 Jan 2022 16:26:33 +0530
Subject: [PATCH 2/3] ipq: Clear kernel & rootfs headers after authentication

After secure sysupgrade, uboot/TZ successfully authenticates
rootfs even if the signature & certificates are not appended
to kernel image. This is because the header and certificates
copied to DDR memory before sysupgrade is retained. Updated
the code to clear this DDR memory after authentication.

Change-Id: Ic2331326baefc945c217a507d4379951dba821ab
Signed-off-by: Anusha Rao <quic_anusha@quicinc.com>
Signed-off-by: Timple Raj M <quic_timple@quicinc.com>
---
 board/qca/arm/common/cmd_bootqca.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/board/qca/arm/common/cmd_bootqca.c b/board/qca/arm/common/cmd_bootqca.c
index 74a5295df5..48ca377278 100644
--- a/board/qca/arm/common/cmd_bootqca.c
+++ b/board/qca/arm/common/cmd_bootqca.c
@@ -307,9 +307,9 @@ static int parse_elf_image_phdr(image_info *img_info, unsigned int addr)
 #ifdef CONFIG_IPQ_ROOTFS_AUTH
 static int copy_rootfs(unsigned int request, uint32_t size)
 {
-	int ret;
 	char runcmd[256];
 #ifdef CONFIG_QCA_MMC
+	int ret;
 	block_dev_desc_t *blk_dev;
 	disk_partition_t disk_info;
 	unsigned int active_part = 0;
@@ -401,6 +401,11 @@ static int authenticate_rootfs(unsigned int kernel_addr)
 	rootfs_img_info.size = sizeof(mbn_header_t) + mbn_ptr->image_size;
 
 	ret = qca_scm_secure_authenticate(&rootfs_img_info, sizeof(rootfs_img_info));
+
+	memset((void *)kernel_img_info.kernel_load_addr,  0, sizeof(mbn_header_t));
+	memset(mbn_ptr,  0,
+		(sizeof(mbn_header_t) + mbn_ptr->signature_size + mbn_ptr->cert_chain_size));
+
 	if (ret)
 		return CMD_RET_FAILURE;
 
@@ -435,6 +440,7 @@ static int authenticate_rootfs_elf(unsigned int rootfs_hdr)
 
 	rootfs_img_info.size = img_info.img_offset + img_info.img_size;
 	ret = qca_scm_secure_authenticate(&rootfs_img_info, sizeof(rootfs_img_info));
+	memset((void *)rootfs_hdr, 0, img_info.img_offset);
 	if (ret)
 		return CMD_RET_FAILURE;
 
@@ -635,6 +641,7 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a
 	setenv("mtdids", mtdids);
 
 #ifndef CONFIG_IPQ_ELF_AUTH
+	mbn_header_t * mbn_ptr = (mbn_header_t *) request;
 	request += sizeof(mbn_header_t);
 #else
 	kernel_img_info.kernel_load_addr = request;
@@ -649,6 +656,11 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a
 
 	ret = qca_scm_auth_kernel(&kernel_img_info,
 			sizeof(kernel_img_info));
+#ifndef CONFIG_IPQ_ELF_AUTH
+	memset((void *)mbn_ptr->signature_ptr, 0,(mbn_ptr->signature_size + mbn_ptr->cert_chain_size));
+#else
+	memset((void *)kernel_img_info.kernel_load_addr,  0, img_info.img_offset);
+#endif
 	if (ret) {
 		printf("Kernel image authentication failed \n");
 		BUG();

From e3d7e0235794f5593fb450acbf2466d4b373a887 Mon Sep 17 00:00:00 2001
From: Kavin A <quic_kavia@quicinc.com>
Date: Wed, 12 Jan 2022 15:08:50 +0530
Subject: [PATCH 3/3] fdt_fixup: Update path for the node
 "qti,scm_restart_reason"

This change will fetch "qti,scm_restart_reason" node
from soc node, if it is not available under root node.

Change-Id: I2328dee16d0133be54abd9f565a1a34afb8241b6
Signed-off-by: Kavin A <quic_kavia@quicinc.com>
---
 board/qca/arm/common/fdt_fixup.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/board/qca/arm/common/fdt_fixup.c b/board/qca/arm/common/fdt_fixup.c
index e74c0ac2c2..ca56a84070 100644
--- a/board/qca/arm/common/fdt_fixup.c
+++ b/board/qca/arm/common/fdt_fixup.c
@@ -400,8 +400,11 @@ void ipq_fdt_mem_rsvd_fixup(void *blob)
 	if (nodeoff < 0) {
 		nodeoff = fdt_path_offset(blob, "/qti,scm_restart_reason");
 		if (nodeoff < 0) {
-			debug("fdt-fixup: unable to find compatible node\n");
-			return;
+			nodeoff = fdt_path_offset(blob, "/soc/qti,scm_restart_reason");
+			if (nodeoff < 0) {
+				debug("fdt-fixup: unable to find compatible node\n");
+				return;
+			}
 		}
 	}