Message ID | 20231106104152.140495-1-igor.opaniuk@foundries.io |
---|---|
State | Accepted |
Commit | c205fe979ebc1961cf28555c00e24a9004761366 |
Delegated to: | Patrice Chotard |
Headers | show |
Series | [v1] stm32mp1: read auth stats and boot_partition from tamp | expand |
On 11/6/23 11:41, Igor Opaniuk wrote: > Obtain from TAMP backup register information about image authorization > status and partition id used for booting. Store this info in > environmental variables ("boot_auth" and "boot_part" correspondingly). > > Image authorization supported values: > 0x0 - No authentication done > 0x1 - Authentication done and failed > 0x2 - Authentication done and succeeded > > These values are stored to TAMP backup register by Trusted Firmware-A [1]. > > Testing: > STM32MP> print boot_part > boot_part=1 > STM32MP> print boot_auth > boot_auth=2 > > [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/heads/integration&id=ab2b325c1ab895e626d4e11a9f26b9e7c968f8d8 > > Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> > Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> > Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> > > --- > > arch/arm/mach-stm32mp/cpu.c | 23 +++++++++++++++++++ > arch/arm/mach-stm32mp/include/mach/stm32.h | 4 ++++ > .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++ > 3 files changed, 30 insertions(+) > > diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c > index e07abbe21c1..ba5942848bd 100644 > --- a/arch/arm/mach-stm32mp/cpu.c > +++ b/arch/arm/mach-stm32mp/cpu.c > @@ -40,6 +40,13 @@ u32 get_bootmode(void) > TAMP_BOOT_MODE_SHIFT; > } > > +u32 get_bootauth(void) > +{ > + /* read boot auth status and partition from TAMP backup register */ > + return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >> > + TAMP_BOOT_AUTH_SHIFT; > +} > + > /* > * weak function overidde: set the DDR/SYSRAM executable before to enable the > * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc) > @@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void) > { > } > > +static int setup_boot_auth_info(void) > +{ > + char buf[10]; > + u32 bootauth = get_bootauth(); > + > + snprintf(buf, sizeof(buf), "%d", bootauth >> 4); > + env_set("boot_auth", buf); > + > + snprintf(buf, sizeof(buf), "%d", bootauth & > + (u32)TAMP_BOOT_PARTITION_MASK); > + env_set("boot_part", buf); > + > + return 0; > +} > + > int arch_misc_init(void) > { > + setup_boot_auth_info(); > setup_boot_mode(); > setup_mac_address(); > setup_serial_number(); > diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h > index 1cdc5e3b186..ac0deced67e 100644 > --- a/arch/arm/mach-stm32mp/include/mach/stm32.h > +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h > @@ -139,8 +139,12 @@ enum boot_device { > > #define TAMP_BOOT_MODE_MASK GENMASK(15, 8) > #define TAMP_BOOT_MODE_SHIFT 8 > +#define TAMP_BOOT_AUTH_MASK GENMASK(23, 16) > +#define TAMP_BOOT_AUTH_SHIFT 16 > #define TAMP_BOOT_DEVICE_MASK GENMASK(7, 4) > #define TAMP_BOOT_INSTANCE_MASK GENMASK(3, 0) > +#define TAMP_BOOT_AUTH_ST_MASK GENMASK(7, 4) > +#define TAMP_BOOT_PARTITION_MASK GENMASK(3, 0) > #define TAMP_BOOT_FORCED_MASK GENMASK(7, 0) > > enum forced_boot_mode { > diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h > index 83fb32a45fc..52aca1e23e1 100644 > --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h > +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h > @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]); > /* return boot mode */ > u32 get_bootmode(void); > > +/* return auth status and partition */ > +u32 get_bootauth(void); > + > int get_eth_nb(void); > int setup_mac_address(void); > Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com> Thanks Patrice
On 11/9/23 08:47, Patrice CHOTARD wrote: > > > On 11/6/23 11:41, Igor Opaniuk wrote: >> Obtain from TAMP backup register information about image authorization >> status and partition id used for booting. Store this info in >> environmental variables ("boot_auth" and "boot_part" correspondingly). >> >> Image authorization supported values: >> 0x0 - No authentication done >> 0x1 - Authentication done and failed >> 0x2 - Authentication done and succeeded >> >> These values are stored to TAMP backup register by Trusted Firmware-A [1]. >> >> Testing: >> STM32MP> print boot_part >> boot_part=1 >> STM32MP> print boot_auth >> boot_auth=2 >> >> [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/heads/integration&id=ab2b325c1ab895e626d4e11a9f26b9e7c968f8d8 >> >> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> >> Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> >> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> >> >> --- >> >> arch/arm/mach-stm32mp/cpu.c | 23 +++++++++++++++++++ >> arch/arm/mach-stm32mp/include/mach/stm32.h | 4 ++++ >> .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++ >> 3 files changed, 30 insertions(+) >> >> diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c >> index e07abbe21c1..ba5942848bd 100644 >> --- a/arch/arm/mach-stm32mp/cpu.c >> +++ b/arch/arm/mach-stm32mp/cpu.c >> @@ -40,6 +40,13 @@ u32 get_bootmode(void) >> TAMP_BOOT_MODE_SHIFT; >> } >> >> +u32 get_bootauth(void) >> +{ >> + /* read boot auth status and partition from TAMP backup register */ >> + return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >> >> + TAMP_BOOT_AUTH_SHIFT; >> +} >> + >> /* >> * weak function overidde: set the DDR/SYSRAM executable before to enable the >> * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc) >> @@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void) >> { >> } >> >> +static int setup_boot_auth_info(void) >> +{ >> + char buf[10]; >> + u32 bootauth = get_bootauth(); >> + >> + snprintf(buf, sizeof(buf), "%d", bootauth >> 4); >> + env_set("boot_auth", buf); >> + >> + snprintf(buf, sizeof(buf), "%d", bootauth & >> + (u32)TAMP_BOOT_PARTITION_MASK); >> + env_set("boot_part", buf); >> + >> + return 0; >> +} >> + >> int arch_misc_init(void) >> { >> + setup_boot_auth_info(); >> setup_boot_mode(); >> setup_mac_address(); >> setup_serial_number(); >> diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h >> index 1cdc5e3b186..ac0deced67e 100644 >> --- a/arch/arm/mach-stm32mp/include/mach/stm32.h >> +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h >> @@ -139,8 +139,12 @@ enum boot_device { >> >> #define TAMP_BOOT_MODE_MASK GENMASK(15, 8) >> #define TAMP_BOOT_MODE_SHIFT 8 >> +#define TAMP_BOOT_AUTH_MASK GENMASK(23, 16) >> +#define TAMP_BOOT_AUTH_SHIFT 16 >> #define TAMP_BOOT_DEVICE_MASK GENMASK(7, 4) >> #define TAMP_BOOT_INSTANCE_MASK GENMASK(3, 0) >> +#define TAMP_BOOT_AUTH_ST_MASK GENMASK(7, 4) >> +#define TAMP_BOOT_PARTITION_MASK GENMASK(3, 0) >> #define TAMP_BOOT_FORCED_MASK GENMASK(7, 0) >> >> enum forced_boot_mode { >> diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h >> index 83fb32a45fc..52aca1e23e1 100644 >> --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h >> +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h >> @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]); >> /* return boot mode */ >> u32 get_bootmode(void); >> >> +/* return auth status and partition */ >> +u32 get_bootauth(void); >> + >> int get_eth_nb(void); >> int setup_mac_address(void); >> > > Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com> > > Thanks > Patrice > _______________________________________________ > Uboot-stm32 mailing list > Uboot-stm32@st-md-mailman.stormreply.com > https://st-md-mailman.stormreply.com/mailman/listinfo/uboot-stm32 Applied to u-boot-stm32/master Thanks Patrice
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c index e07abbe21c1..ba5942848bd 100644 --- a/arch/arm/mach-stm32mp/cpu.c +++ b/arch/arm/mach-stm32mp/cpu.c @@ -40,6 +40,13 @@ u32 get_bootmode(void) TAMP_BOOT_MODE_SHIFT; } +u32 get_bootauth(void) +{ + /* read boot auth status and partition from TAMP backup register */ + return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >> + TAMP_BOOT_AUTH_SHIFT; +} + /* * weak function overidde: set the DDR/SYSRAM executable before to enable the * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc) @@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void) { } +static int setup_boot_auth_info(void) +{ + char buf[10]; + u32 bootauth = get_bootauth(); + + snprintf(buf, sizeof(buf), "%d", bootauth >> 4); + env_set("boot_auth", buf); + + snprintf(buf, sizeof(buf), "%d", bootauth & + (u32)TAMP_BOOT_PARTITION_MASK); + env_set("boot_part", buf); + + return 0; +} + int arch_misc_init(void) { + setup_boot_auth_info(); setup_boot_mode(); setup_mac_address(); setup_serial_number(); diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h index 1cdc5e3b186..ac0deced67e 100644 --- a/arch/arm/mach-stm32mp/include/mach/stm32.h +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h @@ -139,8 +139,12 @@ enum boot_device { #define TAMP_BOOT_MODE_MASK GENMASK(15, 8) #define TAMP_BOOT_MODE_SHIFT 8 +#define TAMP_BOOT_AUTH_MASK GENMASK(23, 16) +#define TAMP_BOOT_AUTH_SHIFT 16 #define TAMP_BOOT_DEVICE_MASK GENMASK(7, 4) #define TAMP_BOOT_INSTANCE_MASK GENMASK(3, 0) +#define TAMP_BOOT_AUTH_ST_MASK GENMASK(7, 4) +#define TAMP_BOOT_PARTITION_MASK GENMASK(3, 0) #define TAMP_BOOT_FORCED_MASK GENMASK(7, 0) enum forced_boot_mode { diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h index 83fb32a45fc..52aca1e23e1 100644 --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]); /* return boot mode */ u32 get_bootmode(void); +/* return auth status and partition */ +u32 get_bootauth(void); + int get_eth_nb(void); int setup_mac_address(void);