Message ID | 20211005111324.19749-1-jorge@foundries.io |
---|---|
State | Changes Requested |
Delegated to: | Michal Simek |
Headers | show |
Series | arm64: zynqmp: Print the secure boot status information in EL3 | expand |
Hi Jorge, On Tue, Oct 5, 2021 at 2:13 PM Jorge Ramirez-Ortiz <jorge@foundries.io> wrote: > > Confirm the secure boot configuration on the console. > > Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> > --- > arch/arm/mach-zynqmp/include/mach/hardware.h | 3 ++- > board/xilinx/zynqmp/zynqmp.c | 16 +++++++++++++++- > 2 files changed, 17 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-zynqmp/include/mach/hardware.h b/arch/arm/mach-zynqmp/include/mach/hardware.h > index 3776499070..3d3ffa086e 100644 > --- a/arch/arm/mach-zynqmp/include/mach/hardware.h > +++ b/arch/arm/mach-zynqmp/include/mach/hardware.h > @@ -139,7 +139,8 @@ struct apu_regs { > #define ZYNQMP_SILICON_VER_SHIFT 0 > > struct csu_regs { > - u32 reserved0[4]; > + u32 status; > + u32 reserved0[3]; > u32 multi_boot; > u32 reserved1[11]; > u32 idcode; > diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c > index 1748fec2e4..b7d11630d1 100644 > --- a/board/xilinx/zynqmp/zynqmp.c > +++ b/board/xilinx/zynqmp/zynqmp.c > @@ -355,6 +355,18 @@ static int multi_boot(void) > return 0; > } > > +static void secure_boot(void) > +{ > + u32 status; > + > + status = readl(&csu_base->status); > + if (status & (BIT(0) | BIT(1))) { > + printf("Secure Boot:\t%s%s\n", > + status & BIT(0) ? "authenticated" : "not authenticated", > + status & BIT(1) ? ", encrypted" : ", not encrypted"); > + } > +} > + > #define PS_SYSMON_ANALOG_BUS_VAL 0x3210 > #define PS_SYSMON_ANALOG_BUS_REG 0xFFA50914 > > @@ -391,8 +403,10 @@ int board_init(void) > fpga_add(fpga_xilinx, &zynqmppl); > #endif > > - if (current_el() == 3) > + if (current_el() == 3) { > multi_boot(); > + secure_boot(); > + } > > return 0; > } > -- > 2.31.1 > Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
On Tue, Oct 5, 2021 at 2:13 PM Jorge Ramirez-Ortiz <jorge@foundries.io> wrote: > > Confirm the secure boot configuration on the console. > > Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> > --- > arch/arm/mach-zynqmp/include/mach/hardware.h | 3 ++- > board/xilinx/zynqmp/zynqmp.c | 16 +++++++++++++++- > 2 files changed, 17 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-zynqmp/include/mach/hardware.h b/arch/arm/mach-zynqmp/include/mach/hardware.h > index 3776499070..3d3ffa086e 100644 > --- a/arch/arm/mach-zynqmp/include/mach/hardware.h > +++ b/arch/arm/mach-zynqmp/include/mach/hardware.h > @@ -139,7 +139,8 @@ struct apu_regs { > #define ZYNQMP_SILICON_VER_SHIFT 0 > > struct csu_regs { > - u32 reserved0[4]; > + u32 status; > + u32 reserved0[3]; > u32 multi_boot; > u32 reserved1[11]; > u32 idcode; > diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c > index 1748fec2e4..b7d11630d1 100644 > --- a/board/xilinx/zynqmp/zynqmp.c > +++ b/board/xilinx/zynqmp/zynqmp.c > @@ -355,6 +355,18 @@ static int multi_boot(void) > return 0; > } > > +static void secure_boot(void) > +{ > + u32 status; > + > + status = readl(&csu_base->status); > + if (status & (BIT(0) | BIT(1))) { > + printf("Secure Boot:\t%s%s\n", > + status & BIT(0) ? "authenticated" : "not authenticated", > + status & BIT(1) ? ", encrypted" : ", not encrypted"); > + } > +} > + > #define PS_SYSMON_ANALOG_BUS_VAL 0x3210 > #define PS_SYSMON_ANALOG_BUS_REG 0xFFA50914 > > @@ -391,8 +403,10 @@ int board_init(void) > fpga_add(fpga_xilinx, &zynqmppl); > #endif > > - if (current_el() == 3) > + if (current_el() == 3) { > multi_boot(); > + secure_boot(); > + } > > return 0; > } > -- > 2.31.1 > -- Best regards Oleksandr Oleksandr Suvorov cryosay@gmail.com
On 10/5/21 1:13 PM, Jorge Ramirez-Ortiz wrote: > Confirm the secure boot configuration on the console. > > Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> > --- > arch/arm/mach-zynqmp/include/mach/hardware.h | 3 ++- > board/xilinx/zynqmp/zynqmp.c | 16 +++++++++++++++- > 2 files changed, 17 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-zynqmp/include/mach/hardware.h b/arch/arm/mach-zynqmp/include/mach/hardware.h > index 3776499070..3d3ffa086e 100644 > --- a/arch/arm/mach-zynqmp/include/mach/hardware.h > +++ b/arch/arm/mach-zynqmp/include/mach/hardware.h > @@ -139,7 +139,8 @@ struct apu_regs { > #define ZYNQMP_SILICON_VER_SHIFT 0 > > struct csu_regs { > - u32 reserved0[4]; > + u32 status; > + u32 reserved0[3]; > u32 multi_boot; > u32 reserved1[11]; > u32 idcode; > diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c > index 1748fec2e4..b7d11630d1 100644 > --- a/board/xilinx/zynqmp/zynqmp.c > +++ b/board/xilinx/zynqmp/zynqmp.c > @@ -355,6 +355,18 @@ static int multi_boot(void) > return 0; > } > > +static void secure_boot(void) > +{ > + u32 status; > + > + status = readl(&csu_base->status); I would prefer to use zynqmp_mmio_read instead to make sure that we can call this function also from regular u-boot not running in EL3. For SPL it will be just readl what you have here too. > + if (status & (BIT(0) | BIT(1))) { > + printf("Secure Boot:\t%s%s\n", > + status & BIT(0) ? "authenticated" : "not authenticated", > + status & BIT(1) ? ", encrypted" : ", not encrypted"); It is pretty much visible that instead of BIT(X) you should use macros. > + } > +} > + > #define PS_SYSMON_ANALOG_BUS_VAL 0x3210 > #define PS_SYSMON_ANALOG_BUS_REG 0xFFA50914 > > @@ -391,8 +403,10 @@ int board_init(void) > fpga_add(fpga_xilinx, &zynqmppl); > #endif > > - if (current_el() == 3) > + if (current_el() == 3) { > multi_boot(); This code has changed a little bit. Please use the latest u-boot version. > + secure_boot(); Is it useful to get information only for SPL in EL3? Just asking. > + } > > return 0; > } > Thanks, Michal
diff --git a/arch/arm/mach-zynqmp/include/mach/hardware.h b/arch/arm/mach-zynqmp/include/mach/hardware.h index 3776499070..3d3ffa086e 100644 --- a/arch/arm/mach-zynqmp/include/mach/hardware.h +++ b/arch/arm/mach-zynqmp/include/mach/hardware.h @@ -139,7 +139,8 @@ struct apu_regs { #define ZYNQMP_SILICON_VER_SHIFT 0 struct csu_regs { - u32 reserved0[4]; + u32 status; + u32 reserved0[3]; u32 multi_boot; u32 reserved1[11]; u32 idcode; diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c index 1748fec2e4..b7d11630d1 100644 --- a/board/xilinx/zynqmp/zynqmp.c +++ b/board/xilinx/zynqmp/zynqmp.c @@ -355,6 +355,18 @@ static int multi_boot(void) return 0; } +static void secure_boot(void) +{ + u32 status; + + status = readl(&csu_base->status); + if (status & (BIT(0) | BIT(1))) { + printf("Secure Boot:\t%s%s\n", + status & BIT(0) ? "authenticated" : "not authenticated", + status & BIT(1) ? ", encrypted" : ", not encrypted"); + } +} + #define PS_SYSMON_ANALOG_BUS_VAL 0x3210 #define PS_SYSMON_ANALOG_BUS_REG 0xFFA50914 @@ -391,8 +403,10 @@ int board_init(void) fpga_add(fpga_xilinx, &zynqmppl); #endif - if (current_el() == 3) + if (current_el() == 3) { multi_boot(); + secure_boot(); + } return 0; }
Confirm the secure boot configuration on the console. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> --- arch/arm/mach-zynqmp/include/mach/hardware.h | 3 ++- board/xilinx/zynqmp/zynqmp.c | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-)