Dear Stefano Babic,
Add functions to report the HAB (High Assurance Boot) status of e.g. i.MX6 CPUs.
This is taken from
git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0 cpu/arm_cortexa8/mx6/generic.c include/asm-arm/arch-mx6/mx6_secure.h
Signed-off-by: Stefano Babic sbabic@denx.de
arch/arm/cpu/armv7/mx6/Makefile | 2 +- arch/arm/cpu/armv7/mx6/hab.c | 127 ++++++++++++++++++++++++++++++ arch/arm/include/asm/arch-mx6/hab.h | 80 +++++++++++++++++++ arch/arm/include/asm/arch-mx6/imx-regs.h | 8 +- 4 files changed, 215 insertions(+), 2 deletions(-) create mode 100644 arch/arm/cpu/armv7/mx6/hab.c create mode 100644 arch/arm/include/asm/arch-mx6/hab.h
diff --git a/arch/arm/cpu/armv7/mx6/Makefile b/arch/arm/cpu/armv7/mx6/Makefile index 4f9ca68..7c18f43 100644 --- a/arch/arm/cpu/armv7/mx6/Makefile +++ b/arch/arm/cpu/armv7/mx6/Makefile @@ -27,7 +27,7 @@ include $(TOPDIR)/config.mk
LIB = $(obj)lib$(SOC).o
-COBJS = soc.o clock.o +COBJS = soc.o clock.o hab.o
SRCS := $(SOBJS:.o=.S) $(COBJS:.o=.c) OBJS := $(addprefix $(obj),$(SOBJS) $(COBJS)) diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c new file mode 100644 index 0000000..c3c273f --- /dev/null +++ b/arch/arm/cpu/armv7/mx6/hab.c @@ -0,0 +1,127 @@ +/*
- Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
- See file CREDITS for list of people who contributed to this
- project.
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- MA 02111-1307 USA
- */
+#include <common.h> +#include <asm/io.h> +#if defined(CONFIG_SECURE_BOOT) +#include <asm/arch/hab.h>
+#ifdef CONFIG_SECURE_BOOT +/* -------- start of HAB API updates ------------*/ +#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) +#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) +#define hab_rvt_authenticate_image \
- ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
+#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY) +#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT) +#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
+bool is_hab_enabled(void) +{
- struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
- struct fuse_bank *bank = &ocotp->bank[0];
- struct fuse_bank0_regs *fuse =
(struct fuse_bank0_regs *)bank->fuse_regs;- uint32_t reg = readl(&fuse->cfg5);
- return (reg & 0x2) == 0x2;
+}
+void display_event(uint8_t *event_data, size_t bytes) +{
- uint32_t i;
- if ((event_data) && (bytes > 0)) {
if (!<cond>) return;
<The loop goes here>
for (i = 0; i < bytes; i++) {if (i == 0)printf("\t0x%02x", event_data[i]);else if ((i % 8) == 0)printf("\n\t0x%02x", event_data[i]);elseprintf(" 0x%02x", event_data[i]);}- }
+}
+int get_hab_status(void) +{
- uint32_t index = 0; /* Loop index */
- uint8_t event_data[128]; /* Event data buffer */
- size_t bytes = sizeof(event_data); /* Event size in bytes */
- hab_config_t config = 0;
- hab_state_t state = 0;
- if (is_hab_enabled())
printf("\nSecure boot enabled\n");- else
printf("\nSecure boot disabled\n");
Use puts() instead of printf() with no args.
Otherwise very nice ;-)
Best regards, Marek Vasut