[PATCH v1] stm32mp1: read auth stats and boot_partition from tamp
Obtain from TAMP backup register information about image authorization status and partition id used for booting. Store this info in environmental variables ("boot_auth" and "boot_part" correspondingly).
Image authorization supported values: 0x0 - No authentication done 0x1 - Authentication done and failed 0x2 - Authentication done and succeeded
These values are stored to TAMP backup register by Trusted Firmware-A [1].
Testing: STM32MP> print boot_part boot_part=1 STM32MP> print boot_auth boot_auth=2
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/h...
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io Co-developed-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io Signed-off-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io
---
arch/arm/mach-stm32mp/cpu.c | 23 +++++++++++++++++++ arch/arm/mach-stm32mp/include/mach/stm32.h | 4 ++++ .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++ 3 files changed, 30 insertions(+)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c index e07abbe21c1..ba5942848bd 100644 --- a/arch/arm/mach-stm32mp/cpu.c +++ b/arch/arm/mach-stm32mp/cpu.c @@ -40,6 +40,13 @@ u32 get_bootmode(void) TAMP_BOOT_MODE_SHIFT; }
+u32 get_bootauth(void) +{ + /* read boot auth status and partition from TAMP backup register */ + return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >> + TAMP_BOOT_AUTH_SHIFT; +} + /* * weak function overidde: set the DDR/SYSRAM executable before to enable the * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc) @@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void) { }
+static int setup_boot_auth_info(void) +{ + char buf[10]; + u32 bootauth = get_bootauth(); + + snprintf(buf, sizeof(buf), "%d", bootauth >> 4); + env_set("boot_auth", buf); + + snprintf(buf, sizeof(buf), "%d", bootauth & + (u32)TAMP_BOOT_PARTITION_MASK); + env_set("boot_part", buf); + + return 0; +} + int arch_misc_init(void) { + setup_boot_auth_info(); setup_boot_mode(); setup_mac_address(); setup_serial_number(); diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h index 1cdc5e3b186..ac0deced67e 100644 --- a/arch/arm/mach-stm32mp/include/mach/stm32.h +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h @@ -139,8 +139,12 @@ enum boot_device {
#define TAMP_BOOT_MODE_MASK GENMASK(15, 8) #define TAMP_BOOT_MODE_SHIFT 8 +#define TAMP_BOOT_AUTH_MASK GENMASK(23, 16) +#define TAMP_BOOT_AUTH_SHIFT 16 #define TAMP_BOOT_DEVICE_MASK GENMASK(7, 4) #define TAMP_BOOT_INSTANCE_MASK GENMASK(3, 0) +#define TAMP_BOOT_AUTH_ST_MASK GENMASK(7, 4) +#define TAMP_BOOT_PARTITION_MASK GENMASK(3, 0) #define TAMP_BOOT_FORCED_MASK GENMASK(7, 0)
enum forced_boot_mode { diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h index 83fb32a45fc..52aca1e23e1 100644 --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]); /* return boot mode */ u32 get_bootmode(void);
+/* return auth status and partition */ +u32 get_bootauth(void); + int get_eth_nb(void); int setup_mac_address(void);
On 11/6/23 11:41, Igor Opaniuk wrote:
Obtain from TAMP backup register information about image authorization status and partition id used for booting. Store this info in environmental variables ("boot_auth" and "boot_part" correspondingly).
Image authorization supported values: 0x0 - No authentication done 0x1 - Authentication done and failed 0x2 - Authentication done and succeeded
These values are stored to TAMP backup register by Trusted Firmware-A [1].
Testing: STM32MP> print boot_part boot_part=1 STM32MP> print boot_auth boot_auth=2
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/h...
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io Co-developed-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io Signed-off-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io
arch/arm/mach-stm32mp/cpu.c | 23 +++++++++++++++++++ arch/arm/mach-stm32mp/include/mach/stm32.h | 4 ++++ .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++ 3 files changed, 30 insertions(+)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c index e07abbe21c1..ba5942848bd 100644 --- a/arch/arm/mach-stm32mp/cpu.c +++ b/arch/arm/mach-stm32mp/cpu.c @@ -40,6 +40,13 @@ u32 get_bootmode(void) TAMP_BOOT_MODE_SHIFT; }
+u32 get_bootauth(void) +{
- /* read boot auth status and partition from TAMP backup register */
- return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >>
TAMP_BOOT_AUTH_SHIFT;+}
/*
- weak function overidde: set the DDR/SYSRAM executable before to enable the
- MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc)
@@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void) { }
+static int setup_boot_auth_info(void) +{
- char buf[10];
- u32 bootauth = get_bootauth();
- snprintf(buf, sizeof(buf), "%d", bootauth >> 4);
- env_set("boot_auth", buf);
- snprintf(buf, sizeof(buf), "%d", bootauth &
(u32)TAMP_BOOT_PARTITION_MASK);- env_set("boot_part", buf);
- return 0;
+}
int arch_misc_init(void) {
- setup_boot_auth_info(); setup_boot_mode(); setup_mac_address(); setup_serial_number();
diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h index 1cdc5e3b186..ac0deced67e 100644 --- a/arch/arm/mach-stm32mp/include/mach/stm32.h +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h @@ -139,8 +139,12 @@ enum boot_device {
#define TAMP_BOOT_MODE_MASK GENMASK(15, 8) #define TAMP_BOOT_MODE_SHIFT 8 +#define TAMP_BOOT_AUTH_MASK GENMASK(23, 16) +#define TAMP_BOOT_AUTH_SHIFT 16 #define TAMP_BOOT_DEVICE_MASK GENMASK(7, 4) #define TAMP_BOOT_INSTANCE_MASK GENMASK(3, 0) +#define TAMP_BOOT_AUTH_ST_MASK GENMASK(7, 4) +#define TAMP_BOOT_PARTITION_MASK GENMASK(3, 0) #define TAMP_BOOT_FORCED_MASK GENMASK(7, 0)
enum forced_boot_mode { diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h index 83fb32a45fc..52aca1e23e1 100644 --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]); /* return boot mode */ u32 get_bootmode(void);
+/* return auth status and partition */ +u32 get_bootauth(void);
int get_eth_nb(void); int setup_mac_address(void);
Reviewed-by: Patrice Chotard patrice.chotard@foss.st.com
Thanks Patrice
On 11/9/23 08:47, Patrice CHOTARD wrote:
On 11/6/23 11:41, Igor Opaniuk wrote:
Obtain from TAMP backup register information about image authorization status and partition id used for booting. Store this info in environmental variables ("boot_auth" and "boot_part" correspondingly).
Image authorization supported values: 0x0 - No authentication done 0x1 - Authentication done and failed 0x2 - Authentication done and succeeded
These values are stored to TAMP backup register by Trusted Firmware-A [1].
Testing: STM32MP> print boot_part boot_part=1 STM32MP> print boot_auth boot_auth=2
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/h...
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io Co-developed-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io Signed-off-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io
arch/arm/mach-stm32mp/cpu.c | 23 +++++++++++++++++++ arch/arm/mach-stm32mp/include/mach/stm32.h | 4 ++++ .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++ 3 files changed, 30 insertions(+)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c index e07abbe21c1..ba5942848bd 100644 --- a/arch/arm/mach-stm32mp/cpu.c +++ b/arch/arm/mach-stm32mp/cpu.c @@ -40,6 +40,13 @@ u32 get_bootmode(void) TAMP_BOOT_MODE_SHIFT; }
+u32 get_bootauth(void) +{
- /* read boot auth status and partition from TAMP backup register */
- return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >>
TAMP_BOOT_AUTH_SHIFT;+}
/*
- weak function overidde: set the DDR/SYSRAM executable before to enable the
- MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc)
@@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void) { }
+static int setup_boot_auth_info(void) +{
- char buf[10];
- u32 bootauth = get_bootauth();
- snprintf(buf, sizeof(buf), "%d", bootauth >> 4);
- env_set("boot_auth", buf);
- snprintf(buf, sizeof(buf), "%d", bootauth &
(u32)TAMP_BOOT_PARTITION_MASK);- env_set("boot_part", buf);
- return 0;
+}
int arch_misc_init(void) {
- setup_boot_auth_info(); setup_boot_mode(); setup_mac_address(); setup_serial_number();
diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h index 1cdc5e3b186..ac0deced67e 100644 --- a/arch/arm/mach-stm32mp/include/mach/stm32.h +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h @@ -139,8 +139,12 @@ enum boot_device {
#define TAMP_BOOT_MODE_MASK GENMASK(15, 8) #define TAMP_BOOT_MODE_SHIFT 8 +#define TAMP_BOOT_AUTH_MASK GENMASK(23, 16) +#define TAMP_BOOT_AUTH_SHIFT 16 #define TAMP_BOOT_DEVICE_MASK GENMASK(7, 4) #define TAMP_BOOT_INSTANCE_MASK GENMASK(3, 0) +#define TAMP_BOOT_AUTH_ST_MASK GENMASK(7, 4) +#define TAMP_BOOT_PARTITION_MASK GENMASK(3, 0) #define TAMP_BOOT_FORCED_MASK GENMASK(7, 0)
enum forced_boot_mode { diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h index 83fb32a45fc..52aca1e23e1 100644 --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]); /* return boot mode */ u32 get_bootmode(void);
+/* return auth status and partition */ +u32 get_bootauth(void);
int get_eth_nb(void); int setup_mac_address(void);
Reviewed-by: Patrice Chotard patrice.chotard@foss.st.com
Thanks Patrice _______________________________________________ Uboot-stm32 mailing list Uboot-stm32@st-md-mailman.stormreply.com https://st-md-mailman.stormreply.com/mailman/listinfo/uboot-stm32
Applied to u-boot-stm32/master
Thanks Patrice
participants (2)
-
Igor Opaniuk -
Patrice CHOTARD