[U-Boot] [PATCH v1 7/7] imx: add status reporting for HAB status

Thu Jul 11 20:31:34 CEST 2013

Dear Stefano Babic,

> Add functions to report the HAB (High Assurance Boot) status
> of e.g. i.MX6 CPUs.
> 
> This is taken from
> 
> git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0
> cpu/arm_cortexa8/mx6/generic.c
> include/asm-arm/arch-mx6/mx6_secure.h
> 
> Signed-off-by: Stefano Babic <sbabic at denx.de>
> ---
>  arch/arm/cpu/armv7/mx6/Makefile          |    2 +-
>  arch/arm/cpu/armv7/mx6/hab.c             |  127
> ++++++++++++++++++++++++++++++ arch/arm/include/asm/arch-mx6/hab.h      | 
>  80 +++++++++++++++++++ arch/arm/include/asm/arch-mx6/imx-regs.h |    8 +-
>  4 files changed, 215 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm/cpu/armv7/mx6/hab.c
>  create mode 100644 arch/arm/include/asm/arch-mx6/hab.h
> 
> diff --git a/arch/arm/cpu/armv7/mx6/Makefile
> b/arch/arm/cpu/armv7/mx6/Makefile index 4f9ca68..7c18f43 100644
> --- a/arch/arm/cpu/armv7/mx6/Makefile
> +++ b/arch/arm/cpu/armv7/mx6/Makefile
> @@ -27,7 +27,7 @@ include $(TOPDIR)/config.mk
> 
>  LIB	= $(obj)lib$(SOC).o
> 
> -COBJS	= soc.o clock.o
> +COBJS	= soc.o clock.o hab.o
> 
>  SRCS	:= $(SOBJS:.o=.S) $(COBJS:.o=.c)
>  OBJS	:= $(addprefix $(obj),$(SOBJS) $(COBJS))
> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
> new file mode 100644
> index 0000000..c3c273f
> --- /dev/null
> +++ b/arch/arm/cpu/armv7/mx6/hab.c
> @@ -0,0 +1,127 @@
> +/*
> + * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
> + *
> + * See file CREDITS for list of people who contributed to this
> + * project.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation; either version 2 of
> + * the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
> + * MA 02111-1307 USA
> + */
> +
> +#include <common.h>
> +#include <asm/io.h>
> +#if defined(CONFIG_SECURE_BOOT)
> +#include <asm/arch/hab.h>
> +
> +#ifdef CONFIG_SECURE_BOOT
> +/* -------- start of HAB API updates ------------*/
> +#define hab_rvt_report_event ((hab_rvt_report_event_t
> *)HAB_RVT_REPORT_EVENT) +#define hab_rvt_report_status
> ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) +#define
> hab_rvt_authenticate_image \
> +	((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE)
> +#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY)
> +#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT)
> +#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT
> +
> +
> +bool is_hab_enabled(void)
> +{
> +	struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR;
> +	struct fuse_bank *bank = &ocotp->bank[0];
> +	struct fuse_bank0_regs *fuse =
> +		(struct fuse_bank0_regs *)bank->fuse_regs;
> +	uint32_t reg = readl(&fuse->cfg5);
> +
> +	return (reg & 0x2) == 0x2;
> +}
> +
> +
> +void display_event(uint8_t *event_data, size_t bytes)
> +{
> +	uint32_t i;
> +
> +	if ((event_data) && (bytes > 0)) {

if (!<cond>)
	return;

<The loop goes here>

> +		for (i = 0; i < bytes; i++) {
> +			if (i == 0)
> +				printf("\t0x%02x", event_data[i]);
> +			else if ((i % 8) == 0)
> +				printf("\n\t0x%02x", event_data[i]);
> +			else
> +				printf(" 0x%02x", event_data[i]);
> +		}
> +	}
> +}
> +
> +int get_hab_status(void)
> +{
> +	uint32_t index = 0; /* Loop index */
> +	uint8_t event_data[128]; /* Event data buffer */
> +	size_t bytes = sizeof(event_data); /* Event size in bytes */
> +	hab_config_t config = 0;
> +	hab_state_t state = 0;
> +
> +	if (is_hab_enabled())
> +		printf("\nSecure boot enabled\n");
> +	else
> +		printf("\nSecure boot disabled\n");

Use puts() instead of printf() with no args.

Otherwise very nice ;-)

Best regards,
Marek Vasut