[PATCH v1] stm32mp1: read auth stats and boot_partition from tamp

Patrice CHOTARD patrice.chotard at foss.st.com
Thu Nov 9 08:47:58 CET 2023



On 11/6/23 11:41, Igor Opaniuk wrote:
> Obtain from TAMP backup register information about image authorization
> status and partition id used for booting. Store this info in
> environmental variables ("boot_auth" and "boot_part" correspondingly).
> 
> Image authorization supported values:
> 0x0 - No authentication done
> 0x1 - Authentication done and failed
> 0x2 - Authentication done and succeeded
> 
> These values are stored to TAMP backup register by Trusted Firmware-A [1].
> 
> Testing:
> STM32MP> print boot_part
> boot_part=1
> STM32MP> print boot_auth
> boot_auth=2
> 
> [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/heads/integration&id=ab2b325c1ab895e626d4e11a9f26b9e7c968f8d8
> 
> Signed-off-by: Igor Opaniuk <igor.opaniuk at foundries.io>
> Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
> 
> ---
> 
>  arch/arm/mach-stm32mp/cpu.c                   | 23 +++++++++++++++++++
>  arch/arm/mach-stm32mp/include/mach/stm32.h    |  4 ++++
>  .../arm/mach-stm32mp/include/mach/sys_proto.h |  3 +++
>  3 files changed, 30 insertions(+)
> 
> diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
> index e07abbe21c1..ba5942848bd 100644
> --- a/arch/arm/mach-stm32mp/cpu.c
> +++ b/arch/arm/mach-stm32mp/cpu.c
> @@ -40,6 +40,13 @@ u32 get_bootmode(void)
>  		    TAMP_BOOT_MODE_SHIFT;
>  }
>  
> +u32 get_bootauth(void)
> +{
> +	/* read boot auth status and partition from TAMP backup register */
> +	return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >>
> +		    TAMP_BOOT_AUTH_SHIFT;
> +}
> +
>  /*
>   * weak function overidde: set the DDR/SYSRAM executable before to enable the
>   * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc)
> @@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void)
>  {
>  }
>  
> +static int setup_boot_auth_info(void)
> +{
> +	char buf[10];
> +	u32 bootauth = get_bootauth();
> +
> +	snprintf(buf, sizeof(buf), "%d", bootauth >> 4);
> +	env_set("boot_auth", buf);
> +
> +	snprintf(buf, sizeof(buf), "%d", bootauth &
> +		 (u32)TAMP_BOOT_PARTITION_MASK);
> +	env_set("boot_part", buf);
> +
> +	return 0;
> +}
> +
>  int arch_misc_init(void)
>  {
> +	setup_boot_auth_info();
>  	setup_boot_mode();
>  	setup_mac_address();
>  	setup_serial_number();
> diff --git a/arch/arm/mach-stm32mp/include/mach/stm32.h b/arch/arm/mach-stm32mp/include/mach/stm32.h
> index 1cdc5e3b186..ac0deced67e 100644
> --- a/arch/arm/mach-stm32mp/include/mach/stm32.h
> +++ b/arch/arm/mach-stm32mp/include/mach/stm32.h
> @@ -139,8 +139,12 @@ enum boot_device {
>  
>  #define TAMP_BOOT_MODE_MASK		GENMASK(15, 8)
>  #define TAMP_BOOT_MODE_SHIFT		8
> +#define TAMP_BOOT_AUTH_MASK		GENMASK(23, 16)
> +#define TAMP_BOOT_AUTH_SHIFT		16
>  #define TAMP_BOOT_DEVICE_MASK		GENMASK(7, 4)
>  #define TAMP_BOOT_INSTANCE_MASK		GENMASK(3, 0)
> +#define TAMP_BOOT_AUTH_ST_MASK		GENMASK(7, 4)
> +#define TAMP_BOOT_PARTITION_MASK	GENMASK(3, 0)
>  #define TAMP_BOOT_FORCED_MASK		GENMASK(7, 0)
>  
>  enum forced_boot_mode {
> diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
> index 83fb32a45fc..52aca1e23e1 100644
> --- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
> +++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
> @@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]);
>  /* return boot mode */
>  u32 get_bootmode(void);
>  
> +/* return auth status and partition */
> +u32 get_bootauth(void);
> +
>  int get_eth_nb(void);
>  int setup_mac_address(void);
>  

Reviewed-by: Patrice Chotard <patrice.chotard at foss.st.com>

Thanks
Patrice


More information about the U-Boot mailing list