Add functions to report the HAB (High Assurance Boot) status of e.g. i.MX6 CPUs. This is taken from git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0 cpu/arm_cortexa8/mx6/generic.c include/asm-arm/arch-mx6/mx6_secure.h Signed-off-by: Stefano Babic <sbabic@denx.de>master
parent
0187c985aa
commit
b83c709e8d
@ -0,0 +1,104 @@ |
||||
/*
|
||||
* Copyright (C) 2010-2013 Freescale Semiconductor, Inc. |
||||
* |
||||
* SPDX-License-Identifier: GPL-2.0+ |
||||
*/ |
||||
|
||||
#include <common.h> |
||||
#include <asm/io.h> |
||||
#include <asm/arch/hab.h> |
||||
|
||||
/* -------- start of HAB API updates ------------*/ |
||||
#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) |
||||
#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) |
||||
#define hab_rvt_authenticate_image \ |
||||
((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) |
||||
#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY) |
||||
#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT) |
||||
#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT |
||||
|
||||
bool is_hab_enabled(void) |
||||
{ |
||||
struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR; |
||||
struct fuse_bank *bank = &ocotp->bank[0]; |
||||
struct fuse_bank0_regs *fuse = |
||||
(struct fuse_bank0_regs *)bank->fuse_regs; |
||||
uint32_t reg = readl(&fuse->cfg5); |
||||
|
||||
return (reg & 0x2) == 0x2; |
||||
} |
||||
|
||||
void display_event(uint8_t *event_data, size_t bytes) |
||||
{ |
||||
uint32_t i; |
||||
|
||||
if (!(event_data && bytes > 0)) |
||||
return; |
||||
|
||||
for (i = 0; i < bytes; i++) { |
||||
if (i == 0) |
||||
printf("\t0x%02x", event_data[i]); |
||||
else if ((i % 8) == 0) |
||||
printf("\n\t0x%02x", event_data[i]); |
||||
else |
||||
printf(" 0x%02x", event_data[i]); |
||||
} |
||||
} |
||||
|
||||
int get_hab_status(void) |
||||
{ |
||||
uint32_t index = 0; /* Loop index */ |
||||
uint8_t event_data[128]; /* Event data buffer */ |
||||
size_t bytes = sizeof(event_data); /* Event size in bytes */ |
||||
enum hab_config config = 0; |
||||
enum hab_state state = 0; |
||||
|
||||
if (is_hab_enabled()) |
||||
puts("\nSecure boot enabled\n"); |
||||
else |
||||
puts("\nSecure boot disabled\n"); |
||||
|
||||
/* Check HAB status */ |
||||
if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { |
||||
printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", |
||||
config, state); |
||||
|
||||
/* Display HAB Error events */ |
||||
while (hab_rvt_report_event(HAB_FAILURE, index, event_data, |
||||
&bytes) == HAB_SUCCESS) { |
||||
puts("\n"); |
||||
printf("--------- HAB Event %d -----------------\n", |
||||
index + 1); |
||||
puts("event data:\n"); |
||||
display_event(event_data, bytes); |
||||
puts("\n"); |
||||
bytes = sizeof(event_data); |
||||
index++; |
||||
} |
||||
} |
||||
/* Display message if no HAB events are found */ |
||||
else { |
||||
printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", |
||||
config, state); |
||||
puts("No HAB Events Found!\n\n"); |
||||
} |
||||
return 0; |
||||
} |
||||
|
||||
int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) |
||||
{ |
||||
if ((argc != 1)) { |
||||
cmd_usage(cmdtp); |
||||
return 1; |
||||
} |
||||
|
||||
get_hab_status(); |
||||
|
||||
return 0; |
||||
} |
||||
|
||||
U_BOOT_CMD( |
||||
hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, |
||||
"display HAB status", |
||||
"" |
||||
); |
@ -0,0 +1,67 @@ |
||||
/*
|
||||
* Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved. |
||||
* |
||||
* SPDX-License-Identifier: GPL-2.0+ |
||||
* |
||||
*/ |
||||
|
||||
#ifndef __SECURE_MX6Q_H__ |
||||
#define __SECURE_MX6Q_H__ |
||||
|
||||
#include <linux/types.h> |
||||
|
||||
/* -------- start of HAB API updates ------------*/ |
||||
/* The following are taken from HAB4 SIS */ |
||||
|
||||
/* Status definitions */ |
||||
enum hab_status { |
||||
HAB_STS_ANY = 0x00, |
||||
HAB_FAILURE = 0x33, |
||||
HAB_WARNING = 0x69, |
||||
HAB_SUCCESS = 0xf0 |
||||
}; |
||||
|
||||
/* Security Configuration definitions */ |
||||
enum hab_config { |
||||
HAB_CFG_RETURN = 0x33, /**< Field Return IC */ |
||||
HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */ |
||||
HAB_CFG_CLOSED = 0xcc /**< Secure IC */ |
||||
}; |
||||
|
||||
/* State definitions */ |
||||
enum hab_state { |
||||
HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */ |
||||
HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */ |
||||
HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */ |
||||
HAB_STATE_TRUSTED = 0x99, /**< Trusted state */ |
||||
HAB_STATE_SECURE = 0xaa, /**< Secure state */ |
||||
HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */ |
||||
HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */ |
||||
HAB_STATE_NONE = 0xf0, /**< No security state machine */ |
||||
HAB_STATE_MAX |
||||
}; |
||||
|
||||
/*Function prototype description*/ |
||||
typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t, |
||||
uint8_t* , size_t*); |
||||
typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, |
||||
enum hab_state *); |
||||
typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*); |
||||
typedef enum hab_status hab_rvt_entry_t(void); |
||||
typedef enum hab_status hab_rvt_exit_t(void); |
||||
typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, |
||||
void **, size_t *, hab_loader_callback_f_t); |
||||
typedef void hapi_clock_init_t(void); |
||||
|
||||
#define HAB_RVT_REPORT_EVENT (*(uint32_t *)0x000000B4) |
||||
#define HAB_RVT_REPORT_STATUS (*(uint32_t *)0x000000B8) |
||||
#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)0x000000A4) |
||||
#define HAB_RVT_ENTRY (*(uint32_t *)0x00000098) |
||||
#define HAB_RVT_EXIT (*(uint32_t *)0x0000009C) |
||||
#define HAB_RVT_CLOCK_INIT ((hapi_clock_init_t *)0x0000024D) |
||||
|
||||
#define HAB_CID_ROM 0 /**< ROM Caller ID */ |
||||
#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ |
||||
/* ----------- end of HAB API updates ------------*/ |
||||
|
||||
#endif |
Loading…
Reference in new issue