Commit b83c709e8d3f29721f32d66f19f953a2f818afbc
1 parent
0187c985aa
Exists in
master
and in
53 other branches
imx: add status reporting for HAB status
Add functions to report the HAB (High Assurance Boot) status of e.g. i.MX6 CPUs. This is taken from git://git.freescale.com/imx/uboot-imx.git branch imx_v2009.08_3.0.35_4.0.0 cpu/arm_cortexa8/mx6/generic.c include/asm-arm/arch-mx6/mx6_secure.h Signed-off-by: Stefano Babic <sbabic@denx.de>
Showing 4 changed files with 182 additions and 4 deletions Side-by-side Diff
arch/arm/cpu/armv7/mx6/Makefile
... | ... | @@ -11,10 +11,11 @@ |
11 | 11 | |
12 | 12 | LIB = $(obj)lib$(SOC).o |
13 | 13 | |
14 | -COBJS = soc.o clock.o | |
14 | +COBJS-y = soc.o clock.o | |
15 | +COBJS-$(CONFIG_SECURE_BOOT) += hab.o | |
15 | 16 | |
16 | -SRCS := $(SOBJS:.o=.S) $(COBJS:.o=.c) | |
17 | -OBJS := $(addprefix $(obj),$(SOBJS) $(COBJS)) | |
17 | +SRCS := $(SOBJS:.o=.S) $(COBJS-y:.o=.c) | |
18 | +OBJS := $(addprefix $(obj),$(SOBJS) $(COBJS-y)) | |
18 | 19 | |
19 | 20 | all: $(obj).depend $(LIB) |
20 | 21 |
arch/arm/cpu/armv7/mx6/hab.c
1 | +/* | |
2 | + * Copyright (C) 2010-2013 Freescale Semiconductor, Inc. | |
3 | + * | |
4 | + * SPDX-License-Identifier: GPL-2.0+ | |
5 | + */ | |
6 | + | |
7 | +#include <common.h> | |
8 | +#include <asm/io.h> | |
9 | +#include <asm/arch/hab.h> | |
10 | + | |
11 | +/* -------- start of HAB API updates ------------*/ | |
12 | +#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) | |
13 | +#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) | |
14 | +#define hab_rvt_authenticate_image \ | |
15 | + ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) | |
16 | +#define hab_rvt_entry ((hab_rvt_entry_t *)HAB_RVT_ENTRY) | |
17 | +#define hab_rvt_exit ((hab_rvt_exit_t *)HAB_RVT_EXIT) | |
18 | +#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT | |
19 | + | |
20 | +bool is_hab_enabled(void) | |
21 | +{ | |
22 | + struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR; | |
23 | + struct fuse_bank *bank = &ocotp->bank[0]; | |
24 | + struct fuse_bank0_regs *fuse = | |
25 | + (struct fuse_bank0_regs *)bank->fuse_regs; | |
26 | + uint32_t reg = readl(&fuse->cfg5); | |
27 | + | |
28 | + return (reg & 0x2) == 0x2; | |
29 | +} | |
30 | + | |
31 | +void display_event(uint8_t *event_data, size_t bytes) | |
32 | +{ | |
33 | + uint32_t i; | |
34 | + | |
35 | + if (!(event_data && bytes > 0)) | |
36 | + return; | |
37 | + | |
38 | + for (i = 0; i < bytes; i++) { | |
39 | + if (i == 0) | |
40 | + printf("\t0x%02x", event_data[i]); | |
41 | + else if ((i % 8) == 0) | |
42 | + printf("\n\t0x%02x", event_data[i]); | |
43 | + else | |
44 | + printf(" 0x%02x", event_data[i]); | |
45 | + } | |
46 | +} | |
47 | + | |
48 | +int get_hab_status(void) | |
49 | +{ | |
50 | + uint32_t index = 0; /* Loop index */ | |
51 | + uint8_t event_data[128]; /* Event data buffer */ | |
52 | + size_t bytes = sizeof(event_data); /* Event size in bytes */ | |
53 | + enum hab_config config = 0; | |
54 | + enum hab_state state = 0; | |
55 | + | |
56 | + if (is_hab_enabled()) | |
57 | + puts("\nSecure boot enabled\n"); | |
58 | + else | |
59 | + puts("\nSecure boot disabled\n"); | |
60 | + | |
61 | + /* Check HAB status */ | |
62 | + if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { | |
63 | + printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", | |
64 | + config, state); | |
65 | + | |
66 | + /* Display HAB Error events */ | |
67 | + while (hab_rvt_report_event(HAB_FAILURE, index, event_data, | |
68 | + &bytes) == HAB_SUCCESS) { | |
69 | + puts("\n"); | |
70 | + printf("--------- HAB Event %d -----------------\n", | |
71 | + index + 1); | |
72 | + puts("event data:\n"); | |
73 | + display_event(event_data, bytes); | |
74 | + puts("\n"); | |
75 | + bytes = sizeof(event_data); | |
76 | + index++; | |
77 | + } | |
78 | + } | |
79 | + /* Display message if no HAB events are found */ | |
80 | + else { | |
81 | + printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", | |
82 | + config, state); | |
83 | + puts("No HAB Events Found!\n\n"); | |
84 | + } | |
85 | + return 0; | |
86 | +} | |
87 | + | |
88 | +int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) | |
89 | +{ | |
90 | + if ((argc != 1)) { | |
91 | + cmd_usage(cmdtp); | |
92 | + return 1; | |
93 | + } | |
94 | + | |
95 | + get_hab_status(); | |
96 | + | |
97 | + return 0; | |
98 | +} | |
99 | + | |
100 | +U_BOOT_CMD( | |
101 | + hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, | |
102 | + "display HAB status", | |
103 | + "" | |
104 | + ); |
arch/arm/include/asm/arch-mx6/hab.h
1 | +/* | |
2 | + * Copyright (C) 2012 Freescale Semiconductor, Inc. All Rights Reserved. | |
3 | + * | |
4 | + * SPDX-License-Identifier: GPL-2.0+ | |
5 | + * | |
6 | +*/ | |
7 | + | |
8 | +#ifndef __SECURE_MX6Q_H__ | |
9 | +#define __SECURE_MX6Q_H__ | |
10 | + | |
11 | +#include <linux/types.h> | |
12 | + | |
13 | +/* -------- start of HAB API updates ------------*/ | |
14 | +/* The following are taken from HAB4 SIS */ | |
15 | + | |
16 | +/* Status definitions */ | |
17 | +enum hab_status { | |
18 | + HAB_STS_ANY = 0x00, | |
19 | + HAB_FAILURE = 0x33, | |
20 | + HAB_WARNING = 0x69, | |
21 | + HAB_SUCCESS = 0xf0 | |
22 | +}; | |
23 | + | |
24 | +/* Security Configuration definitions */ | |
25 | +enum hab_config { | |
26 | + HAB_CFG_RETURN = 0x33, /**< Field Return IC */ | |
27 | + HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */ | |
28 | + HAB_CFG_CLOSED = 0xcc /**< Secure IC */ | |
29 | +}; | |
30 | + | |
31 | +/* State definitions */ | |
32 | +enum hab_state { | |
33 | + HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */ | |
34 | + HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */ | |
35 | + HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */ | |
36 | + HAB_STATE_TRUSTED = 0x99, /**< Trusted state */ | |
37 | + HAB_STATE_SECURE = 0xaa, /**< Secure state */ | |
38 | + HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */ | |
39 | + HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */ | |
40 | + HAB_STATE_NONE = 0xf0, /**< No security state machine */ | |
41 | + HAB_STATE_MAX | |
42 | +}; | |
43 | + | |
44 | +/*Function prototype description*/ | |
45 | +typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t, | |
46 | + uint8_t* , size_t*); | |
47 | +typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, | |
48 | + enum hab_state *); | |
49 | +typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*); | |
50 | +typedef enum hab_status hab_rvt_entry_t(void); | |
51 | +typedef enum hab_status hab_rvt_exit_t(void); | |
52 | +typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, | |
53 | + void **, size_t *, hab_loader_callback_f_t); | |
54 | +typedef void hapi_clock_init_t(void); | |
55 | + | |
56 | +#define HAB_RVT_REPORT_EVENT (*(uint32_t *)0x000000B4) | |
57 | +#define HAB_RVT_REPORT_STATUS (*(uint32_t *)0x000000B8) | |
58 | +#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)0x000000A4) | |
59 | +#define HAB_RVT_ENTRY (*(uint32_t *)0x00000098) | |
60 | +#define HAB_RVT_EXIT (*(uint32_t *)0x0000009C) | |
61 | +#define HAB_RVT_CLOCK_INIT ((hapi_clock_init_t *)0x0000024D) | |
62 | + | |
63 | +#define HAB_CID_ROM 0 /**< ROM Caller ID */ | |
64 | +#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ | |
65 | +/* ----------- end of HAB API updates ------------*/ | |
66 | + | |
67 | +#endif |
arch/arm/include/asm/arch-mx6/imx-regs.h
... | ... | @@ -456,7 +456,13 @@ |
456 | 456 | u32 uid_low; |
457 | 457 | u32 rsvd1[3]; |
458 | 458 | u32 uid_high; |
459 | - u32 rsvd2[0x17]; | |
459 | + u32 rsvd2[3]; | |
460 | + u32 rsvd3[4]; | |
461 | + u32 rsvd4[4]; | |
462 | + u32 rsvd5[4]; | |
463 | + u32 cfg5; | |
464 | + u32 rsvd6[3]; | |
465 | + u32 rsvd7[4]; | |
460 | 466 | }; |
461 | 467 | |
462 | 468 | struct fuse_bank4_regs { |