stm32mp1: read auth stats and boot_partition from tamp

Obtain from TAMP backup register information about image authorization status and partition id used for booting. Store this info in environmental variables ("boot_auth" and "boot_part" correspondingly). Image authorization supported values: 0x0 - No authentication done 0x1 - Authentication done and failed 0x2 - Authentication done and succeeded These values are stored to TAMP backup register by Trusted Firmware-A [1]. Testing: STM32MP> print boot_part boot_part=1 STM32MP> print boot_auth boot_auth=2 [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/heads/integration&id=ab2b325c1ab895e626d4e11a9f26b9e7c968f8d8 Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2024-11-10 23:24:38 +00:00 · 2023-11-06 11:41:52 +01:00 · 2023-11-06 11:41:52 +01:00 · c205fe979e
commit c205fe979e
parent 6d84f6bc75
3 changed files with 30 additions and 0 deletions
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@ -40,6 +40,13 @@ u32 get_bootmode(void)
 		    TAMP_BOOT_MODE_SHIFT;
 }

+u32 get_bootauth(void)
+{
+	/* read boot auth status and partition from TAMP backup register */
+	return (readl(TAMP_BOOT_CONTEXT) & TAMP_BOOT_AUTH_MASK) >>
+		    TAMP_BOOT_AUTH_SHIFT;
+}
+
 /*
 * weak function overidde: set the DDR/SYSRAM executable before to enable the
 * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc)
@ -371,8 +378,24 @@ __weak void stm32mp_misc_init(void)
 {
 }

+static int setup_boot_auth_info(void)
+{
+	char buf[10];
+	u32 bootauth = get_bootauth();
+
+	snprintf(buf, sizeof(buf), "%d", bootauth >> 4);
+	env_set("boot_auth", buf);
+
+	snprintf(buf, sizeof(buf), "%d", bootauth &
+		 (u32)TAMP_BOOT_PARTITION_MASK);
+	env_set("boot_part", buf);
+
+	return 0;
+}
+
 int arch_misc_init(void)
 {
+	setup_boot_auth_info();
 	setup_boot_mode();
 	setup_mac_address();
 	setup_serial_number();
--- a/arch/arm/mach-stm32mp/include/mach/stm32.h
+++ b/arch/arm/mach-stm32mp/include/mach/stm32.h
@ -139,8 +139,12 @@ enum boot_device {

 #define TAMP_BOOT_MODE_MASK		GENMASK(15, 8)
 #define TAMP_BOOT_MODE_SHIFT		8
+#define TAMP_BOOT_AUTH_MASK		GENMASK(23, 16)
+#define TAMP_BOOT_AUTH_SHIFT		16
 #define TAMP_BOOT_DEVICE_MASK		GENMASK(7, 4)
 #define TAMP_BOOT_INSTANCE_MASK		GENMASK(3, 0)
+#define TAMP_BOOT_AUTH_ST_MASK		GENMASK(7, 4)
+#define TAMP_BOOT_PARTITION_MASK	GENMASK(3, 0)
 #define TAMP_BOOT_FORCED_MASK		GENMASK(7, 0)

 enum forced_boot_mode {
--- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
+++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
@ -66,6 +66,9 @@ void get_soc_name(char name[SOC_NAME_SIZE]);
 /* return boot mode */
 u32 get_bootmode(void);

+/* return auth status and partition */
+u32 get_bootauth(void);
+
 int get_eth_nb(void);
 int setup_mac_address(void);