mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-21 02:33:07 +00:00
31e5ec2323
Add two ELE API: ele_return_lifecycle_update and ele_write_secure_fuse Add two cmd: ahab_return_lifecycle and ahab_sec_fuse_prog Signed-off-by: Peng Fan <peng.fan@nxp.com>
659 lines
16 KiB
C
659 lines
16 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright 2022 NXP
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <command.h>
|
|
#include <errno.h>
|
|
#include <asm/io.h>
|
|
#include <asm/mach-imx/ele_api.h>
|
|
#include <asm/mach-imx/sys_proto.h>
|
|
#include <asm/arch-imx/cpu.h>
|
|
#include <asm/arch/sys_proto.h>
|
|
#include <asm/mach-imx/image.h>
|
|
#include <console.h>
|
|
#include <cpu_func.h>
|
|
#include <asm/global_data.h>
|
|
|
|
DECLARE_GLOBAL_DATA_PTR;
|
|
|
|
#define IMG_CONTAINER_END_BASE (IMG_CONTAINER_BASE + 0xFFFFUL)
|
|
|
|
#define AHAB_MAX_EVENTS 8
|
|
|
|
static char *ele_ipc_str[] = {
|
|
"IPC = MU RTD (0x1)\n",
|
|
"IPC = MU APD (0x2)\n",
|
|
"IPC = INVALID\n",
|
|
NULL
|
|
};
|
|
|
|
static char *ele_status_str[] = {
|
|
"STA = ELE_SUCCESS_IND (0xD6)\n",
|
|
"STA = ELE_FAILURE_IND (0x29)\n",
|
|
"STA = INVALID\n",
|
|
NULL
|
|
};
|
|
|
|
static char *ele_cmd_str[] = {
|
|
"CMD = ELE_PING_REQ (0x01)\n",
|
|
"CMD = ELE_FW_AUTH_REQ (0x02)\n",
|
|
"CMD = ELE_RESTART_RST_TIMER_REQ (0x04)\n",
|
|
"CMD = ELE_DUMP_DEBUG_BUFFER_REQ (0x21)\n",
|
|
"CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)\n",
|
|
"CMD = ELE_VERIFY_IMAGE_REQ (0x88)\n",
|
|
"CMD = ELE_RELEASE_CONTAINER_REQ (0x89)\n",
|
|
"CMD = ELE_WRITE_SECURE_FUSE_REQ (0x91)\n",
|
|
"CMD = ELE_FWD_LIFECYCLE_UP_REQ (0x95)\n",
|
|
"CMD = ELE_READ_FUSE_REQ (0x97)\n",
|
|
"CMD = ELE_GET_FW_VERSION_REQ (0x9D)\n",
|
|
"CMD = ELE_RET_LIFECYCLE_UP_REQ (0xA0)\n",
|
|
"CMD = ELE_GET_EVENTS_REQ (0xA2)\n",
|
|
"CMD = ELE_ENABLE_PATCH_REQ (0xC3)\n",
|
|
"CMD = ELE_RELEASE_RDC_REQ (0xC4)\n",
|
|
"CMD = ELE_GET_FW_STATUS_REQ (0xC5)\n",
|
|
"CMD = ELE_ENABLE_OTFAD_REQ (0xC6)\n",
|
|
"CMD = ELE_RESET_REQ (0xC7)\n",
|
|
"CMD = ELE_UPDATE_OTP_CLKDIV_REQ (0xD0)\n",
|
|
"CMD = ELE_POWER_DOWN_REQ (0xD1)\n",
|
|
"CMD = ELE_ENABLE_APC_REQ (0xD2)\n",
|
|
"CMD = ELE_ENABLE_RTC_REQ (0xD3)\n",
|
|
"CMD = ELE_DEEP_POWER_DOWN_REQ (0xD4)\n",
|
|
"CMD = ELE_STOP_RST_TIMER_REQ (0xD5)\n",
|
|
"CMD = ELE_WRITE_FUSE_REQ (0xD6)\n",
|
|
"CMD = ELE_RELEASE_CAAM_REQ (0xD7)\n",
|
|
"CMD = ELE_RESET_A35_CTX_REQ (0xD8)\n",
|
|
"CMD = ELE_MOVE_TO_UNSECURED_REQ (0xD9)\n",
|
|
"CMD = ELE_GET_INFO_REQ (0xDA)\n",
|
|
"CMD = ELE_ATTEST_REQ (0xDB)\n",
|
|
"CMD = ELE_RELEASE_PATCH_REQ (0xDC)\n",
|
|
"CMD = ELE_OTP_SEQ_SWITH_REQ (0xDD)\n",
|
|
"CMD = INVALID\n",
|
|
NULL
|
|
};
|
|
|
|
static char *ele_ind_str[] = {
|
|
"IND = ELE_ROM_PING_FAILURE_IND (0x0A)\n",
|
|
"IND = ELE_FW_PING_FAILURE_IND (0x1A)\n",
|
|
"IND = ELE_BAD_SIGNATURE_FAILURE_IND (0xF0)\n",
|
|
"IND = ELE_BAD_HASH_FAILURE_IND (0xF1)\n",
|
|
"IND = ELE_INVALID_LIFECYCLE_IND (0xF2)\n",
|
|
"IND = ELE_PERMISSION_DENIED_FAILURE_IND (0xF3)\n",
|
|
"IND = ELE_INVALID_MESSAGE_FAILURE_IND (0xF4)\n",
|
|
"IND = ELE_BAD_VALUE_FAILURE_IND (0xF5)\n",
|
|
"IND = ELE_BAD_FUSE_ID_FAILURE_IND (0xF6)\n",
|
|
"IND = ELE_BAD_CONTAINER_FAILURE_IND (0xF7)\n",
|
|
"IND = ELE_BAD_VERSION_FAILURE_IND (0xF8)\n",
|
|
"IND = ELE_INVALID_KEY_FAILURE_IND (0xF9)\n",
|
|
"IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)\n",
|
|
"IND = ELE_NO_VALID_CONTAINER_FAILURE_IND (0xFB)\n",
|
|
"IND = ELE_BAD_CERTIFICATE_FAILURE_IND (0xFC)\n",
|
|
"IND = ELE_BAD_UID_FAILURE_IND (0xFD)\n",
|
|
"IND = ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND (0xFE)\n",
|
|
"IND = ELE_MUST_SIGNED_FAILURE_IND (0xE0)\n",
|
|
"IND = ELE_NO_AUTHENTICATION_FAILURE_IND (0xEE)\n",
|
|
"IND = ELE_BAD_SRK_SET_FAILURE_IND (0xEF)\n",
|
|
"IND = ELE_UNALIGNED_PAYLOAD_FAILURE_IND (0xA6)\n",
|
|
"IND = ELE_WRONG_SIZE_FAILURE_IND (0xA7)\n",
|
|
"IND = ELE_ENCRYPTION_FAILURE_IND (0xA8)\n",
|
|
"IND = ELE_DECRYPTION_FAILURE_IND (0xA9)\n",
|
|
"IND = ELE_OTP_PROGFAIL_FAILURE_IND (0xAA)\n",
|
|
"IND = ELE_OTP_LOCKED_FAILURE_IND (0xAB)\n",
|
|
"IND = ELE_OTP_INVALID_IDX_FAILURE_IND (0xAD)\n",
|
|
"IND = ELE_TIME_OUT_FAILURE_IND (0xB0)\n",
|
|
"IND = ELE_BAD_PAYLOAD_FAILURE_IND (0xB1)\n",
|
|
"IND = ELE_WRONG_ADDRESS_FAILURE_IND (0xB4)\n",
|
|
"IND = ELE_DMA_FAILURE_IND (0xB5)\n",
|
|
"IND = ELE_DISABLED_FEATURE_FAILURE_IND (0xB6)\n",
|
|
"IND = ELE_MUST_ATTEST_FAILURE_IND (0xB7)\n",
|
|
"IND = ELE_RNG_NOT_STARTED_FAILURE_IND (0xB8)\n",
|
|
"IND = ELE_CRC_ERROR_IND (0xB9)\n",
|
|
"IND = ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND (0xBB)\n",
|
|
"IND = ELE_INCONSISTENT_PAR_FAILURE_IND (0xBC)\n",
|
|
"IND = ELE_RNG_INST_FAILURE_FAILURE_IND (0xBD)\n",
|
|
"IND = ELE_LOCKED_REG_FAILURE_IND (0xBE)\n",
|
|
"IND = ELE_BAD_ID_FAILURE_IND (0xBF)\n",
|
|
"IND = ELE_INVALID_OPERATION_FAILURE_IND (0xC0)\n",
|
|
"IND = ELE_NON_SECURE_STATE_FAILURE_IND (0xC1)\n",
|
|
"IND = ELE_MSG_TRUNCATED_IND (0xC2)\n",
|
|
"IND = ELE_BAD_IMAGE_NUM_FAILURE_IND (0xC3)\n",
|
|
"IND = ELE_BAD_IMAGE_ADDR_FAILURE_IND (0xC4)\n",
|
|
"IND = ELE_BAD_IMAGE_PARAM_FAILURE_IND (0xC5)\n",
|
|
"IND = ELE_BAD_IMAGE_TYPE_FAILURE_IND (0xC6)\n",
|
|
"IND = ELE_CORRUPTED_SRK_FAILURE_IND (0xD0)\n",
|
|
"IND = ELE_OUT_OF_MEMORY_IND (0xD1)\n",
|
|
"IND = ELE_CSTM_FAILURE_IND (0xCF)\n",
|
|
"IND = ELE_OLD_VERSION_FAILURE_IND (0xCE)\n",
|
|
"IND = ELE_WRONG_BOOT_MODE_FAILURE_IND (0xCD)\n",
|
|
"IND = ELE_APC_ALREADY_ENABLED_FAILURE_IND (0xCB)\n",
|
|
"IND = ELE_RTC_ALREADY_ENABLED_FAILURE_IND (0xCC)\n",
|
|
"IND = ELE_ABORT_IND (0xFF)\n",
|
|
"IND = INVALID\n",
|
|
NULL
|
|
};
|
|
|
|
static u8 ele_cmd[] = {
|
|
ELE_PING_REQ,
|
|
ELE_FW_AUTH_REQ,
|
|
ELE_RESTART_RST_TIMER_REQ,
|
|
ELE_DUMP_DEBUG_BUFFER_REQ,
|
|
ELE_OEM_CNTN_AUTH_REQ,
|
|
ELE_VERIFY_IMAGE_REQ,
|
|
ELE_RELEASE_CONTAINER_REQ,
|
|
ELE_WRITE_SECURE_FUSE_REQ,
|
|
ELE_FWD_LIFECYCLE_UP_REQ,
|
|
ELE_READ_FUSE_REQ,
|
|
ELE_GET_FW_VERSION_REQ,
|
|
ELE_RET_LIFECYCLE_UP_REQ,
|
|
ELE_GET_EVENTS_REQ,
|
|
ELE_ENABLE_PATCH_REQ,
|
|
ELE_RELEASE_RDC_REQ,
|
|
ELE_GET_FW_STATUS_REQ,
|
|
ELE_ENABLE_OTFAD_REQ,
|
|
ELE_RESET_REQ,
|
|
ELE_UPDATE_OTP_CLKDIV_REQ,
|
|
ELE_POWER_DOWN_REQ,
|
|
ELE_ENABLE_APC_REQ,
|
|
ELE_ENABLE_RTC_REQ,
|
|
ELE_DEEP_POWER_DOWN_REQ,
|
|
ELE_STOP_RST_TIMER_REQ,
|
|
ELE_WRITE_FUSE_REQ,
|
|
ELE_RELEASE_CAAM_REQ,
|
|
ELE_RESET_A35_CTX_REQ,
|
|
ELE_MOVE_TO_UNSECURED_REQ,
|
|
ELE_GET_INFO_REQ,
|
|
ELE_ATTEST_REQ,
|
|
ELE_RELEASE_PATCH_REQ,
|
|
ELE_OTP_SEQ_SWITH_REQ
|
|
};
|
|
|
|
static u8 ele_ind[] = {
|
|
ELE_ROM_PING_FAILURE_IND,
|
|
ELE_FW_PING_FAILURE_IND,
|
|
ELE_BAD_SIGNATURE_FAILURE_IND,
|
|
ELE_BAD_HASH_FAILURE_IND,
|
|
ELE_INVALID_LIFECYCLE_IND,
|
|
ELE_PERMISSION_DENIED_FAILURE_IND,
|
|
ELE_INVALID_MESSAGE_FAILURE_IND,
|
|
ELE_BAD_VALUE_FAILURE_IND,
|
|
ELE_BAD_FUSE_ID_FAILURE_IND,
|
|
ELE_BAD_CONTAINER_FAILURE_IND,
|
|
ELE_BAD_VERSION_FAILURE_IND,
|
|
ELE_INVALID_KEY_FAILURE_IND,
|
|
ELE_BAD_KEY_HASH_FAILURE_IND,
|
|
ELE_NO_VALID_CONTAINER_FAILURE_IND,
|
|
ELE_BAD_CERTIFICATE_FAILURE_IND,
|
|
ELE_BAD_UID_FAILURE_IND,
|
|
ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND,
|
|
ELE_MUST_SIGNED_FAILURE_IND,
|
|
ELE_NO_AUTHENTICATION_FAILURE_IND,
|
|
ELE_BAD_SRK_SET_FAILURE_IND,
|
|
ELE_UNALIGNED_PAYLOAD_FAILURE_IND,
|
|
ELE_WRONG_SIZE_FAILURE_IND,
|
|
ELE_ENCRYPTION_FAILURE_IND,
|
|
ELE_DECRYPTION_FAILURE_IND,
|
|
ELE_OTP_PROGFAIL_FAILURE_IND,
|
|
ELE_OTP_LOCKED_FAILURE_IND,
|
|
ELE_OTP_INVALID_IDX_FAILURE_IND,
|
|
ELE_TIME_OUT_FAILURE_IND,
|
|
ELE_BAD_PAYLOAD_FAILURE_IND,
|
|
ELE_WRONG_ADDRESS_FAILURE_IND,
|
|
ELE_DMA_FAILURE_IND,
|
|
ELE_DISABLED_FEATURE_FAILURE_IND,
|
|
ELE_MUST_ATTEST_FAILURE_IND,
|
|
ELE_RNG_NOT_STARTED_FAILURE_IND,
|
|
ELE_CRC_ERROR_IND,
|
|
ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND,
|
|
ELE_INCONSISTENT_PAR_FAILURE_IND,
|
|
ELE_RNG_INST_FAILURE_FAILURE_IND,
|
|
ELE_LOCKED_REG_FAILURE_IND,
|
|
ELE_BAD_ID_FAILURE_IND,
|
|
ELE_INVALID_OPERATION_FAILURE_IND,
|
|
ELE_NON_SECURE_STATE_FAILURE_IND,
|
|
ELE_MSG_TRUNCATED_IND,
|
|
ELE_BAD_IMAGE_NUM_FAILURE_IND,
|
|
ELE_BAD_IMAGE_ADDR_FAILURE_IND,
|
|
ELE_BAD_IMAGE_PARAM_FAILURE_IND,
|
|
ELE_BAD_IMAGE_TYPE_FAILURE_IND,
|
|
ELE_CORRUPTED_SRK_FAILURE_IND,
|
|
ELE_OUT_OF_MEMORY_IND,
|
|
ELE_CSTM_FAILURE_IND,
|
|
ELE_OLD_VERSION_FAILURE_IND,
|
|
ELE_WRONG_BOOT_MODE_FAILURE_IND,
|
|
ELE_APC_ALREADY_ENABLED_FAILURE_IND,
|
|
ELE_RTC_ALREADY_ENABLED_FAILURE_IND,
|
|
ELE_ABORT_IND
|
|
};
|
|
|
|
static u8 ele_ipc[] = {
|
|
ELE_IPC_MU_RTD,
|
|
ELE_IPC_MU_APD
|
|
};
|
|
|
|
static u8 ele_status[] = {
|
|
ELE_SUCCESS_IND,
|
|
ELE_FAILURE_IND
|
|
};
|
|
|
|
static inline u32 get_idx(u8 *list, u8 tgt, u32 size)
|
|
{
|
|
u32 i;
|
|
|
|
for (i = 0; i < size; i++) {
|
|
if (list[i] == tgt)
|
|
return i;
|
|
}
|
|
|
|
return i; /* last str is invalid */
|
|
}
|
|
|
|
static void display_ahab_auth_ind(u32 event)
|
|
{
|
|
u8 resp_ind = (event >> 8) & 0xff;
|
|
|
|
printf("%s\n", ele_ind_str[get_idx(ele_ind, resp_ind, ARRAY_SIZE(ele_ind))]);
|
|
}
|
|
|
|
int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
|
|
{
|
|
int err;
|
|
u32 resp;
|
|
|
|
memcpy((void *)IMG_CONTAINER_BASE, (const void *)container,
|
|
ALIGN(length, CONFIG_SYS_CACHELINE_SIZE));
|
|
|
|
flush_dcache_range(IMG_CONTAINER_BASE,
|
|
IMG_CONTAINER_BASE + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE) - 1);
|
|
|
|
err = ele_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp);
|
|
if (err) {
|
|
printf("Authenticate container hdr failed, return %d, resp 0x%x\n",
|
|
err, resp);
|
|
display_ahab_auth_ind(resp);
|
|
}
|
|
|
|
return err;
|
|
}
|
|
|
|
int ahab_auth_release(void)
|
|
{
|
|
int err;
|
|
u32 resp;
|
|
|
|
err = ele_release_container(&resp);
|
|
if (err) {
|
|
printf("Error: release container failed, resp 0x%x!\n", resp);
|
|
display_ahab_auth_ind(resp);
|
|
}
|
|
|
|
return err;
|
|
}
|
|
|
|
int ahab_verify_cntr_image(struct boot_img_t *img, int image_index)
|
|
{
|
|
int err;
|
|
u32 resp;
|
|
|
|
err = ele_verify_image(image_index, &resp);
|
|
if (err) {
|
|
printf("Authenticate img %d failed, return %d, resp 0x%x\n",
|
|
image_index, err, resp);
|
|
display_ahab_auth_ind(resp);
|
|
|
|
return -EIO;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline bool check_in_dram(ulong addr)
|
|
{
|
|
int i;
|
|
struct bd_info *bd = gd->bd;
|
|
|
|
for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) {
|
|
if (bd->bi_dram[i].size) {
|
|
if (addr >= bd->bi_dram[i].start &&
|
|
addr < (bd->bi_dram[i].start + bd->bi_dram[i].size))
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
int authenticate_os_container(ulong addr)
|
|
{
|
|
struct container_hdr *phdr;
|
|
int i, ret = 0;
|
|
int err;
|
|
u16 length;
|
|
struct boot_img_t *img;
|
|
unsigned long s, e;
|
|
|
|
if (addr % 4) {
|
|
puts("Error: Image's address is not 4 byte aligned\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
if (!check_in_dram(addr)) {
|
|
puts("Error: Image's address is invalid\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
phdr = (struct container_hdr *)addr;
|
|
if (phdr->tag != 0x87 || phdr->version != 0x0) {
|
|
printf("Error: Wrong container header\n");
|
|
return -EFAULT;
|
|
}
|
|
|
|
if (!phdr->num_images) {
|
|
printf("Error: Wrong container, no image found\n");
|
|
return -EFAULT;
|
|
}
|
|
|
|
length = phdr->length_lsb + (phdr->length_msb << 8);
|
|
|
|
debug("container length %u\n", length);
|
|
|
|
err = ahab_auth_cntr_hdr(phdr, length);
|
|
if (err) {
|
|
ret = -EIO;
|
|
goto exit;
|
|
}
|
|
|
|
debug("Verify images\n");
|
|
|
|
/* Copy images to dest address */
|
|
for (i = 0; i < phdr->num_images; i++) {
|
|
img = (struct boot_img_t *)(addr +
|
|
sizeof(struct container_hdr) +
|
|
i * sizeof(struct boot_img_t));
|
|
|
|
debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n",
|
|
i, (uint32_t)img->dst, img->offset + addr, img->size);
|
|
|
|
memcpy((void *)img->dst, (const void *)(img->offset + addr),
|
|
img->size);
|
|
|
|
s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1);
|
|
e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1;
|
|
|
|
flush_dcache_range(s, e);
|
|
|
|
ret = ahab_verify_cntr_image(img, i);
|
|
if (ret)
|
|
goto exit;
|
|
}
|
|
|
|
exit:
|
|
debug("ahab_auth_release, 0x%x\n", ret);
|
|
ahab_auth_release();
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc,
|
|
char *const argv[])
|
|
{
|
|
ulong addr;
|
|
|
|
if (argc < 2)
|
|
return CMD_RET_USAGE;
|
|
|
|
addr = hextoul(argv[1], NULL);
|
|
|
|
printf("Authenticate OS container at 0x%lx\n", addr);
|
|
|
|
if (authenticate_os_container(addr))
|
|
return CMD_RET_FAILURE;
|
|
|
|
return CMD_RET_SUCCESS;
|
|
}
|
|
|
|
static void display_life_cycle(u32 lc)
|
|
{
|
|
printf("Lifecycle: 0x%08X, ", lc);
|
|
switch (lc) {
|
|
case 0x1:
|
|
printf("BLANK\n\n");
|
|
break;
|
|
case 0x2:
|
|
printf("FAB\n\n");
|
|
break;
|
|
case 0x4:
|
|
printf("NXP Provisioned\n\n");
|
|
break;
|
|
case 0x8:
|
|
printf("OEM Open\n\n");
|
|
break;
|
|
case 0x20:
|
|
printf("OEM closed\n\n");
|
|
break;
|
|
case 0x40:
|
|
printf("Field Return OEM\n\n");
|
|
break;
|
|
case 0x80:
|
|
printf("Field Return NXP\n\n");
|
|
break;
|
|
case 0x100:
|
|
printf("OEM Locked\n\n");
|
|
break;
|
|
case 0x200:
|
|
printf("BRICKED\n\n");
|
|
break;
|
|
default:
|
|
printf("Unknown\n\n");
|
|
break;
|
|
}
|
|
}
|
|
|
|
static int confirm_close(void)
|
|
{
|
|
puts("Warning: Please ensure your sample is in NXP closed state, "
|
|
"OEM SRK hash has been fused, \n"
|
|
" and you are able to boot a signed image successfully "
|
|
"without any SECO events reported.\n"
|
|
" If not, your sample will be unrecoverable.\n"
|
|
"\nReally perform this operation? <y/N>\n");
|
|
|
|
if (confirm_yesno())
|
|
return 1;
|
|
|
|
puts("Ahab close aborted\n");
|
|
return 0;
|
|
}
|
|
|
|
static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
|
|
char *const argv[])
|
|
{
|
|
int err;
|
|
u32 resp;
|
|
u32 lc;
|
|
|
|
if (!confirm_close())
|
|
return -EACCES;
|
|
|
|
lc = readl(FSB_BASE_ADDR + 0x41c);
|
|
lc &= 0x3ff;
|
|
|
|
if (lc != 0x8) {
|
|
puts("Current lifecycle is NOT OEM open, can't move to OEM closed\n");
|
|
display_life_cycle(lc);
|
|
return -EPERM;
|
|
}
|
|
|
|
err = ele_forward_lifecycle(8, &resp);
|
|
if (err != 0) {
|
|
printf("Error in forward lifecycle to OEM closed\n");
|
|
return -EIO;
|
|
}
|
|
|
|
printf("Change to OEM closed successfully\n");
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ahab_dump(void)
|
|
{
|
|
u32 buffer[32];
|
|
int ret, i = 0;
|
|
|
|
do {
|
|
ret = ele_dump_buffer(buffer, 32);
|
|
if (ret < 0) {
|
|
printf("Error in dump AHAB log\n");
|
|
return -EIO;
|
|
}
|
|
|
|
if (ret == 1)
|
|
break;
|
|
for (i = 0; i < ret; i++)
|
|
printf("0x%x\n", buffer[i]);
|
|
} while (ret >= 21);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
|
{
|
|
return ahab_dump();
|
|
}
|
|
|
|
static void display_event(u32 event)
|
|
{
|
|
printf("\n\t0x%08x\n", event);
|
|
printf("\t%s", ele_ipc_str[get_idx(ele_ipc,
|
|
(event >> 24) & 0xFF, ARRAY_SIZE(ele_ipc))]);
|
|
printf("\t%s", ele_cmd_str[get_idx(ele_cmd,
|
|
(event >> 16) & 0xFF, ARRAY_SIZE(ele_cmd))]);
|
|
printf("\t%s", ele_ind_str[get_idx(ele_ind,
|
|
(event >> 8) & 0xFF, ARRAY_SIZE(ele_ind))]);
|
|
printf("\t%s", ele_status_str[get_idx(ele_status,
|
|
event & 0xFF, ARRAY_SIZE(ele_status))]);
|
|
}
|
|
|
|
static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
|
{
|
|
u32 lc, i;
|
|
u32 events[AHAB_MAX_EVENTS];
|
|
u32 cnt = AHAB_MAX_EVENTS;
|
|
int ret;
|
|
|
|
lc = readl(FSB_BASE_ADDR + 0x41c);
|
|
lc &= 0x3ff;
|
|
|
|
display_life_cycle(lc);
|
|
|
|
ret = ele_get_events(events, &cnt, NULL);
|
|
if (ret) {
|
|
printf("Get ELE EVENTS error %d\n", ret);
|
|
return CMD_RET_FAILURE;
|
|
}
|
|
|
|
if (!cnt) {
|
|
puts("\n\tNo Events Found!\n");
|
|
return 0;
|
|
}
|
|
|
|
for (i = 0; i < cnt; i++)
|
|
display_event(events[i]);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int do_sec_fuse_prog(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
|
{
|
|
ulong addr;
|
|
u32 header, response;
|
|
|
|
if (argc < 2)
|
|
return CMD_RET_USAGE;
|
|
|
|
addr = hextoul(argv[1], NULL);
|
|
header = *(u32 *)addr;
|
|
|
|
if ((header & 0xff0000ff) != 0x89000000) {
|
|
printf("Wrong Signed message block format, header 0x%x\n", header);
|
|
return CMD_RET_FAILURE;
|
|
}
|
|
|
|
header = (header & 0xffff00) >> 8;
|
|
|
|
printf("Signed Message block at 0x%lx, size 0x%x\n", addr, header);
|
|
flush_dcache_range(addr, addr + header - 1);
|
|
|
|
if (ele_write_secure_fuse(addr, &response)) {
|
|
printf("Program secure fuse failed, response 0x%x\n", response);
|
|
return CMD_RET_FAILURE;
|
|
}
|
|
|
|
printf("Program secure fuse completed, response 0x%x\n", response);
|
|
|
|
return CMD_RET_SUCCESS;
|
|
}
|
|
|
|
static int do_ahab_return_lifecycle(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
|
{
|
|
ulong addr;
|
|
u32 header, response;
|
|
|
|
if (argc < 2)
|
|
return CMD_RET_USAGE;
|
|
|
|
addr = hextoul(argv[1], NULL);
|
|
header = *(u32 *)addr;
|
|
|
|
if ((header & 0xff0000ff) != 0x89000000) {
|
|
printf("Wrong Signed message block format, header 0x%x\n", header);
|
|
return CMD_RET_FAILURE;
|
|
}
|
|
|
|
header = (header & 0xffff00) >> 8;
|
|
|
|
printf("Signed Message block at 0x%lx, size 0x%x\n", addr, header);
|
|
flush_dcache_range(addr, addr + header - 1);
|
|
|
|
if (ele_return_lifecycle_update(addr, &response)) {
|
|
printf("Return lifecycle failed, response 0x%x\n", response);
|
|
return CMD_RET_FAILURE;
|
|
}
|
|
|
|
printf("Return lifecycle completed, response 0x%x\n", response);
|
|
|
|
return CMD_RET_SUCCESS;
|
|
}
|
|
|
|
U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
|
|
"autenticate OS container via AHAB",
|
|
"addr\n"
|
|
"addr - OS container hex address\n"
|
|
);
|
|
|
|
U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
|
|
"Change AHAB lifecycle to OEM closed",
|
|
""
|
|
);
|
|
|
|
U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump,
|
|
"Dump AHAB log for debug",
|
|
""
|
|
);
|
|
|
|
U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status,
|
|
"display AHAB lifecycle only",
|
|
""
|
|
);
|
|
|
|
U_BOOT_CMD(ahab_sec_fuse_prog, CONFIG_SYS_MAXARGS, 1, do_sec_fuse_prog,
|
|
"Program secure fuse via signed message block",
|
|
"addr\n"
|
|
"addr - Signed message block for secure fuse\n"
|
|
);
|
|
|
|
U_BOOT_CMD(ahab_return_lifecycle, CONFIG_SYS_MAXARGS, 1, do_ahab_return_lifecycle,
|
|
"Return lifecycle to OEM field return via signed message block",
|
|
"addr\n"
|
|
"addr - Return lifecycle message block signed by OEM SRK\n"
|
|
);
|