From patchwork Tue Jul 26 08:40:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Peng Fan (OSS)" X-Patchwork-Id: 1660674 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-NXP1-onmicrosoft-com header.b=RuVrfvlq; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LsTxy29cxz9sB4 for ; Tue, 26 Jul 2022 18:06:14 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6469C84417; Tue, 26 Jul 2022 10:05:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=oss.nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com header.b="RuVrfvlq"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4855684413; Tue, 26 Jul 2022 10:05:13 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2070.outbound.protection.outlook.com [40.107.20.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 34BCF84413 for ; Tue, 26 Jul 2022 10:05:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=oss.nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=peng.fan@oss.nxp.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cWoTLbAe7VbO1VnM6VcJV7V+ISt4Dh4PiJsB7OHTD8CllIwr01rKYNUwEyP9ns/hbrf8iXLd069IMK48Lofkn0zWEGAzlyH8Rd/09gwFX0BllhBcDHAPhsAiXfb2kMimVCYsnYt4BUGBSl2INU8+Tc5TEHwjhevZO9pFNGVgsx/wWOA4jlBt2xP5SKpZDWsUD1bnA4cPtyB/6vKO6FMi91eBxezw7+g4Fkl4HFseibwZjTuRLr53GD19sfNaukTNOjWiOio53c2HJ6kxsLtrhw153FZlGrF8SjDbWdPtbRlofBXSOqY1eq9aiXI0bmIcdcwG5tVnDRztCgLYWsiZ4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5Yzsf6zcJR/kaNrHvL8GZBZHLzodqqUgkXiv7I2VMCM=; b=aSb1Jyl3ZFfE1mRD761K9ijtRKoKoMkW0sUURO6Ol7fKvfKeHvL3jt8fG3/qTwQUVHIMT0XQtf5KPuPQiN90LRkBuq3ai5C908BR/PQMFLVdT7iM50U3jkR2gew7VZwJVk/djunc8JCrvWspVD9FQhJL4OFWD+qLZ9rDDeSNYaG/rMhQ3aBYb16axvBjQn1fZXWgVHSgc1t+ofHlvbnGfwmalwgCuDKUJXvgIGuKFy+UggCjBMgcp0oecyNf3Ot4qBAFNX5oEG5ABbpqU8fhix3bZmTj0TVrpRVSZUOggZAv25XVpFZR/P8+Q/qv4me9nOMdEO4ynL+CaGCyr4kRgw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oss.nxp.com; dmarc=pass action=none header.from=oss.nxp.com; dkim=pass header.d=oss.nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NXP1.onmicrosoft.com; s=selector2-NXP1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Yzsf6zcJR/kaNrHvL8GZBZHLzodqqUgkXiv7I2VMCM=; b=RuVrfvlqFijZsmaKABcLOnDZdlQk+92kDqpLMeHgQgI36LnHb0AWP3Cl0N1xGNYZk4URrCL0c029iU1013s5wQTrTXZB3zYHZf04m4+BZ46xte6wPqz5tKnkFl5lOmisPi1HKS1fX96BnQ3d7daUKZPChBB4RYuBxpx9YwdGFFE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=oss.nxp.com; Received: from DU0PR04MB9417.eurprd04.prod.outlook.com (2603:10a6:10:358::11) by AM0PR04MB5649.eurprd04.prod.outlook.com (2603:10a6:208:12a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.25; Tue, 26 Jul 2022 07:59:37 +0000 Received: from DU0PR04MB9417.eurprd04.prod.outlook.com ([fe80::c0c2:ede7:3b85:1597]) by DU0PR04MB9417.eurprd04.prod.outlook.com ([fe80::c0c2:ede7:3b85:1597%3]) with mapi id 15.20.5458.024; Tue, 26 Jul 2022 07:59:37 +0000 From: "Peng Fan (OSS)" To: sbabic@denx.de, festevam@gmail.com, "NXP i.MX U-Boot Team" Cc: u-boot@lists.denx.de, Ye Li Subject: [PATCH V2 25/53] imx: imx9: Add AHAB boot support Date: Tue, 26 Jul 2022 16:40:55 +0800 Message-Id: <20220726084123.2508-26-peng.fan@oss.nxp.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220726084123.2508-1-peng.fan@oss.nxp.com> References: <20220726084123.2508-1-peng.fan@oss.nxp.com> X-ClientProxiedBy: SG2PR06CA0221.apcprd06.prod.outlook.com (2603:1096:4:68::29) To DU0PR04MB9417.eurprd04.prod.outlook.com (2603:10a6:10:358::11) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 90d6d8ca-8c74-4c5e-e770-08da6edcc8fd X-MS-TrafficTypeDiagnostic: AM0PR04MB5649:EE_ X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PY76X7AywOghJpa/9tw8BcGKZK2OFcOA00FPFwpD6X3QWu1AKc9+Xrf3Xr8JdmZu7QlzJN0FBfSNnTWgz2MzKpPBnjEJfBtbizzcRm0ncsAmgR6w6hz69/aEmy6R2zrtY3owvW35GyqCx8G0RtnyF6cml+w5jOwLeXaRT2iS2oeLKjEfaf+Pn3NjyY+atMMPhjObHgaC7gngLvPx9rKzDrhApJR7jehKeoHhzokyHARb8aycD7nvJ2uvPUgZRy/fulS2+aOE8LbN2sxx/JAGcYYBRq/odY1i2hdNWe56ZE8dVk8/HuUX2dCq64nzrD+W2+GUw86PQGVtTOkr8l/XaCIVieZlXzKg8TDTrIF2WG5Toiv8xKFeMK8k0eRrpUWUVNvxWYI8+wCN305MZM/TgszgqvsZDQb+ksshBetgfthuqCOUjp2lRAtakGu26U3AW/yApsg8AUV3Ps1/tqfzgNwH2m4Y89NuVBHS8UNzGAw2oNfEu8mmDRtEdLzM9J0Aax1X+GzCXyRjRfb5W/x9LlW8x5SKpE5IfXKrLTURiQs1mRE1FCNq2xlW8yhN6l+XydL6EN+xbCUjXajL1k01yrf1/0IqrnJc7xonL3/rQ1s2Cg8ptAIa1aDxB0koLmqd6AouGI/R2i9orOvd/UXVUPUjZmcIslq/13hN7zv3OPsnxfIIfuJbQAGNCtqZ8WOgJ9N/vw0EkzPTPV3o7m18MsgeTKPLFa/fTpWa5egjYkDA0IGJ+IEXNMWVJiwq2VAMfrneUVP6aU2Pn3UBsQ/YsF3vgbnaH+Ny0Cl9IaByjv+d5W/xJ121bsU/MI4/kx04 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR04MB9417.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(346002)(396003)(136003)(39860400002)(376002)(66946007)(66476007)(66556008)(6862004)(8936002)(8676002)(4326008)(478600001)(5660300002)(1076003)(6486002)(186003)(2616005)(6506007)(316002)(2906002)(6666004)(38100700002)(38350700002)(41300700001)(86362001)(52116002)(26005)(83380400001)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 4UWBNkVvcpy66DP0OqQCdUk/jXBLtDa9/jA/AEUpSG3jjOv4e0fK2hjdhNe9DdqKSg4qdnEuRWZlyylBhxpraK3j+VYv76YKy6JE7BfyUXINJannx/YTubWZdwbo9TuxjV53Llvz3wHLb4uExaDRv+zGsOn2/Z7bBFgeVwtKB1RYj0f79sdmxI4J59dLX1TGpuIH7UAQtuOxKLrcTruDM+GsJQOc3oSSDi0xMTipKC1r8Oet5kYavlKTrB/3GnSOrkaxoRaWcio9glrueZRZmhs/DiG+qAAN3qeji78zySZXoJJ1HgF6fNDFpBPU1eA4UC46cd98cHNNdURuEK00aPrKaIP0Om3NnauMvUxJwQf4iUyfGmK6nJ+mX/vv7OCcSdrGxWXTbk34mkmls7VgyK5m78OCzR338Y+TT/Aur2EtEeVdfwluvtbqYReaV4jvCDxda7WZ6XpCBBcFHGM0ZQ68MKSJEixlxdfoppf/hQRf/aLLjp6LWLAQaXLL/sgIbmUwKlyHAKQAfFY4+Z9wUJn2p+8Q+od6Nadz+NNi2tyxmX6hqFKN8bPnhg3cyKnS3gYLAjabER8sIrKiiMigxxqLwCmBhlTu/7WuusiHrGCUwzXqsSaGI8savAdhcr9bknQEWxXqg7HzDEHsLSLkOypWh/QSHUVD7kABl+AEP0v486S+mSBtFtspt13TdYZ7r0GFxUg7lVcWUnVNpjWFfBeZcBE3TqI0GL4ETvppag0otqf4dpk+Svsz2QcRQ74xPTOuw36y5fz0UNrv1+IzDcoYg1ZCX9OafvSgEU1Pz7M551wBp6WLgRat8e7JFXSwUkx/+D6dFC2/4sLvcrt8micsp83661Jt8/fbAXoHus1zHyfJacYjJtsbm1mzxi/jk8jAK0xkSLGdBUAC7JXJ6mrEhGftE8nkNF4Kh66iOfX9ygTmdvDIfIGghurSJ87OI6pXtxevUvCEH2CQPp4WrtRBtTW/TTN5l3ec3QoLnZ4d0DphLYyVJssVmnv98sfiGTtx/RnovHQ4QhoOkqO7bN71krZdwKrMheboR+J0gSYw0rzaKx90yAQshguqPlXctlqH5HBhYsu4HQQh1G0FV7qnaSFGPUWRhuHON9KsaNeWefXhYlePWWv6ZpZwMT3YCI1HiND4ND4q0Vwq3Xp6JM8Oztl0p18STPAqB34W36YKTuWo6jDteOhOOkSU++gsJlGszmIajDYrrC7bJ89HgdperLR1Z0CZC6m3vcDDXwPNmVbjdfwgWlXP+oj5BIGxcKCBuIfODXzRb/YkQkNA+HJSzMdQsNR5MEXj/t0qH+kjW6kgBqjg1VxMibxMprji25SZQcXWg0ixilSQlvEg3yrkMFq8cnBq1wRK24P6n/uxVIOr5UGXuCcCav2hZ7+yZUTzS9o8q+EYAk9cNKz+RneYE8FMpOcJiLAxMdGXUavIpiKVt8VMmDKDPzVaeLzOPeXTfOj3DKznX3mmwmZX+WqbOrwUE69R//r8TpV5948hF6DzjBBU1JC3fUokLXCzy8+hbiuQ9V8wDeQWBe+CGnwSpZNuKQJhsMgriSwH3IWkDsRHIgqPDFIinv6gaQ82 X-OriginatorOrg: oss.nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 90d6d8ca-8c74-4c5e-e770-08da6edcc8fd X-MS-Exchange-CrossTenant-AuthSource: DU0PR04MB9417.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jul 2022 07:59:37.3883 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hIqv41wTRJniy2IHswadLF/VGZ9N7IT6UQUfreDIu4Y7anxMZd/edNrZ7v5u9EFgVKsXjMXp4SGNEOKHPDf+7Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB5649 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean From: Ye Li Add AHAB driver for iMX9 to do authentication by calling sentinel API Signed-off-by: Ye Li Signed-off-by: Peng Fan --- arch/arm/mach-imx/imx9/Kconfig | 5 + arch/arm/mach-imx/imx9/Makefile | 1 + arch/arm/mach-imx/imx9/ahab.c | 346 ++++++++++++++++++++++++++++++++ 3 files changed, 352 insertions(+) create mode 100644 arch/arm/mach-imx/imx9/ahab.c diff --git a/arch/arm/mach-imx/imx9/Kconfig b/arch/arm/mach-imx/imx9/Kconfig index ce58e41428f..dae9f658e65 100644 --- a/arch/arm/mach-imx/imx9/Kconfig +++ b/arch/arm/mach-imx/imx9/Kconfig @@ -1,5 +1,10 @@ if ARCH_IMX9 +config AHAB_BOOT + bool "Support i.MX9 AHAB features" + help + This option enables the support for AHAB secure boot. + config IMX9 bool select HAS_CAAM diff --git a/arch/arm/mach-imx/imx9/Makefile b/arch/arm/mach-imx/imx9/Makefile index 0124212f266..41a22500c95 100644 --- a/arch/arm/mach-imx/imx9/Makefile +++ b/arch/arm/mach-imx/imx9/Makefile @@ -4,3 +4,4 @@ obj-y += lowlevel_init.o obj-y += soc.o clock.o clock_root.o trdc.o +obj-$(CONFIG_AHAB_BOOT) += ahab.o diff --git a/arch/arm/mach-imx/imx9/ahab.c b/arch/arm/mach-imx/imx9/ahab.c new file mode 100644 index 00000000000..6aa949619b5 --- /dev/null +++ b/arch/arm/mach-imx/imx9/ahab.c @@ -0,0 +1,346 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2022 NXP + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +DECLARE_GLOBAL_DATA_PTR; + +#define IMG_CONTAINER_BASE (0x80000000UL) +#define IMG_CONTAINER_END_BASE (IMG_CONTAINER_BASE + 0xFFFFUL) + +#define AHAB_NO_AUTHENTICATION_IND 0xee +#define AHAB_BAD_KEY_HASH_IND 0xfa +#define AHAB_INVALID_KEY_IND 0xf9 +#define AHAB_BAD_SIGNATURE_IND 0xf0 +#define AHAB_BAD_HASH_IND 0xf1 + +static void display_ahab_auth_ind(u32 event) +{ + u8 resp_ind = (event >> 8) & 0xff; + + switch (resp_ind) { + case AHAB_NO_AUTHENTICATION_IND: + printf("AHAB_NO_AUTHENTICATION_IND (0x%02X)\n\n", resp_ind); + break; + case AHAB_BAD_KEY_HASH_IND: + printf("AHAB_BAD_KEY_HASH_IND (0x%02X)\n\n", resp_ind); + break; + case AHAB_INVALID_KEY_IND: + printf("AHAB_INVALID_KEY_IND (0x%02X)\n\n", resp_ind); + break; + case AHAB_BAD_SIGNATURE_IND: + printf("AHAB_BAD_SIGNATURE_IND (0x%02X)\n\n", resp_ind); + break; + case AHAB_BAD_HASH_IND: + printf("AHAB_BAD_HASH_IND (0x%02X)\n\n", resp_ind); + break; + default: + printf("Unknown Indicator (0x%02X)\n\n", resp_ind); + break; + } +} + +int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length) +{ + int err; + u32 resp; + + memcpy((void *)IMG_CONTAINER_BASE, (const void *)container, + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE)); + + flush_dcache_range(IMG_CONTAINER_BASE, + IMG_CONTAINER_BASE + ALIGN(length, CONFIG_SYS_CACHELINE_SIZE) - 1); + + err = ahab_auth_oem_ctnr(IMG_CONTAINER_BASE, &resp); + if (err) { + printf("Authenticate container hdr failed, return %d, resp 0x%x\n", + err, resp); + display_ahab_auth_ind(resp); + } + + return err; +} + +int ahab_auth_release(void) +{ + int err; + u32 resp; + + err = ahab_release_container(&resp); + if (err) { + printf("Error: release container failed, resp 0x%x!\n", resp); + display_ahab_auth_ind(resp); + } + + return err; +} + +int ahab_verify_cntr_image(struct boot_img_t *img, int image_index) +{ + int err; + u32 resp; + + err = ahab_verify_image(image_index, &resp); + if (err) { + printf("Authenticate img %d failed, return %d, resp 0x%x\n", + image_index, err, resp); + display_ahab_auth_ind(resp); + + return -EIO; + } + + return 0; +} + +static inline bool check_in_dram(ulong addr) +{ + int i; + struct bd_info *bd = gd->bd; + + for (i = 0; i < CONFIG_NR_DRAM_BANKS; ++i) { + if (bd->bi_dram[i].size) { + if (addr >= bd->bi_dram[i].start && + addr < (bd->bi_dram[i].start + bd->bi_dram[i].size)) + return true; + } + } + + return false; +} + +int authenticate_os_container(ulong addr) +{ + struct container_hdr *phdr; + int i, ret = 0; + int err; + u16 length; + struct boot_img_t *img; + unsigned long s, e; + + if (addr % 4) { + puts("Error: Image's address is not 4 byte aligned\n"); + return -EINVAL; + } + + if (!check_in_dram(addr)) { + puts("Error: Image's address is invalid\n"); + return -EINVAL; + } + + phdr = (struct container_hdr *)addr; + if (phdr->tag != 0x87 || phdr->version != 0x0) { + printf("Error: Wrong container header\n"); + return -EFAULT; + } + + if (!phdr->num_images) { + printf("Error: Wrong container, no image found\n"); + return -EFAULT; + } + + length = phdr->length_lsb + (phdr->length_msb << 8); + + debug("container length %u\n", length); + + err = ahab_auth_cntr_hdr(phdr, length); + if (err) { + ret = -EIO; + goto exit; + } + + debug("Verify images\n"); + + /* Copy images to dest address */ + for (i = 0; i < phdr->num_images; i++) { + img = (struct boot_img_t *)(addr + + sizeof(struct container_hdr) + + i * sizeof(struct boot_img_t)); + + debug("img %d, dst 0x%x, src 0x%lx, size 0x%x\n", + i, (uint32_t)img->dst, img->offset + addr, img->size); + + memcpy((void *)img->dst, (const void *)(img->offset + addr), + img->size); + + s = img->dst & ~(CONFIG_SYS_CACHELINE_SIZE - 1); + e = ALIGN(img->dst + img->size, CONFIG_SYS_CACHELINE_SIZE) - 1; + + flush_dcache_range(s, e); + + ret = ahab_verify_cntr_image(img, i); + if (ret) + goto exit; + } + +exit: + debug("ahab_auth_release, 0x%x\n", ret); + ahab_auth_release(); + + return ret; +} + +static int do_authenticate(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong addr; + + if (argc < 2) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + + printf("Authenticate OS container at 0x%lx\n", addr); + + if (authenticate_os_container(addr)) + return CMD_RET_FAILURE; + + return CMD_RET_SUCCESS; +} + +static void display_life_cycle(u32 lc) +{ + printf("Lifecycle: 0x%08X, ", lc); + switch (lc) { + case 0x1: + printf("BLANK\n\n"); + break; + case 0x2: + printf("FAB\n\n"); + break; + case 0x4: + printf("NXP Provisioned\n\n"); + break; + case 0x8: + printf("OEM Open\n\n"); + break; + case 0x10: + printf("OEM Secure World Closed\n\n"); + break; + case 0x20: + printf("OEM closed\n\n"); + break; + case 0x40: + printf("Field Return OEM\n\n"); + break; + case 0x80: + printf("Field Return NXP\n\n"); + break; + case 0x100: + printf("OEM Locked\n\n"); + break; + case 0x200: + printf("BRICKED\n\n"); + break; + default: + printf("Unknown\n\n"); + break; + } +} + +static int confirm_close(void) +{ + puts("Warning: Please ensure your sample is in NXP closed state, " + "OEM SRK hash has been fused, \n" + " and you are able to boot a signed image successfully " + "without any SECO events reported.\n" + " If not, your sample will be unrecoverable.\n" + "\nReally perform this operation? \n"); + + if (confirm_yesno()) + return 1; + + puts("Ahab close aborted\n"); + return 0; +} + +static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + int err; + u32 resp; + + if (!confirm_close()) + return -EACCES; + + err = ahab_forward_lifecycle(8, &resp); + if (err != 0) { + printf("Error in forward lifecycle to OEM closed\n"); + return -EIO; + } + + printf("Change to OEM closed successfully\n"); + + return 0; +} + +int ahab_dump(void) +{ + u32 buffer[32]; + int ret, i = 0; + + do { + ret = ahab_dump_buffer(buffer, 32); + if (ret < 0) { + printf("Error in dump AHAB log\n"); + return -EIO; + } + + if (ret == 1) + break; + for (i = 0; i < ret; i++) + printf("0x%x\n", buffer[i]); + } while (ret >= 21); + + return 0; +} + +static int do_ahab_dump(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + return ahab_dump(); +} + +static int do_ahab_status(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + u32 lc; + + lc = readl(FSB_BASE_ADDR + 0x41c); + lc &= 0x3ff; + + display_life_cycle(lc); + return 0; +} + +U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate, + "autenticate OS container via AHAB", + "addr\n" + "addr - OS container hex address\n" +); + +U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close, + "Change AHAB lifecycle to OEM closed", + "" +); + +U_BOOT_CMD(ahab_dump, CONFIG_SYS_MAXARGS, 1, do_ahab_dump, + "Dump AHAB log for debug", + "" +); + +U_BOOT_CMD(ahab_status, CONFIG_SYS_MAXARGS, 1, do_ahab_status, + "display AHAB lifecycle only", + "" +);