From patchwork Mon Apr 24 11:12:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabio Estevam <festevam@gmail.com>
X-Patchwork-Id: 1772865
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=Ko6rgp0f;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q4jFV2PVfz23s0
	for <incoming@patchwork.ozlabs.org>; Mon, 24 Apr 2023 21:14:22 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id AA06A86061;
	Mon, 24 Apr 2023 13:12:55 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.b="Ko6rgp0f";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id E9397860C0; Mon, 24 Apr 2023 13:12:42 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,SPF_HELO_NONE,
 SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
 version=3.4.2
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com
 [IPv6:2607:f8b0:4864:20::233])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id D6DD6860C8
 for <u-boot@lists.denx.de>; Mon, 24 Apr 2023 13:12:36 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=festevam@gmail.com
Received: by mail-oi1-x233.google.com with SMTP id
 5614622812f47-38c629026b4so44740b6e.1
 for <u-boot@lists.denx.de>; Mon, 24 Apr 2023 04:12:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1682334755; x=1684926755;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=fKaMSdfhZ9h0SKfDqTiJ8+nQ46tH95G16cen0fSoX44=;
 b=Ko6rgp0fX16ys83w4Frnrm9pl0tn3wHRZtSgBiTIZRpiDuq0XPwR84ELn0W9GIQMzZ
 Dak/X1ba2PyV4hQVNsIF2+7JI3iuS/o3wRHGaVMSRxZ3Vg/i0g9ndrQ+Uz2U2M1LPqXH
 zVbqRbv3GIMcZ5Mxl2kXB4JwVyb5PXRwD7rPNQ98CmJut6UpYviw4WMLV0kwZmFF0zd6
 GGT8Mfzp3fFjMU1JlDlrFos5qdyKG5d260uo29qLc6fhcfGR1ZJLyLjD3/yGL1ehiRBU
 hMWZyJqTP4tXXvdNfXR8psXb+SG/XcZGY0aenAWEB8dKHmU9dQErO/3Dw1gXXX9jUn1s
 RI3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1682334755; x=1684926755;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=fKaMSdfhZ9h0SKfDqTiJ8+nQ46tH95G16cen0fSoX44=;
 b=SrRsJ9KQLmAzKTyApZgCKlnt9LkQHovlV8CferafIjvtYC11MvO5SzKB3qqZ+4ViT4
 /yd3Lz+chXmWR6wCPnoZYhpTDH9KQdvcm38lBRLancz5hAt9s6O6Mrzr/G9gXEURe443
 q8LGx16RRYzkS2FrWFvNc8LJGi3IttCXEd/phdolp+Q+1H0qO4LgbreCSagFmQv51XpR
 plAjpmQepqTFYu9PDTWCp2kda/oql1Om8OOsdB0xYk5eTTqwa93546oKuaFWu9sVRZHl
 SkRd3tAEW18qnFM3CKq2MQ99GmDkZXcYuK4jvMu8b0pjSDHgK9QraGkIGetoAfHVgRDU
 BlpA==
X-Gm-Message-State: AAQBX9dxdGSB9CNzMQm3eUqXXdfW6y+SEyzVP1DZjJG0ktCi8d9ldjzP
 uqvBOBQEPTZ0yeL3ZAyVqOc=
X-Google-Smtp-Source: 
 AKy350ZCJAPtnJBdH3SJ6CSUrbhlQl1GYiZHYx6bGCiLy1+Y0KpKU2u6sOg0NSopxXjxeCsc68qdbA==
X-Received: by 2002:a4a:e04c:0:b0:547:12df:5daa with SMTP id
 v12-20020a4ae04c000000b0054712df5daamr7065759oos.1.1682334755216;
 Mon, 24 Apr 2023 04:12:35 -0700 (PDT)
Received: from fabio-Precision-3551..
 ([2804:14c:485:4b69:1d84:e533:11fa:26c6])
 by smtp.gmail.com with ESMTPSA id
 27-20020a4ae1bb000000b00541fbbbcd31sm2294678ooy.5.2023.04.24.04.12.33
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 24 Apr 2023 04:12:34 -0700 (PDT)
From: Fabio Estevam <festevam@gmail.com>
To: sbabic@denx.de
Cc: eduard@lionizers.com, u-boot@lists.denx.de,
 Fabio Estevam <festevam@denx.de>
Subject: [PATCH v3 10/13] smegw01: Add lockdown U-Boot env support
Date: Mon, 24 Apr 2023 08:12:03 -0300
Message-Id: <20230424111206.1438983-10-festevam@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230424111206.1438983-1-festevam@gmail.com>
References: <20230424111206.1438983-1-festevam@gmail.com>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

From: Eduard Strehlau <eduard@lionizers.com>

Add lockdown U-Boot env support so that only certain U-Boot environment
variables are allowed to be modified.

Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
---
Changes since v2:
- None

 board/storopack/smegw01/Kconfig   |  7 +++++
 board/storopack/smegw01/smegw01.c | 17 +++++++++++
 configs/smegw01_defconfig         | 11 ++++++-
 include/configs/smegw01.h         | 48 +++++++++++++++++++++++++++++--
 4 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/board/storopack/smegw01/Kconfig b/board/storopack/smegw01/Kconfig
index d8f24695d0..390214c285 100644
--- a/board/storopack/smegw01/Kconfig
+++ b/board/storopack/smegw01/Kconfig
@@ -12,4 +12,11 @@ config SYS_CONFIG_NAME
 config IMX_CONFIG
 	default "board/storopack/smegw01/imximage.cfg"
 
+config SYS_BOOT_LOCKED
+	bool "Lock boot process to EMMC"
+	default y
+	help
+	  Say N here if you want to boot from eMMC and SD.
+	  Say Y to boot from eMMC.
+
 endif
diff --git a/board/storopack/smegw01/smegw01.c b/board/storopack/smegw01/smegw01.c
index 9482f88773..e786429476 100644
--- a/board/storopack/smegw01/smegw01.c
+++ b/board/storopack/smegw01/smegw01.c
@@ -14,6 +14,7 @@
 #include <asm/io.h>
 #include <common.h>
 #include <env.h>
+#include <env_internal.h>
 #include <asm/arch/crm_regs.h>
 #include <asm/setup.h>
 #include <asm/bootm.h>
@@ -113,3 +114,19 @@ uint mmc_get_env_part(struct mmc *mmc)
 
 	return part;
 }
+
+enum env_location env_get_location(enum env_operation op, int prio)
+{
+	if (op == ENVOP_SAVE || op == ENVOP_ERASE)
+		return ENVL_MMC;
+
+	switch (prio) {
+	case 0:
+		return ENVL_NOWHERE;
+
+	case 1:
+		return ENVL_MMC;
+	}
+
+	return ENVL_UNKNOWN;
+}
diff --git a/configs/smegw01_defconfig b/configs/smegw01_defconfig
index 54cf1cfc1f..ea25b3b87c 100644
--- a/configs/smegw01_defconfig
+++ b/configs/smegw01_defconfig
@@ -7,6 +7,7 @@ CONFIG_ENV_OFFSET=0x100000
 CONFIG_DM_GPIO=y
 CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01"
 CONFIG_TARGET_SMEGW01=y
+# CONFIG_SYS_BOOT_LOCKED is not set
 CONFIG_ENV_OFFSET_REDUND=0x110000
 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 # CONFIG_ARMV7_VIRT is not set
@@ -17,13 +18,18 @@ CONFIG_SYS_MEMTEST_START=0x80000000
 CONFIG_SYS_MEMTEST_END=0xa0000000
 CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
+CONFIG_AUTOBOOT_MENU_SHOW=y
+CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE=y
 CONFIG_USE_BOOTCOMMAND=y
-CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; if run loadimage; then run mmcboot; else run altbootcmd; fi; "
+CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; run mmcboot; "
+CONFIG_USE_PREBOOT=y
+CONFIG_PREBOOT="run setup_boot_menu;"
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_MAXARGS=32
 CONFIG_SYS_PBSIZE=532
 # CONFIG_CMD_BOOTD is not set
 CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_BOOTMENU=y
 # CONFIG_CMD_IMI is not set
 # CONFIG_CMD_XIMG is not set
 CONFIG_CMD_MEMTEST=y
@@ -43,9 +49,12 @@ CONFIG_CMD_SQUASHFS=y
 CONFIG_CMD_FS_GENERIC=y
 CONFIG_OF_CONTROL=y
 CONFIG_ENV_OVERWRITE=y
+CONFIG_ENV_IS_NOWHERE=y
 CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
 CONFIG_SYS_RELOC_GD_ENV_ADDR=y
 CONFIG_SYS_MMC_ENV_DEV=1
+CONFIG_ENV_WRITEABLE_LIST=y
+CONFIG_ENV_ACCESS_IGNORE_FORCE=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_BOUNCE_BUFFER=y
 CONFIG_BOOTCOUNT_LIMIT=y
diff --git a/include/configs/smegw01.h b/include/configs/smegw01.h
index 8521883277..6f373973ab 100644
--- a/include/configs/smegw01.h
+++ b/include/configs/smegw01.h
@@ -22,6 +22,32 @@
 #define EXTRA_BOOTPARAMS
 #endif
 
+#ifdef CONFIG_SYS_BOOT_LOCKED
+#define EXTRA_ENV_FLAGS
+#define SETUP_BOOT_MENU "setup_boot_menu=setenv bootmenu_0 eMMC=run bootcmd\0"
+#else
+#define EXTRA_ENV_FLAGS "mmcdev:dw,"
+#define SETUP_BOOT_MENU "setup_boot_menu=" \
+	"if test \"${mmcdev}\" = 1; then " \
+		"setenv emmc_priority 0;" \
+		"setenv sd_priority 1;" \
+	"else " \
+		"setenv emmc_priority 1;" \
+		"setenv sd_priority 0;" \
+	"fi;" \
+	"setenv bootmenu_${emmc_priority} eMMC=run boot_emmc;" \
+	"setenv bootmenu_${sd_priority} SD=run boot_sd;\0"
+#endif
+
+#define CFG_ENV_FLAGS_LIST_STATIC \
+	"mmcpart:dw," \
+	"mmcpart_committed:dw," \
+	"ustate:dw," \
+	"bootcount:dw," \
+	"bootlimit:dw," \
+	"upgrade_available:dw," \
+	EXTRA_ENV_FLAGS
+
 #define CFG_EXTRA_ENV_SETTINGS \
 	"image=fitImage\0" \
 	"console=ttymxc0\0" \
@@ -40,13 +66,28 @@
 						  "fi;\0" \
 	"bootlimit=3\0" \
 	"fit_addr=0x88000000\0" \
-	"loadimage=load mmc ${mmcdev}#rootfs-${mmcpart_committed} ${fit_addr} boot/${image}\0" \
+	"loadimage=load mmc ${mmcdev}:${gpt_partition_entry} ${fit_addr} boot/${image}\0" \
 	"loadpart=gpt setenv mmc ${mmcdev} rootfs-${mmcpart_committed}\0" \
 	"loadbootpart=mmc partconf 1 boot_part\0" \
-	"mmcboot=echo Booting from mmc ...; " \
+	"boot_sd=setenv mmcdev_wanted 0; run persist_mmcdev; run bootcmd;\0" \
+	"boot_emmc=setenv mmcdev_wanted 1; run persist_mmcdev; run bootcmd;\0" \
+	"persist_mmcdev=" \
+		"if test \"${mmcdev}\" != \"${mmcdev_wanted}\"; then " \
+			"setenv mmcdev \"${mmcdev_wanted}\";" \
+			"saveenv;" \
+		"fi;\0" \
+	"mmcboot=echo Booting...; " \
+		"echo mmcdev: ${mmcdev}; " \
 	  "run commit_mmc; " \
+		"echo mmcpart: ${mmcpart_committed}; " \
 		"run loadpart; " \
+		"echo gptpart: ${gpt_partition_entry}; " \
 		"run loadbootpart; " \
+		"if run loadimage; then " \
+			"; " \
+		"else " \
+			"run altbootcmd; " \
+		"fi; " \
 		"run mmcargs; " \
 		"if bootm ${fit_addr}; then " \
 			"; " \
@@ -61,7 +102,8 @@
 			"setenv mmcpart 1; " \
 			"setenv mmcpart_committed 1;" \
 		"fi; setenv bootcount 0; setenv upgrade_available; setenv ustate 3; saveenv; " \
-		"run bootcmd;\0"
+		"run bootcmd;\0" \
+		SETUP_BOOT_MENU
 
 /* Physical Memory Map */
 #define PHYS_SDRAM			MMDC0_ARB_BASE_ADDR