From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 4/4] hab: habv4: export function to query HAB state
Date: Wed, 26 Jul 2023 21:27:18 +0200 [thread overview]
Message-ID: <20230726192718.911735-4-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20230726192718.911735-1-a.fatoum@pengutronix.de>
Board code may want to base runtime decisions on whether the system
is secure booting. Add a function to query that state.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
drivers/hab/habv4.c | 29 +++++++++++++----------------
include/hab.h | 17 +++++++++++++++++
2 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index b6baa92c679d..9f54aed5f508 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -68,18 +68,6 @@ enum hab_config {
HAB_CONFIG_CLOSED = 0xcc, /* Secure IC */
};
-/* State definitions */
-enum hab_state {
- HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */
- HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */
- HAB_STATE_NONSECURE = 0x66, /* Non-secure state */
- HAB_STATE_TRUSTED = 0x99, /* Trusted state */
- HAB_STATE_SECURE = 0xaa, /* Secure state */
- HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
- HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
- HAB_STATE_NONE = 0xf0, /* No security state machine */
-};
-
enum hab_reason {
HAB_REASON_RSN_ANY = 0x00, /* Match any reason */
HAB_REASON_UNS_COMMAND = 0x03, /* Unsupported command */
@@ -168,7 +156,7 @@ struct habv4_rvt {
enum hab_status (*run_csf)(const void *csf, uint8_t cid);
enum hab_status (*assert)(enum hab_assertion assertion, const void *data, uint32_t count);
enum hab_status (*report_event)(enum hab_status status, uint32_t index, void *event, uint32_t *bytes);
- enum hab_status (*report_status)(enum hab_config *config, enum hab_state *state);
+ enum hab_status (*report_status)(enum hab_config *config, enum habv4_state *state);
void (*failsafe)(void);
} __packed;
@@ -182,7 +170,7 @@ struct habv4_rvt {
#define FSL_SIP_HAB_CHECK_TARGET 0x06
static enum hab_status hab_sip_report_status(enum hab_config *config,
- enum hab_state *state)
+ enum habv4_state *state)
{
struct arm_smccc_res res;
@@ -290,7 +278,7 @@ static const char *habv4_get_config_str(enum hab_config config)
return "<unknown>";
}
-static const char *habv4_get_state_str(enum hab_state state)
+static const char *habv4_get_state_str(enum habv4_state state)
{
switch (state) {
case HAB_STATE_INITIAL:
@@ -518,6 +506,13 @@ static uint8_t *hab_get_event(const struct habv4_rvt *rvt, int index, int *len)
return buf;
}
+static int habv4_state = -EPROBE_DEFER;
+
+int habv4_get_state(void)
+{
+ return habv4_state;
+}
+
static int habv4_get_status(const struct habv4_rvt *rvt)
{
uint8_t *data;
@@ -525,7 +520,7 @@ static int habv4_get_status(const struct habv4_rvt *rvt)
int i;
enum hab_status status;
enum hab_config config = 0x0;
- enum hab_state state = 0x0;
+ enum habv4_state state = 0x0;
if (rvt->header.tag != HAB_TAG_RVT) {
pr_err("ERROR - RVT not found!\n");
@@ -533,6 +528,8 @@ static int habv4_get_status(const struct habv4_rvt *rvt)
}
status = rvt->report_status(&config, &state);
+ habv4_state = state;
+
pr_info("Status: %s (0x%02x)\n", habv4_get_status_str(status), status);
pr_info("Config: %s (0x%02x)\n", habv4_get_config_str(config), config);
pr_info("State: %s (0x%02x)\n", habv4_get_state_str(state), state);
diff --git a/include/hab.h b/include/hab.h
index d594ad9ee185..ebe19ce357a6 100644
--- a/include/hab.h
+++ b/include/hab.h
@@ -8,9 +8,22 @@
#include <errno.h>
+/* State definitions */
+enum habv4_state {
+ HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */
+ HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */
+ HAB_STATE_NONSECURE = 0x66, /* Non-secure state */
+ HAB_STATE_TRUSTED = 0x99, /* Trusted state */
+ HAB_STATE_SECURE = 0xaa, /* Secure state */
+ HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
+ HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
+ HAB_STATE_NONE = 0xf0, /* No security state machine */
+};
+
#ifdef CONFIG_HABV4
int imx28_hab_get_status(void);
int imx6_hab_get_status(void);
+int habv4_get_state(void);
#else
static inline int imx28_hab_get_status(void)
{
@@ -20,6 +33,10 @@ static inline int imx6_hab_get_status(void)
{
return -EPERM;
}
+static inline int habv4_get_state(void)
+{
+ return -ENOSYS;
+}
#endif
#ifdef CONFIG_HABV3
--
2.39.2
next prev parent reply other threads:[~2023-07-26 19:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-26 19:27 [PATCH 1/4] commands: hab: check for error in imx_hab_device_locked_down Ahmad Fatoum
2023-07-26 19:27 ` [PATCH 2/4] HAB: guard against NULL imx_hab_ops in imx_hab_device_locked_down() Ahmad Fatoum
2023-07-26 19:27 ` [PATCH 3/4] nvmem: ocotp: handle too early calls into ocotp driver gracefully Ahmad Fatoum
2023-07-27 6:05 ` Marco Felsch
2023-07-27 6:26 ` Ahmad Fatoum
2023-07-26 19:27 ` Ahmad Fatoum [this message]
2023-07-27 6:05 ` [PATCH 1/4] commands: hab: check for error in imx_hab_device_locked_down Marco Felsch
2023-07-28 6:09 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230726192718.911735-4-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox