[PATCH u-boot v2019.04-aspeed-openbmc 3/6] ARM: ast2600: Control FIT uImage signature verification at runtime

Eddie James eajames at linux.ibm.com
Fri Feb 4 04:25:16 AEDT 2022


On 1/30/22 19:25, Andrew Jeffery wrote:
> Implement support for disabling signature verification of FIT images at
> runtime by sampling the "bmc-secure-boot" GPIO. If the line name is not
> provided in the devicetree then secure-boot continues to be required as
> if the feature were not present.


Reviewed-by: Eddie James <eajames at linux.ibm.com>


>
> Signed-off-by: Andrew Jeffery <andrew at aj.id.au>
> ---
>   arch/arm/mach-aspeed/ast2600/Makefile      |  1 +
>   arch/arm/mach-aspeed/ast2600/secure-boot.c | 53 ++++++++++++++++++++++
>   2 files changed, 54 insertions(+)
>   create mode 100644 arch/arm/mach-aspeed/ast2600/secure-boot.c
>
> diff --git a/arch/arm/mach-aspeed/ast2600/Makefile b/arch/arm/mach-aspeed/ast2600/Makefile
> index d07e8c737cfe..70b7ae11df56 100644
> --- a/arch/arm/mach-aspeed/ast2600/Makefile
> +++ b/arch/arm/mach-aspeed/ast2600/Makefile
> @@ -1,4 +1,5 @@
>   obj-y   += platform.o board_common.o scu_info.o utils.o cache.o
> +obj-$(CONFIG_FIT_RUNTIME_SIGNATURE) += secure-boot.o
>   obj-$(CONFIG_ASPEED_SECURE_BOOT) += crypto.o aspeed_verify.o
>   obj-$(CONFIG_ASPEED_LOADERS) += spl_boot.o
>   obj-$(CONFIG_SPL_BUILD) += spl.o
> diff --git a/arch/arm/mach-aspeed/ast2600/secure-boot.c b/arch/arm/mach-aspeed/ast2600/secure-boot.c
> new file mode 100644
> index 000000000000..ced353686387
> --- /dev/null
> +++ b/arch/arm/mach-aspeed/ast2600/secure-boot.c
> @@ -0,0 +1,53 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +// (C) Copyright IBM Corp. 2022
> +
> +#include <common.h>
> +#include <asm-generic/gpio.h>
> +#include <dm.h>
> +
> +static int aspeed_get_chained_secboot_state(void)
> +{
> +	struct gpio_desc desc;
> +	struct udevice *dev;
> +	int secboot;
> +	int rc;
> +
> +	rc = uclass_get_device_by_driver(UCLASS_GPIO,
> +					 DM_GET_DRIVER(gpio_aspeed),
> +					 &dev);
> +	if (rc < 0) {
> +		debug("Warning: GPIO initialization failure: %d\n", rc);
> +		return rc;
> +	}
> +
> +	rc = gpio_request_by_line_name(dev, "bmc-secure-boot", &desc,
> +				       GPIOD_IS_IN);
> +	if (rc < 0) {
> +		debug("Failed to acquire secure-boot GPIO: %d\n", rc);
> +		return rc;
> +	}
> +
> +	secboot = dm_gpio_get_value(&desc);
> +	if (secboot < 0)
> +		debug("Failed to read secure-boot GPIO value: %d\n", rc);
> +
> +	rc = dm_gpio_free(dev, &desc);
> +	if (rc < 0)
> +		debug("Failed to free secure-boot GPIO: %d\n", rc);
> +
> +	return secboot;
> +}
> +
> +int board_fit_image_require_verified(void)
> +{
> +	int secboot;
> +
> +	secboot = aspeed_get_chained_secboot_state();
> +
> +	/*
> +	 * If secure-boot is enabled then require signature verification.
> +	 * Otherwise, if we fail to read the GPIO, enforce FIT signature
> +	 * verification
> +	 */
> +	return secboot >= 0 ? secboot : 1;
> +}


More information about the openbmc mailing list