[PATCH u-boot v2019.04-aspeed-openbmc 3/6] ARM: ast2600: Control FIT uImage signature verification at runtime
Eddie James
eajames at linux.ibm.com
Fri Feb 4 04:25:16 AEDT 2022
On 1/30/22 19:25, Andrew Jeffery wrote:
> Implement support for disabling signature verification of FIT images at
> runtime by sampling the "bmc-secure-boot" GPIO. If the line name is not
> provided in the devicetree then secure-boot continues to be required as
> if the feature were not present.
Reviewed-by: Eddie James <eajames at linux.ibm.com>
>
> Signed-off-by: Andrew Jeffery <andrew at aj.id.au>
> ---
> arch/arm/mach-aspeed/ast2600/Makefile | 1 +
> arch/arm/mach-aspeed/ast2600/secure-boot.c | 53 ++++++++++++++++++++++
> 2 files changed, 54 insertions(+)
> create mode 100644 arch/arm/mach-aspeed/ast2600/secure-boot.c
>
> diff --git a/arch/arm/mach-aspeed/ast2600/Makefile b/arch/arm/mach-aspeed/ast2600/Makefile
> index d07e8c737cfe..70b7ae11df56 100644
> --- a/arch/arm/mach-aspeed/ast2600/Makefile
> +++ b/arch/arm/mach-aspeed/ast2600/Makefile
> @@ -1,4 +1,5 @@
> obj-y += platform.o board_common.o scu_info.o utils.o cache.o
> +obj-$(CONFIG_FIT_RUNTIME_SIGNATURE) += secure-boot.o
> obj-$(CONFIG_ASPEED_SECURE_BOOT) += crypto.o aspeed_verify.o
> obj-$(CONFIG_ASPEED_LOADERS) += spl_boot.o
> obj-$(CONFIG_SPL_BUILD) += spl.o
> diff --git a/arch/arm/mach-aspeed/ast2600/secure-boot.c b/arch/arm/mach-aspeed/ast2600/secure-boot.c
> new file mode 100644
> index 000000000000..ced353686387
> --- /dev/null
> +++ b/arch/arm/mach-aspeed/ast2600/secure-boot.c
> @@ -0,0 +1,53 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +// (C) Copyright IBM Corp. 2022
> +
> +#include <common.h>
> +#include <asm-generic/gpio.h>
> +#include <dm.h>
> +
> +static int aspeed_get_chained_secboot_state(void)
> +{
> + struct gpio_desc desc;
> + struct udevice *dev;
> + int secboot;
> + int rc;
> +
> + rc = uclass_get_device_by_driver(UCLASS_GPIO,
> + DM_GET_DRIVER(gpio_aspeed),
> + &dev);
> + if (rc < 0) {
> + debug("Warning: GPIO initialization failure: %d\n", rc);
> + return rc;
> + }
> +
> + rc = gpio_request_by_line_name(dev, "bmc-secure-boot", &desc,
> + GPIOD_IS_IN);
> + if (rc < 0) {
> + debug("Failed to acquire secure-boot GPIO: %d\n", rc);
> + return rc;
> + }
> +
> + secboot = dm_gpio_get_value(&desc);
> + if (secboot < 0)
> + debug("Failed to read secure-boot GPIO value: %d\n", rc);
> +
> + rc = dm_gpio_free(dev, &desc);
> + if (rc < 0)
> + debug("Failed to free secure-boot GPIO: %d\n", rc);
> +
> + return secboot;
> +}
> +
> +int board_fit_image_require_verified(void)
> +{
> + int secboot;
> +
> + secboot = aspeed_get_chained_secboot_state();
> +
> + /*
> + * If secure-boot is enabled then require signature verification.
> + * Otherwise, if we fail to read the GPIO, enforce FIT signature
> + * verification
> + */
> + return secboot >= 0 ? secboot : 1;
> +}
More information about the openbmc
mailing list