[PATCH u-boot v2019.04-aspeed-openbmc 3/6] ARM: ast2600: Control FIT uImage signature verification at runtime

Andrew Jeffery andrew at aj.id.au
Mon Jan 31 12:25:35 AEDT 2022 

Implement support for disabling signature verification of FIT images at
runtime by sampling the "bmc-secure-boot" GPIO. If the line name is not
provided in the devicetree then secure-boot continues to be required as
if the feature were not present.

Signed-off-by: Andrew Jeffery <andrew at aj.id.au>
---
 arch/arm/mach-aspeed/ast2600/Makefile      |  1 +
 arch/arm/mach-aspeed/ast2600/secure-boot.c | 53 ++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 arch/arm/mach-aspeed/ast2600/secure-boot.c

diff --git a/arch/arm/mach-aspeed/ast2600/Makefile b/arch/arm/mach-aspeed/ast2600/Makefile
index d07e8c737cfe..70b7ae11df56 100644
--- a/arch/arm/mach-aspeed/ast2600/Makefile
+++ b/arch/arm/mach-aspeed/ast2600/Makefile
@@ -1,4 +1,5 @@
 obj-y   += platform.o board_common.o scu_info.o utils.o cache.o
+obj-$(CONFIG_FIT_RUNTIME_SIGNATURE) += secure-boot.o
 obj-$(CONFIG_ASPEED_SECURE_BOOT) += crypto.o aspeed_verify.o
 obj-$(CONFIG_ASPEED_LOADERS) += spl_boot.o
 obj-$(CONFIG_SPL_BUILD) += spl.o
diff --git a/arch/arm/mach-aspeed/ast2600/secure-boot.c b/arch/arm/mach-aspeed/ast2600/secure-boot.c
new file mode 100644
index 000000000000..ced353686387
--- /dev/null
+++ b/arch/arm/mach-aspeed/ast2600/secure-boot.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+// (C) Copyright IBM Corp. 2022
+
+#include <common.h>
+#include <asm-generic/gpio.h>
+#include <dm.h>
+
+static int aspeed_get_chained_secboot_state(void)
+{
+	struct gpio_desc desc;
+	struct udevice *dev;
+	int secboot;
+	int rc;
+
+	rc = uclass_get_device_by_driver(UCLASS_GPIO,
+					 DM_GET_DRIVER(gpio_aspeed),
+					 &dev);
+	if (rc < 0) {
+		debug("Warning: GPIO initialization failure: %d\n", rc);
+		return rc;
+	}
+
+	rc = gpio_request_by_line_name(dev, "bmc-secure-boot", &desc,
+				       GPIOD_IS_IN);
+	if (rc < 0) {
+		debug("Failed to acquire secure-boot GPIO: %d\n", rc);
+		return rc;
+	}
+
+	secboot = dm_gpio_get_value(&desc);
+	if (secboot < 0)
+		debug("Failed to read secure-boot GPIO value: %d\n", rc);
+
+	rc = dm_gpio_free(dev, &desc);
+	if (rc < 0)
+		debug("Failed to free secure-boot GPIO: %d\n", rc);
+
+	return secboot;
+}
+
+int board_fit_image_require_verified(void)
+{
+	int secboot;
+
+	secboot = aspeed_get_chained_secboot_state();
+
+	/*
+	 * If secure-boot is enabled then require signature verification.
+	 * Otherwise, if we fail to read the GPIO, enforce FIT signature
+	 * verification
+	 */
+	return secboot >= 0 ? secboot : 1;
+}
-- 
2.32.0

More information about the openbmc mailing list