From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 705EDC433EF for ; Mon, 7 Mar 2022 01:08:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:Cc:To:From:Date:References: In-Reply-To:Message-Id:Mime-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ywox+fYmfqVjrSuqkpIUQqR1ifwZxXOi5K673krZWiE=; b=tUlM4KbW2zsV4A YzGz7BAs0ydQVKtAp7ieRXuMrS2lIcYTBLfqwpC+1coKnD6Htu33ZrX0NQqoZ/3fQQgNYlUfaLlhd sGp9bDzorovFD/+4RciG/TqbUWKclM15ourRornBOrOXZ2uPnGFXv1dw8UmISQHGjjZqoN5krkl3P kyqoh87gtnrab2EGmtoFw4gVWpxKOlR3ulFT6LdAcZHM2A5gO2h+IlplDXhuf1YMEZdUu7Kr4o/rY W385zPS1fjXkBsYlBrt4gYiIIeRM7n2/0/UOvzpxE8nWRlteQM61Bcw/1BTjanvgOiSSoDAsKUEDy cteV+ZJQbOw5o+A5nEBQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nR1pm-00FUDs-RW; Mon, 07 Mar 2022 01:06:47 +0000 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nR1pi-00FUBv-KY for linux-arm-kernel@lists.infradead.org; Mon, 07 Mar 2022 01:06:44 +0000 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 6F81D3201D5E; Sun, 6 Mar 2022 20:06:36 -0500 (EST) Received: from imap49 ([10.202.2.99]) by compute3.internal (MEProxy); Sun, 06 Mar 2022 20:06:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aj.id.au; h=cc :cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; bh=/AUgfC+7Zw02ZKm05wwfBjgGYhe5UtHHDAkHZM sAvBk=; b=oAJluC8o2n5itBLIJav8NM4lUAf3InHVfFyPs602lwujNS47U1pV19 2ht0C0EbyXSTh615lCEShGwy0qEYWGd2kiAo6DSF7w/4zgaFkYqnwtDL9EQ9PASQ 0tEjp1i+LEuMMYB+Y4tvN1p9B/ZDR0nhqc4jfYpc28LeVBfxPmcJ8vGBJcRcwXGC xYRsIodErcI2tPAntM758ksGKTC35G6aYN8Nmzap8cejGviEuAnYFxzGEoJsB7PK pf1WiHpt4OWTuQ95MKmpTRkFpT8MQ0fq5jl68XM13MdKnF6TJ+ZfK8NhNF0R3Z+R NS4RfZ4jqSSPzf2bxRPgCBHvM/qK+XkQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=/AUgfC+7Zw02ZKm05 wwfBjgGYhe5UtHHDAkHZMsAvBk=; b=KPxdvW0v5RCLfS6e+MVAA0xdGw53ACmZ9 ABzpMf3UG0qoW7kojlTEcaNyEKcAMNEDbs3zYfbEh1+g4kuciSTPyqmDJYJmfQwi C0Z/TILA/IkP5aW38AR1MKr0qpDUIbuGo4lJnj/23OpJNE1i4E0HL+Y9duWmMaRL aaDmro64LDgVfGhNiwpIc6mltMyT6OQz6qjlWLk4pMy+t/p+FJxZHtM6FZoc24QS rCPfuXDo/UYaTS2pQEQ1cnB/AdjD1L5k6rjRVAUe0Kz+kpVzUfWVt0+xGhvkgHNa OmwuZ6zHMC+NfQ+aTLqIyegEswOqSoYShFqb+p2UlXpSrMCTMnVZA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddufedgfedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdetnhgu rhgvficulfgvfhhfvghrhidfuceorghnughrvgifsegrjhdrihgurdgruheqnecuggftrf grthhtvghrnhepudfftddvveekfffgteffffeuveegjeelgefhffejtdehtdfhlefgkeef hfefkeeinecuffhomhgrihhnpehkvghrnhgvlhdrohhrghenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrnhgurhgvfiesrghjrdhiugdrrghu X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1C33EF6007E; Sun, 6 Mar 2022 20:06:34 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997 Mime-Version: 1.0 Message-Id: In-Reply-To: <20220304030336.1017197-1-joel@jms.id.au> References: <20220304030336.1017197-1-joel@jms.id.au> Date: Mon, 07 Mar 2022 11:36:14 +1030 From: "Andrew Jeffery" To: "Joel Stanley" Cc: "Arnd Bergmann" , linux-arm-kernel@lists.infradead.org, linux-aspeed@lists.ozlabs.org Subject: Re: [PATCH] ARM: soc: aspeed: Add secure boot controller support X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220306_170642_920695_4D90244E X-CRM114-Status: GOOD ( 27.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, 4 Mar 2022, at 13:33, Joel Stanley wrote: > This reads out the status of the secure boot controller and exposes it > in debugfs. > > An example on a AST2600A3 QEMU model: > > # grep -r . /sys/kernel/debug/aspeed/* > /sys/kernel/debug/aspeed/abr_image:0 > /sys/kernel/debug/aspeed/low_security_key:0 > /sys/kernel/debug/aspeed/otp_protected:0 > /sys/kernel/debug/aspeed/secure_boot:1 > /sys/kernel/debug/aspeed/uart_boot:0 > > On boot the state of the system according to the secure boot controller > will be printed: > > [ 0.037634] AST2600 secure boot enabled > > or > > [ 0.037935] AST2600 secure boot disabled > > Signed-off-by: Joel Stanley > --- > We're creating a common API for a subset of this information in sysfs: > > https://lore.kernel.org/all/20220204072234.304543-1-joel@jms.id.au/ > > However, machines with an ASPEED soc need the detailed information from > the SBE that is not relevant for other systems, so expose it all in > debugfs. > > drivers/soc/aspeed/aspeed-sbc.c | 71 +++++++++++++++++++++++++++++++++ > drivers/soc/aspeed/Kconfig | 7 ++++ > drivers/soc/aspeed/Makefile | 1 + > 3 files changed, 79 insertions(+) > create mode 100644 drivers/soc/aspeed/aspeed-sbc.c > > diff --git a/drivers/soc/aspeed/aspeed-sbc.c > b/drivers/soc/aspeed/aspeed-sbc.c > new file mode 100644 > index 000000000000..ee466f02ae4c > --- /dev/null > +++ b/drivers/soc/aspeed/aspeed-sbc.c > @@ -0,0 +1,71 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* Copyright 2022 IBM Corp. */ > + > +#include > +#include > +#include > +#include > +#include > + > +#define SEC_STATUS 0x14 > +#define ABR_IMAGE_SOURCE BIT(13) > +#define OTP_PROTECTED BIT(8) > +#define LOW_SEC_KEY BIT(7) > +#define SECURE_BOOT BIT(6) > +#define UART_BOOT BIT(5) > + > +struct sbe { > + u8 abr_image; > + u8 low_security_key; > + u8 otp_protected; > + u8 secure_boot; > + u8 invert; > + u8 uart_boot; > +}; > + > +static struct sbe sbe; > + > +static int __init aspeed_sbc_init(void) > +{ > + struct device_node *np; > + void __iomem *base; > + struct dentry *debugfs_root; > + u32 security_status; If you change anything else, maybe reverse-christmas-tree this too? > + > + /* AST2600 only */ > + np = of_find_compatible_node(NULL, NULL, "aspeed,ast2600-sbc"); > + if (!of_device_is_available(np)) > + return -ENODEV; > + > + base = of_iomap(np, 0); > + if (!base) { > + of_node_put(np); > + return -ENODEV; > + } > + > + security_status = readl(base + SEC_STATUS); > + > + iounmap(base); > + of_node_put(np); The cleanup looks right to me. I half wonder if it would be better with a single-exit and gotos, but that's just an idle thought. Reviewed-by: Andrew Jeffery > + > + sbe.abr_image = !!(security_status & ABR_IMAGE_SOURCE); > + sbe.low_security_key = !!(security_status & LOW_SEC_KEY); > + sbe.otp_protected = !!(security_status & OTP_PROTECTED); > + sbe.secure_boot = !!(security_status & SECURE_BOOT); > + /* Invert the bit, as 1 is boot from SPI/eMMC */ > + sbe.uart_boot = !(security_status & UART_BOOT); > + > + debugfs_root = debugfs_create_dir("aspeed", NULL); > + debugfs_create_u8("abr_image", 0444, debugfs_root, &sbe.abr_image); > + debugfs_create_u8("low_security_key", 0444, debugfs_root, > &sbe.low_security_key); > + debugfs_create_u8("otp_protected", 0444, debugfs_root, > &sbe.otp_protected); > + debugfs_create_u8("uart_boot", 0444, debugfs_root, &sbe.uart_boot); > + debugfs_create_u8("secure_boot", 0444, debugfs_root, > &sbe.secure_boot); > + > + pr_info("AST2600 secure boot %s\n", sbe.secure_boot ? "enabled" : > "disabled"); > + > + return 0; > +} > + > + > +subsys_initcall(aspeed_sbc_init); > diff --git a/drivers/soc/aspeed/Kconfig b/drivers/soc/aspeed/Kconfig > index f579ee0b5afa..7a2a5bed8bc5 100644 > --- a/drivers/soc/aspeed/Kconfig > +++ b/drivers/soc/aspeed/Kconfig > @@ -52,6 +52,13 @@ config ASPEED_SOCINFO > help > Say yes to support decoding of ASPEED BMC information. > > +config ASPEED_SBC > + bool "ASPEED Secure Boot Controller driver" > + default MACH_ASPEED_G6 > + help > + Say yes to provide information about the secure boot controller in > + debugfs. > + > endmenu > > endif > diff --git a/drivers/soc/aspeed/Makefile b/drivers/soc/aspeed/Makefile > index b35d74592964..042235ffa05b 100644 > --- a/drivers/soc/aspeed/Makefile > +++ b/drivers/soc/aspeed/Makefile > @@ -4,3 +4,4 @@ obj-$(CONFIG_ASPEED_LPC_SNOOP) += aspeed-lpc-snoop.o > obj-$(CONFIG_ASPEED_UART_ROUTING) += aspeed-uart-routing.o > obj-$(CONFIG_ASPEED_P2A_CTRL) += aspeed-p2a-ctrl.o > obj-$(CONFIG_ASPEED_SOCINFO) += aspeed-socinfo.o > +obj-$(CONFIG_ASPEED_SBC) += aspeed-sbc.o > -- > 2.34.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel