Board code may want to base runtime decisions on whether the system
is secure booting. Add a function to query that state.
Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
drivers/hab/habv4.c | 29 +++++++++++++----------------
include/hab.h | 17 +++++++++++++++++
2 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index b6baa92c679d..9f54aed5f508 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -68,18 +68,6 @@ enum hab_config {
HAB_CONFIG_CLOSED = 0xcc, /* Secure IC */
};
-/* State definitions */
-enum hab_state {
- HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */
- HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */
- HAB_STATE_NONSECURE = 0x66, /* Non-secure state */
- HAB_STATE_TRUSTED = 0x99, /* Trusted state */
- HAB_STATE_SECURE = 0xaa, /* Secure state */
- HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
- HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
- HAB_STATE_NONE = 0xf0, /* No security state machine */
-};
-
enum hab_reason {
HAB_REASON_RSN_ANY = 0x00, /* Match any reason */
HAB_REASON_UNS_COMMAND = 0x03, /* Unsupported command */
@@ -168,7 +156,7 @@ struct habv4_rvt {
enum hab_status (*run_csf)(const void *csf, uint8_t cid);
enum hab_status (*assert)(enum hab_assertion assertion, const void *data, uint32_t count);
enum hab_status (*report_event)(enum hab_status status, uint32_t index, void *event, uint32_t *bytes);
- enum hab_status (*report_status)(enum hab_config *config, enum hab_state *state);
+ enum hab_status (*report_status)(enum hab_config *config, enum habv4_state *state);
void (*failsafe)(void);
} __packed;
@@ -182,7 +170,7 @@ struct habv4_rvt {
#define FSL_SIP_HAB_CHECK_TARGET 0x06
static enum hab_status hab_sip_report_status(enum hab_config *config,
- enum hab_state *state)
+ enum habv4_state *state)
{
struct arm_smccc_res res;
@@ -290,7 +278,7 @@ static const char *habv4_get_config_str(enum hab_config config)
return "<unknown>";
}
-static const char *habv4_get_state_str(enum hab_state state)
+static const char *habv4_get_state_str(enum habv4_state state)
{
switch (state) {
case HAB_STATE_INITIAL:
@@ -518,6 +506,13 @@ static uint8_t *hab_get_event(const struct habv4_rvt *rvt, int index, int *len)
return buf;
}
+static int habv4_state = -EPROBE_DEFER;
+
+int habv4_get_state(void)
+{
+ return habv4_state;
+}
+
static int habv4_get_status(const struct habv4_rvt *rvt)
{
uint8_t *data;
@@ -525,7 +520,7 @@ static int habv4_get_status(const struct habv4_rvt *rvt)
int i;
enum hab_status status;
enum hab_config config = 0x0;
- enum hab_state state = 0x0;
+ enum habv4_state state = 0x0;
if (rvt->header.tag != HAB_TAG_RVT) {
pr_err("ERROR - RVT not found!\n");
@@ -533,6 +528,8 @@ static int habv4_get_status(const struct habv4_rvt *rvt)
}
status = rvt->report_status(&config, &state);
+ habv4_state = state;
+
pr_info("Status: %s (0x%02x)\n", habv4_get_status_str(status), status);
pr_info("Config: %s (0x%02x)\n", habv4_get_config_str(config), config);
pr_info("State: %s (0x%02x)\n", habv4_get_state_str(state), state);
diff --git a/include/hab.h b/include/hab.h
index d594ad9ee185..ebe19ce357a6 100644
--- a/include/hab.h
+++ b/include/hab.h
@@ -8,9 +8,22 @@
#include <errno.h>
+/* State definitions */
+enum habv4_state {
+ HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */
+ HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */
+ HAB_STATE_NONSECURE = 0x66, /* Non-secure state */
+ HAB_STATE_TRUSTED = 0x99, /* Trusted state */
+ HAB_STATE_SECURE = 0xaa, /* Secure state */
+ HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
+ HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
+ HAB_STATE_NONE = 0xf0, /* No security state machine */
+};
+
#ifdef CONFIG_HABV4
int imx28_hab_get_status(void);
int imx6_hab_get_status(void);
+int habv4_get_state(void);
#else
static inline int imx28_hab_get_status(void)
{
@@ -20,6 +33,10 @@ static inline int imx6_hab_get_status(void)
{
return -EPERM;
}
+static inline int habv4_get_state(void)
+{
+ return -ENOSYS;
+}
#endif
#ifdef CONFIG_HABV3
--
2.39.2
