From patchwork Thu Mar 10 00:06:29 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joel Stanley <joel@jms.id.au>
X-Patchwork-Id: 12775703
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 41C63C433EF
	for <linux-arm-kernel@archiver.kernel.org>;
 Thu, 10 Mar 2022 00:08:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=Qb5jmgiauEecvRgngqc85TI+hDamsoCH7Ur4hxlgaz8=; b=ljKrzFXdycKGhT
	zojt1ZYGjdJEum/5Cbq0zgRsJ96Hx0PTY0odjY2VLUU9jVgunpTPMCN0yOs/lJom2Nqb36QmPqnDv
	f0fHrq/Zbyad3PzXLG+hiCbEj/xnjUWTQ1/vbYzSNPPs5olbSZ85PD6pqKT/bxOa6RuKLEtDcZY0A
	2a4wVI12DDaag97Si73D7BntcH8Gc+I74KW43txjb9HgB2trR+Vn+3VjEFcYafWtpsQOw+Y0gACBe
	CyIv7pV22i+KaiJrGQAL2uC2s40/Ks+kORPgMH1hEvOYvoJvOAK92E6zsJqB/IdGfvLPgVYKUU3FQ
	h6RZXeLwPdRurkENN9/A==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nS6Kg-00AqRN-F4; Thu, 10 Mar 2022 00:07:06 +0000
Received: from mail-pf1-x42d.google.com ([2607:f8b0:4864:20::42d])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1nS6KO-00AqMj-SS
 for linux-arm-kernel@lists.infradead.org; Thu, 10 Mar 2022 00:06:50 +0000
Received: by mail-pf1-x42d.google.com with SMTP id t2so961629pfj.10
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 09 Mar 2022 16:06:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=ecoCAWmCAhUla5p6wB0ZNMD7/ItzoQDPKB6CkD1FiJU=;
 b=HcyGOemhntflTA9db6hp8iBOE+cYdAFucJwq2zKDFt6adh2H3niBPlG9lUoqj33rZI
 pjKetC+dCW8fJlSS1/PNrP+LpWGff7OTWSHwaeNYj6+DOyZzZV0X7VJxJzNUYxReqtzn
 kHhnCuXLqJGEXok4SiiKSU/SoXVsPWmP5CidEl8ffVvAHFy4tIBVvn/tBgcGyja9CD3c
 TIcdaTfwCJt5YfVu4ysc9CtKkFFhpHY2xrMl2sDsZ6EF2KYJEbpOTZdZtm+4KmkjiKeV
 Od4Z6zwcOw1aMmHj4hp9BFV3WJ8erO/ODJfghGMGG+wa8P9JfLsgWAhomQTH5Ci8Q1+6
 4R6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=ecoCAWmCAhUla5p6wB0ZNMD7/ItzoQDPKB6CkD1FiJU=;
 b=2RV29QwxHgINzyVF5lEoJmKCJKsUxvdA1bwAP0EO6wKSamkfx2nohZoNlGiBTdbokw
 ZCeaSbACe/+atdaqKSsc0tu3hfMBfXHPzioeYZdZbV3pn8kL1OfgZdWihSPMY8IHulYr
 ZGq0afyRGvl/m6xhfsxdFKKBkQ9YtAV2ZvOeBQ/FWI5v7YODiJqQ38N/VPcrKBSCP+Ms
 QmB7yg01HGDTBphlbZbLCSDsEOT96cpypGRhGMzIHI5y+2pTtRmRetqWO32XyIJNnzHy
 xN2aN+OC5QgCQeTRI2YNFRibYOfkBen4KNNMCBtvYsdAtmMk2AqLyU9PYZj5waa/CEVV
 J/Aw==
X-Gm-Message-State: AOAM532ZUMcotlwLXLVWaVTmBYfg559KWyS9BgD82YJ6lvMka5Q3K41A
 IFapKtsq4O8xF6nyAyu1+gg=
X-Google-Smtp-Source: 
 ABdhPJwZt7V7Rky3/B3OEnLK8Sych0iLRtte6CgeCT/BUS4V6i2BtEPOiGwDArCjmy4sMOYRAIUR8w==
X-Received: by 2002:a63:17:0:b0:37f:f283:24b with SMTP id
 23-20020a630017000000b0037ff283024bmr1805632pga.407.1646870807951;
 Wed, 09 Mar 2022 16:06:47 -0800 (PST)
Received: from localhost.localdomain ([45.124.203.14])
 by smtp.gmail.com with ESMTPSA id
 g6-20020a056a001a0600b004f2a4316a0asm4213405pfv.60.2022.03.09.16.06.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 09 Mar 2022 16:06:47 -0800 (PST)
From: Joel Stanley <joel@jms.id.au>
To: Andrew Jeffery <andrew@aj.id.au>, Arnd Bergmann <arnd@arndb.de>,
	=?utf-8?q?C=C3=A9dric_Le_Goater?= <clg@kaod.org>
Cc: linux-aspeed@lists.ozlabs.org,
	linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 2/2] ARM: soc: aspeed: Add secure boot controller support
Date: Thu, 10 Mar 2022 10:36:29 +1030
Message-Id: <20220310000629.119699-3-joel@jms.id.au>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220310000629.119699-1-joel@jms.id.au>
References: <20220310000629.119699-1-joel@jms.id.au>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220309_160648_976940_F40EB8E4 
X-CRM114-Status: GOOD (  19.16  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

This reads out the status of the secure boot controller and exposes it
in debugfs.

An example on a AST2600A3 QEMU model:

 # grep -r . /sys/kernel/debug/aspeed/*
 /sys/kernel/debug/aspeed/sbc/abr_image:0
 /sys/kernel/debug/aspeed/sbc/low_security_key:0
 /sys/kernel/debug/aspeed/sbc/otp_protected:0
 /sys/kernel/debug/aspeed/sbc/secure_boot:1
 /sys/kernel/debug/aspeed/sbc/uart_boot:0

On boot the state of the system according to the secure boot controller
will be printed:

 [    0.037634] AST2600 secure boot enabled

or

 [    0.037935] AST2600 secure boot disabled

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
v2:
  - Place files in aspeed/sbc
  - Check for error when creating directory
  - Print secure boot message even if debugfs is disabled
---
 drivers/soc/aspeed/aspeed-sbc.c | 73 +++++++++++++++++++++++++++++++++
 drivers/soc/aspeed/Kconfig      |  7 ++++
 drivers/soc/aspeed/Makefile     |  1 +
 3 files changed, 81 insertions(+)
 create mode 100644 drivers/soc/aspeed/aspeed-sbc.c

diff --git a/drivers/soc/aspeed/aspeed-sbc.c b/drivers/soc/aspeed/aspeed-sbc.c
new file mode 100644
index 000000000000..be4497b418c4
--- /dev/null
+++ b/drivers/soc/aspeed/aspeed-sbc.c
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* Copyright 2022 IBM Corp. */
+
+#include <linux/io.h>
+#include <linux/of.h>
+#include <linux/of_address.h>
+#include <linux/of_platform.h>
+#include <linux/debugfs.h>
+
+#define SEC_STATUS		0x14
+#define ABR_IMAGE_SOURCE	BIT(13)
+#define OTP_PROTECTED		BIT(8)
+#define LOW_SEC_KEY		BIT(7)
+#define SECURE_BOOT		BIT(6)
+#define UART_BOOT		BIT(5)
+
+struct sbe {
+	u8 abr_image;
+	u8 low_security_key;
+	u8 otp_protected;
+	u8 secure_boot;
+	u8 invert;
+	u8 uart_boot;
+};
+
+static struct sbe sbe;
+
+static int __init aspeed_sbc_init(void)
+{
+	struct device_node *np;
+	void __iomem *base;
+	struct dentry *sbc_dir;
+	u32 security_status;
+
+	/* AST2600 only */
+	np = of_find_compatible_node(NULL, NULL, "aspeed,ast2600-sbc");
+	if (!of_device_is_available(np))
+		return -ENODEV;
+
+	base = of_iomap(np, 0);
+	if (!base) {
+		of_node_put(np);
+		return -ENODEV;
+	}
+
+	security_status = readl(base + SEC_STATUS);
+
+	iounmap(base);
+	of_node_put(np);
+
+	sbe.abr_image = !!(security_status & ABR_IMAGE_SOURCE);
+	sbe.low_security_key = !!(security_status & LOW_SEC_KEY);
+	sbe.otp_protected = !!(security_status & OTP_PROTECTED);
+	sbe.secure_boot = !!(security_status & SECURE_BOOT);
+	/* Invert the bit, as 1 is boot from SPI/eMMC */
+	sbe.uart_boot =  !(security_status & UART_BOOT);
+
+	pr_info("AST2600 secure boot %s\n", sbe.secure_boot ? "enabled" : "disabled");
+
+	sbc_dir = debugfs_create_dir("sbc", arch_debugfs_dir);
+	if (IS_ERR(sbc_dir))
+		return PTR_ERR(sbc_dir);
+
+	debugfs_create_u8("abr_image", 0444, sbc_dir, &sbe.abr_image);
+	debugfs_create_u8("low_security_key", 0444, sbc_dir, &sbe.low_security_key);
+	debugfs_create_u8("otp_protected", 0444, sbc_dir, &sbe.otp_protected);
+	debugfs_create_u8("uart_boot", 0444, sbc_dir, &sbe.uart_boot);
+	debugfs_create_u8("secure_boot", 0444, sbc_dir, &sbe.secure_boot);
+
+	return 0;
+}
+
+subsys_initcall(aspeed_sbc_init);
diff --git a/drivers/soc/aspeed/Kconfig b/drivers/soc/aspeed/Kconfig
index f941c41b84dc..aaf4596ae4f9 100644
--- a/drivers/soc/aspeed/Kconfig
+++ b/drivers/soc/aspeed/Kconfig
@@ -62,6 +62,13 @@ config ASPEED_XDMA
 	  SoCs. The XDMA engine can perform PCIe DMA operations between the BMC
 	  and a host processor.
 
+config ASPEED_SBC
+	bool "ASPEED Secure Boot Controller driver"
+	default MACH_ASPEED_G6
+	help
+	  Say yes to provide information about the secure boot controller in
+	  debugfs.
+
 endmenu
 
 endif
diff --git a/drivers/soc/aspeed/Makefile b/drivers/soc/aspeed/Makefile
index 8fb73cede4bf..9e275fd1d54d 100644
--- a/drivers/soc/aspeed/Makefile
+++ b/drivers/soc/aspeed/Makefile
@@ -4,4 +4,5 @@ obj-$(CONFIG_ASPEED_LPC_SNOOP)		+= aspeed-lpc-snoop.o
 obj-$(CONFIG_ASPEED_UART_ROUTING)	+= aspeed-uart-routing.o
 obj-$(CONFIG_ASPEED_P2A_CTRL)		+= aspeed-p2a-ctrl.o
 obj-$(CONFIG_ASPEED_SOCINFO)		+= aspeed-socinfo.o
+obj-$(CONFIG_ASPEED_SBC)		+= aspeed-sbc.o
 obj-$(CONFIG_ASPEED_XDMA)	+= aspeed-xdma.o