From patchwork Fri Mar  4 03:03:36 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joel Stanley <joel@jms.id.au>
X-Patchwork-Id: 12768408
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 28ACCC433F5
	for <linux-arm-kernel@archiver.kernel.org>;
 Fri,  4 Mar 2022 03:05:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=OvEMTD0n/UyR2cLoBsFdqzLF95pPBloO0MpDHyJVW0M=; b=q/7o3Gn7RUwHxX
	+3rfS/gnDXaF7Rpaoa8/5qlEebb3YErxrgCAEQLmCz/EL7OxGdPLarf1xe1ITfs+kqrk9cU/xDl1y
	v/Y5kfGbfS8cegpbdp5u2G63MTQ8OkvecAeaSPFrrE9nkfbuwQEVzUU6sVOL07wHJxkACJGJ56Jlv
	YgXWyfi9+rdaezAOl9CHDjNhrPvj54iH6CLTH2JeaqeNJtFJVKDV5Nr0ClSVe4pd5KtU9mu29g57e
	TK2eVve/oTwshgoZLcdwaLDa0AX4/7gvjnT/g4+WfVGaGvI9CK5exl2sq+y1A/XPmZWHWHFjV9dkK
	qJ6heilr3S0UH8jCYM5g==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nPyES-008PLk-7R; Fri, 04 Mar 2022 03:03:52 +0000
Received: from mail-pj1-x102c.google.com ([2607:f8b0:4864:20::102c])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1nPyEN-008PLB-QG
 for linux-arm-kernel@lists.infradead.org; Fri, 04 Mar 2022 03:03:50 +0000
Received: by mail-pj1-x102c.google.com with SMTP id v4so6287375pjh.2
 for <linux-arm-kernel@lists.infradead.org>;
 Thu, 03 Mar 2022 19:03:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=+u2m0rf3cR04lcFpp9V0PIcwkqS7KFjZG1zpqmtcwE8=;
 b=l33fzAciqc+p8oYdc53A5JAEr+lfxeLsxLkb4s+5ZPW19CPt5TqrblmyFIAngemZAs
 NwW9hu/jqRCeTaKPZmFOu8s6t8/Hh6kdefWB13DVbD3KTqMxa4tamT/7/GHIeQsdiuKD
 UdQ2pvdBlYMM2gHTDmMz6E6ne/YS1mEGqxNyi8sn0sk6pbrcCTuDdhQr3DE2xyv9SQer
 +xI9OcV3dlgu1R+faA3cl6E7vO6aKMUaomTQuAHXyZuzIfe32LLJg+RsR38mGmPB+Q6q
 U3L6ii2IQvrpeP4C83xL9RaibbKZIhbujx6dxBFkaptNzq9rivTF717rSFZANHuHqLZT
 ZMsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :mime-version:content-transfer-encoding;
 bh=+u2m0rf3cR04lcFpp9V0PIcwkqS7KFjZG1zpqmtcwE8=;
 b=Azh3aJ8oIYWc4cRhPFP4WwLTa6tXC/TNkWOwJdIbYiidLeN8ctQfmVy0U7+8MZryUR
 xbashY6fmpQaZhdUFXhxF7t5IIBjxuuTVEXqEU0Hq0kHwtzyr45nIUuKSJwPBasUQaAy
 9MBTYeUDwxN99EIiquuPWF0uLykSKHhRnTil8dcypnbVeUpcbZ5oVjEj7xPMMW/GREmg
 6tn43jx8SU1iECEq6koO4nmSVz3sZ8IW8eybexYRdVAzaQGY6Ff3xW0mFsorXyJeR2Dj
 vlZc1vdhdR5koC4wcxlsDcljiLTjVHTW8qrVmGZ08N85OYDTO3HtLyoxlQckUfxuwBlN
 lInw==
X-Gm-Message-State: AOAM531p+nONp7fB8f38DGrlyEoqiHSZnX5AJdgrH9CJxa8Qyd4CR+eQ
 DrgWV483U6X2BrsX+80Vw8Sa1vWQ5036Cw==
X-Google-Smtp-Source: 
 ABdhPJzf+DPMVXpUtgHnSgaR8kBwlRjPuPEtNM65T93BHuXf6r6rCLOzeaJVsT2CUwjtjr3kvctttg==
X-Received: by 2002:a17:90a:ff0f:b0:1be:ed25:de99 with SMTP id
 ce15-20020a17090aff0f00b001beed25de99mr8436368pjb.159.1646363026995;
 Thu, 03 Mar 2022 19:03:46 -0800 (PST)
Received: from localhost.localdomain ([45.124.203.14])
 by smtp.gmail.com with ESMTPSA id
 h2-20020a056a00218200b004f6519ce666sm3966978pfi.170.2022.03.03.19.03.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 03 Mar 2022 19:03:46 -0800 (PST)
From: Joel Stanley <joel@jms.id.au>
To: Andrew Jeffery <andrew@aj.id.au>
Cc: Arnd Bergmann <arnd@arndb.de>, linux-arm-kernel@lists.infradead.org,
 linux-aspeed@lists.ozlabs.org
Subject: [PATCH] ARM: soc: aspeed: Add secure boot controller support
Date: Fri,  4 Mar 2022 13:33:36 +1030
Message-Id: <20220304030336.1017197-1-joel@jms.id.au>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220303_190347_887019_1CDDEBD7 
X-CRM114-Status: GOOD (  18.79  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

This reads out the status of the secure boot controller and exposes it
in debugfs.

An example on a AST2600A3 QEMU model:

 # grep -r . /sys/kernel/debug/aspeed/*
 /sys/kernel/debug/aspeed/abr_image:0
 /sys/kernel/debug/aspeed/low_security_key:0
 /sys/kernel/debug/aspeed/otp_protected:0
 /sys/kernel/debug/aspeed/secure_boot:1
 /sys/kernel/debug/aspeed/uart_boot:0

On boot the state of the system according to the secure boot controller
will be printed:

 [    0.037634] AST2600 secure boot enabled

or

 [    0.037935] AST2600 secure boot disabled

Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
---
We're creating a common API for a subset of this information in sysfs:

 https://lore.kernel.org/all/20220204072234.304543-1-joel@jms.id.au/

However, machines with an ASPEED soc need the detailed information from
the SBE that is not relevant for other systems, so expose it all in
debugfs.

 drivers/soc/aspeed/aspeed-sbc.c | 71 +++++++++++++++++++++++++++++++++
 drivers/soc/aspeed/Kconfig      |  7 ++++
 drivers/soc/aspeed/Makefile     |  1 +
 3 files changed, 79 insertions(+)
 create mode 100644 drivers/soc/aspeed/aspeed-sbc.c

diff --git a/drivers/soc/aspeed/aspeed-sbc.c b/drivers/soc/aspeed/aspeed-sbc.c
new file mode 100644
index 000000000000..ee466f02ae4c
--- /dev/null
+++ b/drivers/soc/aspeed/aspeed-sbc.c
@@ -0,0 +1,71 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* Copyright 2022 IBM Corp. */
+
+#include <linux/io.h>
+#include <linux/of.h>
+#include <linux/of_address.h>
+#include <linux/of_platform.h>
+#include <linux/debugfs.h>
+
+#define SEC_STATUS		0x14
+#define ABR_IMAGE_SOURCE	BIT(13)
+#define OTP_PROTECTED		BIT(8)
+#define LOW_SEC_KEY		BIT(7)
+#define SECURE_BOOT		BIT(6)
+#define UART_BOOT		BIT(5)
+
+struct sbe {
+	u8 abr_image;
+	u8 low_security_key;
+	u8 otp_protected;
+	u8 secure_boot;
+	u8 invert;
+	u8 uart_boot;
+};
+
+static struct sbe sbe;
+
+static int __init aspeed_sbc_init(void)
+{
+	struct device_node *np;
+	void __iomem *base;
+	struct dentry *debugfs_root;
+	u32 security_status;
+
+	/* AST2600 only */
+	np = of_find_compatible_node(NULL, NULL, "aspeed,ast2600-sbc");
+	if (!of_device_is_available(np))
+		return -ENODEV;
+
+	base = of_iomap(np, 0);
+	if (!base) {
+		of_node_put(np);
+		return -ENODEV;
+	}
+
+	security_status = readl(base + SEC_STATUS);
+
+	iounmap(base);
+	of_node_put(np);
+
+	sbe.abr_image = !!(security_status & ABR_IMAGE_SOURCE);
+	sbe.low_security_key = !!(security_status & LOW_SEC_KEY);
+	sbe.otp_protected = !!(security_status & OTP_PROTECTED);
+	sbe.secure_boot = !!(security_status & SECURE_BOOT);
+	/* Invert the bit, as 1 is boot from SPI/eMMC */
+	sbe.uart_boot =  !(security_status & UART_BOOT);
+
+	debugfs_root = debugfs_create_dir("aspeed", NULL);
+	debugfs_create_u8("abr_image", 0444, debugfs_root, &sbe.abr_image);
+	debugfs_create_u8("low_security_key", 0444, debugfs_root, &sbe.low_security_key);
+	debugfs_create_u8("otp_protected", 0444, debugfs_root, &sbe.otp_protected);
+	debugfs_create_u8("uart_boot", 0444, debugfs_root, &sbe.uart_boot);
+	debugfs_create_u8("secure_boot", 0444, debugfs_root, &sbe.secure_boot);
+
+	pr_info("AST2600 secure boot %s\n", sbe.secure_boot ? "enabled" : "disabled");
+
+	return 0;
+}
+
+
+subsys_initcall(aspeed_sbc_init);
diff --git a/drivers/soc/aspeed/Kconfig b/drivers/soc/aspeed/Kconfig
index f579ee0b5afa..7a2a5bed8bc5 100644
--- a/drivers/soc/aspeed/Kconfig
+++ b/drivers/soc/aspeed/Kconfig
@@ -52,6 +52,13 @@ config ASPEED_SOCINFO
 	help
 	  Say yes to support decoding of ASPEED BMC information.
 
+config ASPEED_SBC
+	bool "ASPEED Secure Boot Controller driver"
+	default MACH_ASPEED_G6
+	help
+	  Say yes to provide information about the secure boot controller in
+	  debugfs.
+
 endmenu
 
 endif
diff --git a/drivers/soc/aspeed/Makefile b/drivers/soc/aspeed/Makefile
index b35d74592964..042235ffa05b 100644
--- a/drivers/soc/aspeed/Makefile
+++ b/drivers/soc/aspeed/Makefile
@@ -4,3 +4,4 @@ obj-$(CONFIG_ASPEED_LPC_SNOOP)		+= aspeed-lpc-snoop.o
 obj-$(CONFIG_ASPEED_UART_ROUTING)	+= aspeed-uart-routing.o
 obj-$(CONFIG_ASPEED_P2A_CTRL)		+= aspeed-p2a-ctrl.o
 obj-$(CONFIG_ASPEED_SOCINFO)		+= aspeed-socinfo.o
+obj-$(CONFIG_ASPEED_SBC)		+= aspeed-sbc.o