Merge "ipqsoc: board: Add restriction for bootm and mw cmd"

2025-12-10 07:44:53 +01:00 · 2023-11-22 08:40:02 -08:00 · 2023-11-22 08:40:02 -08:00 · 2f2f149458
commit 2f2f149458
parent 33bf8df37a 1bf2b24543
11 changed files with 95 additions and 7 deletions
--- a/board/ipq40xx/Kconfig
+++ b/board/ipq40xx/Kconfig
@ -20,4 +20,8 @@ config USB_XHCI_IPQ

 config PCI_IPQ
 	bool "ipq40xx pci"
+
+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
 endif
--- a/board/ipq5018/Kconfig
+++ b/board/ipq5018/Kconfig
@ -51,4 +51,7 @@ config GEPHY
 config ART_COMPRESSED
 	bool "Enable uncompress support for ipq5018"

+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
 endif
--- a/board/ipq5332/Kconfig
+++ b/board/ipq5332/Kconfig
@ -56,4 +56,8 @@ config QCA8081_PHY

 config DPR_EXECUTE
 	bool "Enable DPR support"
+
+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
 endif
--- a/board/ipq6018/Kconfig
+++ b/board/ipq6018/Kconfig
@ -21,4 +21,8 @@ config PCI_IPQ
 config IPQ6018_QCA_AQUANTIA_PHY
 	bool "Enable Aquantia PHY support for ipq6018"

+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
+
 endif
--- a/board/ipq806x/Kconfig
+++ b/board/ipq806x/Kconfig
@ -20,4 +20,8 @@ config USB_XHCI_IPQ
 config PCI_IPQ
 	bool "ipq806x pci"

+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
+
 endif
--- a/board/ipq807x/Kconfig
+++ b/board/ipq807x/Kconfig
@ -30,3 +30,7 @@ config QCA8081_PHY

 config QCA8075_PHY
 	bool "Enable QCA8075 PHY support for ipq807x"
+
+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
--- a/board/ipq9574/Kconfig
+++ b/board/ipq9574/Kconfig
@ -17,4 +17,8 @@ config IPQ9574_QCA_AQUANTIA_PHY

 config IPQ9574_QCA8075_PHY
 	bool "Enable Malibu PHY support for ipq9574"
+
+config BOARD_TYPES
+	bool "Support board_type member in global data"
+	default y
 endif
--- a/board/qca/arm/common/board_init.c
+++ b/board/qca/arm/common/board_init.c
@ -121,6 +121,32 @@ __weak int bring_sec_core_up(unsigned int cpuid, unsigned int entry, unsigned in
 }
 #endif

+#define SECURE_BOARD_MAGIC	0x5ECB001
+
+void update_board_type(void)
+{
+	int ret;
+	uint8_t buf = 0;
+	qca_smem_flash_info_t *sfi = &qca_smem_flash_info;
+
+	if(SMEM_BOOT_NO_FLASH == sfi->flash_type)
+		return;
+
+	ret = qca_scm_call(SCM_SVC_FUSE, QFPROM_IS_AUTHENTICATE_CMD, &buf,
+								sizeof(char));
+
+	if (ret) {
+		printf("%s: scm call failed. ret = %d\n", __func__, ret);
+		printf("%s: Failed\n", __func__);
+		gd->board_type = 0;
+		return;
+	}
+
+	gd->board_type = (buf == 1) ? SECURE_BOARD_MAGIC : 0;
+
+	return;
+}
+
 int board_init(void)
 {
 	int ret;
@ -262,6 +288,9 @@ int board_init(void)
 	 * serial init after relocation
 	 */
 	uart_wait_tx_empty();
+
+	update_board_type();
+
 	return 0;
 }

--- a/board/qca/arm/common/cmd_bootqca.c
+++ b/board/qca/arm/common/cmd_bootqca.c
@ -13,6 +13,7 @@

 #include <common.h>
 #include <command.h>
+#include <bootm.h>
 #include <image.h>
 #include <nand.h>
 #include <errno.h>
@ -85,6 +86,21 @@ typedef struct {
 } image_info;
 #endif

+extern bootm_headers_t images;		/* pointers to os/initrd/fdt images */
+
+static int boot_os(int argc, char *const argv[])
+{
+
+	return do_bootm_states(NULL, 0, argc, argv, BOOTM_STATE_START |
+		BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER |
+		BOOTM_STATE_LOADOS |
+#if defined(CONFIG_PPC) || defined(CONFIG_MIPS)
+		BOOTM_STATE_OS_CMDLINE |
+#endif
+		BOOTM_STATE_OS_PREP | BOOTM_STATE_OS_FAKE_GO |
+		BOOTM_STATE_OS_GO, &images, 1);
+}
+
 void __stack_chk_fail(void)
 {
 	printf("stack-protector: U-boot stack is corrupted.\n");
@ -263,7 +279,7 @@ int config_select(unsigned int addr, char *rcmd, int rcmd_size)
 			ret = update_bootargs((void *)addr);
 			if (ret)
 				goto fail;
-			snprintf(rcmd, rcmd_size, "bootm 0x%x#%s\n",
+			snprintf(rcmd, rcmd_size, "0x%x#%s",
 				 addr, dtb_config_name);
 			return 0;
 		}
@ -296,7 +312,7 @@ int config_select(unsigned int addr, char *rcmd, int rcmd_size)
 				ret = update_bootargs((void *)addr);
 				if (ret)
 					goto fail;
-				snprintf(rcmd, rcmd_size, "bootm 0x%x#%s\n",
+				snprintf(rcmd, rcmd_size, "0x%x#%s",
 					 addr, dtb_config_name);
 				return 0;
 			}
@ -497,6 +513,7 @@ static int authenticate_rootfs_elf(unsigned int rootfs_hdr)
 static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 {
 	char runcmd[256];
+	char * const arg[1] = {runcmd};
 	int ret;
 	unsigned int request;
 #ifdef CONFIG_VERSION_ROLLBACK_PARTITION_INFO
@ -741,7 +758,7 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a
 	if (debug)
 		printf("%s", runcmd);

-	if (ret < 0 || run_command(runcmd, 0) != CMD_RET_SUCCESS) {
+	if (ret < 0 || boot_os(1, arg) != CMD_RET_SUCCESS) {
 #ifdef CONFIG_QCA_MMC
 		mmc_initialize(gd->bd);
 #endif
@ -763,6 +780,7 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const
 {
 	int ret;
 	char runcmd[256];
+	char * const arg[1] = {runcmd};
 #ifdef CONFIG_QCA_MMC
 	block_dev_desc_t *blk_dev;
 	disk_partition_t disk_info;
@ -881,7 +899,7 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const
 				    runcmd, sizeof(runcmd));
 	} else if (ret == IMAGE_FORMAT_LEGACY) {
 		snprintf(runcmd, sizeof(runcmd),
-			 "bootm 0x%x\n", CONFIG_SYS_LOAD_ADDR);
+			 "0x%x", CONFIG_SYS_LOAD_ADDR);
 	} else {
 		ret = genimg_get_format((void *)CONFIG_SYS_LOAD_ADDR +
 					sizeof(mbn_header_t));
@ -898,16 +916,16 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const
 #endif
 		} else if (ret == IMAGE_FORMAT_LEGACY) {
 			snprintf(runcmd, sizeof(runcmd),
-				 "bootm 0x%x\n", (CONFIG_SYS_LOAD_ADDR +
+				 "0x%x", (CONFIG_SYS_LOAD_ADDR +
 						  sizeof(mbn_header_t)));
+
 		} else {
 			dcache_disable();
 			return CMD_RET_FAILURE;
 		}
 	}

-
-	if (ret < 0 || run_command(runcmd, 0) != CMD_RET_SUCCESS) {
+	if (ret < 0 || boot_os(1, arg) != CMD_RET_SUCCESS) {
 #ifdef CONFIG_USB_XHCI_IPQ
 		ipq_board_usb_init();
 #endif
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@ -26,6 +26,8 @@

 DECLARE_GLOBAL_DATA_PTR;

+#define SECURE_BOARD_MAGIC	0x5ECB001
+
 #if defined(CONFIG_CMD_IMI)
 static int image_info(unsigned long addr);
 #endif
@ -96,6 +98,11 @@ static int do_bootm_subcommand(cmd_tbl_t *cmdtp, int flag, int argc,

 int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 {
+	if(SECURE_BOARD_MAGIC == gd->board_type) {
+		printf("Booting restricted without authentication!!\n");
+		reset_board();
+	}
+
 #ifdef CONFIG_NEEDS_MANUAL_RELOC
 	static int relocated = 0;

--- a/common/cmd_mem.c
+++ b/common/cmd_mem.c
@ -33,6 +33,8 @@ DECLARE_GLOBAL_DATA_PTR;
 #define CONFIG_SYS_MEMTEST_SCRATCH 0
 #endif

+#define SECURE_BOARD_MAGIC	0x5ECB001
+
 static int mod_mem(cmd_tbl_t *, int, int, int, char * const []);

 /* Display values from last command.
@ -171,6 +173,11 @@ static int do_mem_mw(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 	void *buf, *start;
 	ulong bytes;

+	if(SECURE_BOARD_MAGIC == gd->board_type) {
+		printf("Command not supported \'%s\'\n", argv[0]);
+		return 0;
+	}
+
 	if ((argc < 3) || (argc > 4))
 		return CMD_RET_USAGE;