diff --git a/board/ipq40xx/Kconfig b/board/ipq40xx/Kconfig index ee5773c492..0816040891 100644 --- a/board/ipq40xx/Kconfig +++ b/board/ipq40xx/Kconfig @@ -20,4 +20,8 @@ config USB_XHCI_IPQ config PCI_IPQ bool "ipq40xx pci" + +config BOARD_TYPES + bool "Support board_type member in global data" + default y endif diff --git a/board/ipq5018/Kconfig b/board/ipq5018/Kconfig index 92c280dc44..df0251983d 100644 --- a/board/ipq5018/Kconfig +++ b/board/ipq5018/Kconfig @@ -51,4 +51,7 @@ config GEPHY config ART_COMPRESSED bool "Enable uncompress support for ipq5018" +config BOARD_TYPES + bool "Support board_type member in global data" + default y endif diff --git a/board/ipq5332/Kconfig b/board/ipq5332/Kconfig index f78dfa53ae..26097be7cb 100644 --- a/board/ipq5332/Kconfig +++ b/board/ipq5332/Kconfig @@ -53,4 +53,8 @@ config QCA8081_PHY config DPR_EXECUTE bool "Enable DPR support" + +config BOARD_TYPES + bool "Support board_type member in global data" + default y endif diff --git a/board/ipq6018/Kconfig b/board/ipq6018/Kconfig index d03d7a8ea8..f58ba0e483 100644 --- a/board/ipq6018/Kconfig +++ b/board/ipq6018/Kconfig @@ -21,4 +21,8 @@ config PCI_IPQ config IPQ6018_QCA_AQUANTIA_PHY bool "Enable Aquantia PHY support for ipq6018" +config BOARD_TYPES + bool "Support board_type member in global data" + default y + endif diff --git a/board/ipq806x/Kconfig b/board/ipq806x/Kconfig index a0618db816..7d3a417edf 100644 --- a/board/ipq806x/Kconfig +++ b/board/ipq806x/Kconfig @@ -20,4 +20,8 @@ config USB_XHCI_IPQ config PCI_IPQ bool "ipq806x pci" +config BOARD_TYPES + bool "Support board_type member in global data" + default y + endif diff --git a/board/ipq807x/Kconfig b/board/ipq807x/Kconfig index db6c88cec8..25346bcbac 100644 --- a/board/ipq807x/Kconfig +++ b/board/ipq807x/Kconfig @@ -30,3 +30,7 @@ config QCA8081_PHY config QCA8075_PHY bool "Enable QCA8075 PHY support for ipq807x" + +config BOARD_TYPES + bool "Support board_type member in global data" + default y diff --git a/board/ipq9574/Kconfig b/board/ipq9574/Kconfig index 1a533b21dc..01998e0043 100644 --- a/board/ipq9574/Kconfig +++ b/board/ipq9574/Kconfig @@ -17,4 +17,8 @@ config IPQ9574_QCA_AQUANTIA_PHY config IPQ9574_QCA8075_PHY bool "Enable Malibu PHY support for ipq9574" + +config BOARD_TYPES + bool "Support board_type member in global data" + default y endif diff --git a/board/qca/arm/common/board_init.c b/board/qca/arm/common/board_init.c index 38164cc38e..f3a4942333 100644 --- a/board/qca/arm/common/board_init.c +++ b/board/qca/arm/common/board_init.c @@ -121,6 +121,32 @@ __weak int bring_sec_core_up(unsigned int cpuid, unsigned int entry, unsigned in } #endif +#define SECURE_BOARD_MAGIC 0x5ECB001 + +void update_board_type(void) +{ + int ret; + uint8_t buf = 0; + qca_smem_flash_info_t *sfi = &qca_smem_flash_info; + + if(SMEM_BOOT_NO_FLASH == sfi->flash_type) + return; + + ret = qca_scm_call(SCM_SVC_FUSE, QFPROM_IS_AUTHENTICATE_CMD, &buf, + sizeof(char)); + + if (ret) { + printf("%s: scm call failed. ret = %d\n", __func__, ret); + printf("%s: Failed\n", __func__); + gd->board_type = 0; + return; + } + + gd->board_type = (buf == 1) ? SECURE_BOARD_MAGIC : 0; + + return; +} + int board_init(void) { int ret; @@ -262,6 +288,9 @@ int board_init(void) * serial init after relocation */ uart_wait_tx_empty(); + + update_board_type(); + return 0; } diff --git a/board/qca/arm/common/cmd_bootqca.c b/board/qca/arm/common/cmd_bootqca.c index 0de586ce3a..95cf031dda 100644 --- a/board/qca/arm/common/cmd_bootqca.c +++ b/board/qca/arm/common/cmd_bootqca.c @@ -13,6 +13,7 @@ #include #include +#include #include #include #include @@ -86,6 +87,21 @@ typedef struct { } image_info; #endif +extern bootm_headers_t images; /* pointers to os/initrd/fdt images */ + +static int boot_os(int argc, char *const argv[]) +{ + + return do_bootm_states(NULL, 0, argc, argv, BOOTM_STATE_START | + BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | + BOOTM_STATE_LOADOS | +#if defined(CONFIG_PPC) || defined(CONFIG_MIPS) + BOOTM_STATE_OS_CMDLINE | +#endif + BOOTM_STATE_OS_PREP | BOOTM_STATE_OS_FAKE_GO | + BOOTM_STATE_OS_GO, &images, 1); +} + void __stack_chk_fail(void) { printf("stack-protector: U-boot stack is corrupted.\n"); @@ -268,7 +284,7 @@ int config_select(unsigned int addr, char *rcmd, int rcmd_size) ret = update_bootargs((void *)addr); if (ret) goto fail; - snprintf(rcmd, rcmd_size, "bootm 0x%x#%s\n", + snprintf(rcmd, rcmd_size, "0x%x#%s", addr, dtb_config_name); return 0; } @@ -301,7 +317,7 @@ int config_select(unsigned int addr, char *rcmd, int rcmd_size) ret = update_bootargs((void *)addr); if (ret) goto fail; - snprintf(rcmd, rcmd_size, "bootm 0x%x#%s\n", + snprintf(rcmd, rcmd_size, "0x%x#%s", addr, dtb_config_name); return 0; } @@ -501,6 +517,7 @@ static int authenticate_rootfs_elf(unsigned int rootfs_hdr) static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { char runcmd[256]; + char * const arg[1] = {runcmd}; int ret; unsigned int request; #ifdef CONFIG_VERSION_ROLLBACK_PARTITION_INFO @@ -745,7 +762,7 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a if (debug) printf("%s", runcmd); - if (ret < 0 || run_command(runcmd, 0) != CMD_RET_SUCCESS) { + if (ret < 0 || boot_os(1, arg) != CMD_RET_SUCCESS) { #ifdef CONFIG_QCA_MMC mmc_initialize(gd->bd); #endif @@ -766,6 +783,7 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const { int ret; char runcmd[256]; + char * const arg[1] = {runcmd}; #ifdef CONFIG_QCA_MMC block_dev_desc_t *blk_dev; disk_partition_t disk_info; @@ -884,7 +902,7 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const runcmd, sizeof(runcmd)); } else if (ret == IMAGE_FORMAT_LEGACY) { snprintf(runcmd, sizeof(runcmd), - "bootm 0x%x\n", CONFIG_SYS_LOAD_ADDR); + "0x%x", CONFIG_SYS_LOAD_ADDR); } else { ret = genimg_get_format((void *)CONFIG_SYS_LOAD_ADDR + sizeof(mbn_header_t)); @@ -901,16 +919,16 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const #endif } else if (ret == IMAGE_FORMAT_LEGACY) { snprintf(runcmd, sizeof(runcmd), - "bootm 0x%x\n", (CONFIG_SYS_LOAD_ADDR + + "0x%x", (CONFIG_SYS_LOAD_ADDR + sizeof(mbn_header_t))); + } else { dcache_disable(); return CMD_RET_FAILURE; } } - - if (ret < 0 || run_command(runcmd, 0) != CMD_RET_SUCCESS) { + if (ret < 0 || boot_os(1, arg) != CMD_RET_SUCCESS) { #ifdef CONFIG_USB_XHCI_IPQ ipq_board_usb_init(); #endif diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index 73ffa2142c..e18d6ae9c2 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -26,6 +26,8 @@ DECLARE_GLOBAL_DATA_PTR; +#define SECURE_BOARD_MAGIC 0x5ECB001 + #if defined(CONFIG_CMD_IMI) static int image_info(unsigned long addr); #endif @@ -96,6 +98,11 @@ static int do_bootm_subcommand(cmd_tbl_t *cmdtp, int flag, int argc, int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { + if(SECURE_BOARD_MAGIC == gd->board_type) { + printf("Booting restricted without authentication!!\n"); + reset_board(); + } + #ifdef CONFIG_NEEDS_MANUAL_RELOC static int relocated = 0; diff --git a/common/cmd_mem.c b/common/cmd_mem.c index efa39296ef..cb3095e3a8 100644 --- a/common/cmd_mem.c +++ b/common/cmd_mem.c @@ -33,6 +33,8 @@ DECLARE_GLOBAL_DATA_PTR; #define CONFIG_SYS_MEMTEST_SCRATCH 0 #endif +#define SECURE_BOARD_MAGIC 0x5ECB001 + static int mod_mem(cmd_tbl_t *, int, int, int, char * const []); /* Display values from last command. @@ -171,6 +173,11 @@ static int do_mem_mw(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) void *buf, *start; ulong bytes; + if(SECURE_BOARD_MAGIC == gd->board_type) { + printf("Command not supported \'%s\'\n", argv[0]); + return 0; + } + if ((argc < 3) || (argc > 4)) return CMD_RET_USAGE;