From 49abdfd8cececb91a4bc7e7b29a30c09dce461c7 Mon Sep 17 00:00:00 2001 From: Lionel Debieve Date: Fri, 6 Dec 2019 12:42:20 +0100 Subject: [PATCH 1/3] feat(st): disable authentication based on part_number STM32MP15xA and STM32MP15xD chip part numbers don't support the secure boot. All functions linked to secure boot must not be used and signed binaries are not allowed on such chip. Signed-off-by: Lionel Debieve Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695 --- plat/st/common/include/stm32mp_common.h | 1 + plat/st/common/stm32mp_auth.c | 5 +++++ plat/st/stm32mp1/bl2_plat_setup.c | 11 +++++++---- plat/st/stm32mp1/stm32mp1_private.c | 21 +++++++++++++++++++++ 4 files changed, 34 insertions(+), 4 deletions(-) diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h index cc06f5cb2..a13e9e582 100644 --- a/plat/st/common/include/stm32mp_common.h +++ b/plat/st/common/include/stm32mp_common.h @@ -21,6 +21,7 @@ uint16_t stm32mp_get_boot_itf_selected(void); bool stm32mp_is_single_core(void); bool stm32mp_is_closed_device(void); +bool stm32mp_is_auth_supported(void); /* Return the base address of the DDR controller */ uintptr_t stm32mp_ddrctrl_base(void); diff --git a/plat/st/common/stm32mp_auth.c b/plat/st/common/stm32mp_auth.c index 744201cd1..97fbffa2e 100644 --- a/plat/st/common/stm32mp_auth.c +++ b/plat/st/common/stm32mp_auth.c @@ -46,6 +46,11 @@ int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer) INFO("Check signature on Open device\n"); } + if (auth_ops == NULL) { + ERROR("Device doesn't support image authentication\n"); + return -EOPNOTSUPP; + } + ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE, STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE); if (ret != 0) { diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c index 13ba5abd6..a5a4c1c21 100644 --- a/plat/st/stm32mp1/bl2_plat_setup.c +++ b/plat/st/stm32mp1/bl2_plat_setup.c @@ -333,11 +333,14 @@ skip_console_init: stm32_iwdg_refresh(); - stm32mp1_auth_ops.check_key = boot_context->bootrom_ecdsa_check_key; - stm32mp1_auth_ops.verify_signature = - boot_context->bootrom_ecdsa_verify_signature; + if (stm32mp_is_auth_supported()) { + stm32mp1_auth_ops.check_key = + boot_context->bootrom_ecdsa_check_key; + stm32mp1_auth_ops.verify_signature = + boot_context->bootrom_ecdsa_verify_signature; - stm32mp_init_auth(&stm32mp1_auth_ops); + stm32mp_init_auth(&stm32mp1_auth_ops); + } stm32mp1_arch_security_setup(); diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c index 075d1d7fa..51569758a 100644 --- a/plat/st/stm32mp1/stm32mp1_private.c +++ b/plat/st/stm32mp1/stm32mp1_private.c @@ -443,6 +443,27 @@ bool stm32mp_is_closed_device(void) return (value & CFG0_CLOSED_DEVICE) == CFG0_CLOSED_DEVICE; } +/* Return true when device supports secure boot */ +bool stm32mp_is_auth_supported(void) +{ + bool supported = false; + + switch (get_part_number()) { + case STM32MP151C_PART_NB: + case STM32MP151F_PART_NB: + case STM32MP153C_PART_NB: + case STM32MP153F_PART_NB: + case STM32MP157C_PART_NB: + case STM32MP157F_PART_NB: + supported = true; + break; + default: + break; + } + + return supported; +} + uint32_t stm32_iwdg_get_instance(uintptr_t base) { switch (base) { From f7130e81cf9c3682232bb9319b1798184b44920f Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Tue, 19 Oct 2021 13:31:06 +0200 Subject: [PATCH 2/3] fix(stm32mp1): rework switch/case for MISRA Avoid the use of return inside switch/case in stm32mp_is_single_core(). Although this MISRA rulre might not be enforced, we align on what is done for stm32mp_is_auth_supported(). Change-Id: I00a5ec1b18c55b4254af00c9c5cf5a4dce104175 Signed-off-by: Yann Gautier --- plat/st/stm32mp1/stm32mp1_private.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c index 51569758a..9b39b9d3e 100644 --- a/plat/st/stm32mp1/stm32mp1_private.c +++ b/plat/st/stm32mp1/stm32mp1_private.c @@ -420,15 +420,20 @@ void stm32mp_print_boardinfo(void) /* Return true when SoC provides a single Cortex-A7 core, and false otherwise */ bool stm32mp_is_single_core(void) { + bool single_core = false; + switch (get_part_number()) { case STM32MP151A_PART_NB: case STM32MP151C_PART_NB: case STM32MP151D_PART_NB: case STM32MP151F_PART_NB: - return true; + single_core = true; + break; default: - return false; + break; } + + return single_core; } /* Return true when device is in closed state */ From ac4b8b06eb23134d2a9002834541d33f8d43661b Mon Sep 17 00:00:00 2001 From: Lionel Debieve Date: Tue, 28 Jan 2020 09:02:41 +0100 Subject: [PATCH 3/3] feat(stm32mp1): warn when debug enabled on secure chip Add a banner that inform user that debug is enabled on a secure chip. Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014 Signed-off-by: Lionel Debieve Signed-off-by: Yann Gautier --- plat/st/stm32mp1/bl2_plat_setup.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c index a5a4c1c21..150436086 100644 --- a/plat/st/stm32mp1/bl2_plat_setup.c +++ b/plat/st/stm32mp1/bl2_plat_setup.c @@ -33,6 +33,20 @@ #include #include +#if DEBUG +static const char debug_msg[] = { + "***************************************************\n" + "** DEBUG ACCESS PORT IS OPEN! **\n" + "** This boot image is only for debugging purpose **\n" + "** and is unsafe for production use. **\n" + "** **\n" + "** If you see this message and you are not **\n" + "** debugging report this immediately to your **\n" + "** vendor! **\n" + "***************************************************\n" +}; +#endif + static struct stm32mp_auth_ops stm32mp1_auth_ops; static void print_reset_reason(void) @@ -333,6 +347,16 @@ skip_console_init: stm32_iwdg_refresh(); + if (bsec_read_debug_conf() != 0U) { + if (stm32mp_is_closed_device()) { +#if DEBUG + WARN("\n%s", debug_msg); +#else + ERROR("***Debug opened on closed chip***\n"); +#endif + } + } + if (stm32mp_is_auth_supported()) { stm32mp1_auth_ops.check_key = boot_context->bootrom_ecdsa_check_key;