feat(stm32mp1): warn when debug enabled on secure chip

Add a banner that inform user that debug is enabled on a secure chip. Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014 Signed-off-by: Lionel Debieve <lionel.debieve@st.com> Signed-off-by: Yann Gautier <yann.gautier@st.com>
2025-04-25 06:19:56 +00:00 · 2020-01-28 09:02:41 +01:00 · 2020-01-28 09:02:41 +01:00 · ac4b8b06eb
commit ac4b8b06eb
parent f7130e81cf
1 changed files with 24 additions and 0 deletions
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@ -33,6 +33,20 @@
 #include <stm32mp_common.h>
 #include <stm32mp1_dbgmcu.h>

+#if DEBUG
+static const char debug_msg[] = {
+	"***************************************************\n"
+	"** DEBUG ACCESS PORT IS OPEN!                    **\n"
+	"** This boot image is only for debugging purpose **\n"
+	"** and is unsafe for production use.             **\n"
+	"**                                               **\n"
+	"** If you see this message and you are not       **\n"
+	"** debugging report this immediately to your     **\n"
+	"** vendor!                                       **\n"
+	"***************************************************\n"
+};
+#endif
+
 static struct stm32mp_auth_ops stm32mp1_auth_ops;

 static void print_reset_reason(void)
@ -333,6 +347,16 @@ skip_console_init:

 	stm32_iwdg_refresh();

+	if (bsec_read_debug_conf() != 0U) {
+		if (stm32mp_is_closed_device()) {
+#if DEBUG
+			WARN("\n%s", debug_msg);
+#else
+			ERROR("***Debug opened on closed chip***\n");
+#endif
+		}
+	}
+
 	if (stm32mp_is_auth_supported()) {
 		stm32mp1_auth_ops.check_key =
 			boot_context->bootrom_ecdsa_check_key;