Merge changes from topic "st-security-update" into integration

* changes: feat(stm32mp1): warn when debug enabled on secure chip fix(stm32mp1): rework switch/case for MISRA feat(st): disable authentication based on part_number
2022-02-02 22:17:12 +01:00 · 2022-02-02 22:17:12 +01:00 · 99026cff47
parent b350811cc9 ac4b8b06eb
commit 99026cff47
4 changed files with 65 additions and 6 deletions
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@ -21,6 +21,7 @@ uint16_t stm32mp_get_boot_itf_selected(void);

 bool stm32mp_is_single_core(void);
 bool stm32mp_is_closed_device(void);
+bool stm32mp_is_auth_supported(void);

 /* Return the base address of the DDR controller */
 uintptr_t stm32mp_ddrctrl_base(void);
--- a/plat/st/common/stm32mp_auth.c
+++ b/plat/st/common/stm32mp_auth.c
@ -46,6 +46,11 @@ int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer)
 		INFO("Check signature on Open device\n");
 	}

+	if (auth_ops == NULL) {
+		ERROR("Device doesn't support image authentication\n");
+		return -EOPNOTSUPP;
+	}
+
 	ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,
 				      STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE);
 	if (ret != 0) {
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@ -33,6 +33,20 @@
 #include <stm32mp_common.h>
 #include <stm32mp1_dbgmcu.h>

+#if DEBUG
+static const char debug_msg[] = {
+	"***************************************************\n"
+	"** DEBUG ACCESS PORT IS OPEN!                    **\n"
+	"** This boot image is only for debugging purpose **\n"
+	"** and is unsafe for production use.             **\n"
+	"**                                               **\n"
+	"** If you see this message and you are not       **\n"
+	"** debugging report this immediately to your     **\n"
+	"** vendor!                                       **\n"
+	"***************************************************\n"
+};
+#endif
+
 static struct stm32mp_auth_ops stm32mp1_auth_ops;

 static void print_reset_reason(void)
@ -333,11 +347,24 @@ skip_console_init:

 	stm32_iwdg_refresh();

-	stm32mp1_auth_ops.check_key = boot_context->bootrom_ecdsa_check_key;
-	stm32mp1_auth_ops.verify_signature =
-		boot_context->bootrom_ecdsa_verify_signature;
+	if (bsec_read_debug_conf() != 0U) {
+		if (stm32mp_is_closed_device()) {
+#if DEBUG
+			WARN("\n%s", debug_msg);
+#else
+			ERROR("***Debug opened on closed chip***\n");
+#endif
+		}
+	}

-	stm32mp_init_auth(&stm32mp1_auth_ops);
+	if (stm32mp_is_auth_supported()) {
+		stm32mp1_auth_ops.check_key =
+			boot_context->bootrom_ecdsa_check_key;
+		stm32mp1_auth_ops.verify_signature =
+			boot_context->bootrom_ecdsa_verify_signature;
+
+		stm32mp_init_auth(&stm32mp1_auth_ops);
+	}

 	stm32mp1_arch_security_setup();

--- a/plat/st/stm32mp1/stm32mp1_private.c
+++ b/plat/st/stm32mp1/stm32mp1_private.c
@ -420,15 +420,20 @@ void stm32mp_print_boardinfo(void)
 /* Return true when SoC provides a single Cortex-A7 core, and false otherwise */
 bool stm32mp_is_single_core(void)
 {
+	bool single_core = false;
+
 	switch (get_part_number()) {
 	case STM32MP151A_PART_NB:
 	case STM32MP151C_PART_NB:
 	case STM32MP151D_PART_NB:
 	case STM32MP151F_PART_NB:
-		return true;
+		single_core = true;
+		break;
 	default:
-		return false;
+		break;
 	}
+
+	return single_core;
 }

 /* Return true when device is in closed state */
@ -443,6 +448,27 @@ bool stm32mp_is_closed_device(void)
 	return (value & CFG0_CLOSED_DEVICE) == CFG0_CLOSED_DEVICE;
 }

+/* Return true when device supports secure boot */
+bool stm32mp_is_auth_supported(void)
+{
+	bool supported = false;
+
+	switch (get_part_number()) {
+	case STM32MP151C_PART_NB:
+	case STM32MP151F_PART_NB:
+	case STM32MP153C_PART_NB:
+	case STM32MP153F_PART_NB:
+	case STM32MP157C_PART_NB:
+	case STM32MP157F_PART_NB:
+		supported = true;
+		break;
+	default:
+		break;
+	}
+
+	return supported;
+}
+
 uint32_t stm32_iwdg_get_instance(uintptr_t base)
 {
 	switch (base) {