Merge changes from topic "st-security-update" into integration
* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h
index cc06f5c..a13e9e5 100644
--- a/plat/st/common/include/stm32mp_common.h
+++ b/plat/st/common/include/stm32mp_common.h
@@ -21,6 +21,7 @@
bool stm32mp_is_single_core(void);
bool stm32mp_is_closed_device(void);
+bool stm32mp_is_auth_supported(void);
/* Return the base address of the DDR controller */
uintptr_t stm32mp_ddrctrl_base(void);
diff --git a/plat/st/common/stm32mp_auth.c b/plat/st/common/stm32mp_auth.c
index 744201c..97fbffa 100644
--- a/plat/st/common/stm32mp_auth.c
+++ b/plat/st/common/stm32mp_auth.c
@@ -46,6 +46,11 @@
INFO("Check signature on Open device\n");
}
+ if (auth_ops == NULL) {
+ ERROR("Device doesn't support image authentication\n");
+ return -EOPNOTSUPP;
+ }
+
ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,
STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE);
if (ret != 0) {
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 13ba5ab..1504360 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -33,6 +33,20 @@
#include <stm32mp_common.h>
#include <stm32mp1_dbgmcu.h>
+#if DEBUG
+static const char debug_msg[] = {
+ "***************************************************\n"
+ "** DEBUG ACCESS PORT IS OPEN! **\n"
+ "** This boot image is only for debugging purpose **\n"
+ "** and is unsafe for production use. **\n"
+ "** **\n"
+ "** If you see this message and you are not **\n"
+ "** debugging report this immediately to your **\n"
+ "** vendor! **\n"
+ "***************************************************\n"
+};
+#endif
+
static struct stm32mp_auth_ops stm32mp1_auth_ops;
static void print_reset_reason(void)
@@ -333,11 +347,24 @@
stm32_iwdg_refresh();
+ if (bsec_read_debug_conf() != 0U) {
+ if (stm32mp_is_closed_device()) {
+#if DEBUG
+ WARN("\n%s", debug_msg);
+#else
+ ERROR("***Debug opened on closed chip***\n");
+#endif
+ }
+ }
+
- stm32mp1_auth_ops.check_key = boot_context->bootrom_ecdsa_check_key;
- stm32mp1_auth_ops.verify_signature =
- boot_context->bootrom_ecdsa_verify_signature;
+ if (stm32mp_is_auth_supported()) {
+ stm32mp1_auth_ops.check_key =
+ boot_context->bootrom_ecdsa_check_key;
+ stm32mp1_auth_ops.verify_signature =
+ boot_context->bootrom_ecdsa_verify_signature;
- stm32mp_init_auth(&stm32mp1_auth_ops);
+ stm32mp_init_auth(&stm32mp1_auth_ops);
+ }
stm32mp1_arch_security_setup();
diff --git a/plat/st/stm32mp1/stm32mp1_private.c b/plat/st/stm32mp1/stm32mp1_private.c
index 075d1d7..9b39b9d 100644
--- a/plat/st/stm32mp1/stm32mp1_private.c
+++ b/plat/st/stm32mp1/stm32mp1_private.c
@@ -420,15 +420,20 @@
/* Return true when SoC provides a single Cortex-A7 core, and false otherwise */
bool stm32mp_is_single_core(void)
{
+ bool single_core = false;
+
switch (get_part_number()) {
case STM32MP151A_PART_NB:
case STM32MP151C_PART_NB:
case STM32MP151D_PART_NB:
case STM32MP151F_PART_NB:
- return true;
+ single_core = true;
+ break;
default:
- return false;
+ break;
}
+
+ return single_core;
}
/* Return true when device is in closed state */
@@ -443,6 +448,27 @@
return (value & CFG0_CLOSED_DEVICE) == CFG0_CLOSED_DEVICE;
}
+/* Return true when device supports secure boot */
+bool stm32mp_is_auth_supported(void)
+{
+ bool supported = false;
+
+ switch (get_part_number()) {
+ case STM32MP151C_PART_NB:
+ case STM32MP151F_PART_NB:
+ case STM32MP153C_PART_NB:
+ case STM32MP153F_PART_NB:
+ case STM32MP157C_PART_NB:
+ case STM32MP157F_PART_NB:
+ supported = true;
+ break;
+ default:
+ break;
+ }
+
+ return supported;
+}
+
uint32_t stm32_iwdg_get_instance(uintptr_t base)
{
switch (base) {