feat(stm32mp1): warn when debug enabled on secure chip
Add a banner that inform user that debug is enabled
on a secure chip.
Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index a5a4c1c..1504360 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -33,6 +33,20 @@
#include <stm32mp_common.h>
#include <stm32mp1_dbgmcu.h>
+#if DEBUG
+static const char debug_msg[] = {
+ "***************************************************\n"
+ "** DEBUG ACCESS PORT IS OPEN! **\n"
+ "** This boot image is only for debugging purpose **\n"
+ "** and is unsafe for production use. **\n"
+ "** **\n"
+ "** If you see this message and you are not **\n"
+ "** debugging report this immediately to your **\n"
+ "** vendor! **\n"
+ "***************************************************\n"
+};
+#endif
+
static struct stm32mp_auth_ops stm32mp1_auth_ops;
static void print_reset_reason(void)
@@ -333,6 +347,16 @@
stm32_iwdg_refresh();
+ if (bsec_read_debug_conf() != 0U) {
+ if (stm32mp_is_closed_device()) {
+#if DEBUG
+ WARN("\n%s", debug_msg);
+#else
+ ERROR("***Debug opened on closed chip***\n");
+#endif
+ }
+ }
+
if (stm32mp_is_auth_supported()) {
stm32mp1_auth_ops.check_key =
boot_context->bootrom_ecdsa_check_key;