From a1bc4f1937a04e70f45f3ac87aee0f168b5e7bef Mon Sep 17 00:00:00 2001 From: Eduard Strehlau Date: Wed, 26 Apr 2023 13:04:57 -0300 Subject: [PATCH] smegw01: Add lockdown U-Boot env support Add lockdown U-Boot env support so that only certain U-Boot environment variables are allowed to be modified. Signed-off-by: Eduard Strehlau Signed-off-by: Fabio Estevam --- board/storopack/smegw01/Kconfig | 7 +++++ board/storopack/smegw01/smegw01.c | 17 +++++++++++ configs/smegw01_defconfig | 11 ++++++- include/configs/smegw01.h | 48 +++++++++++++++++++++++++++++-- 4 files changed, 79 insertions(+), 4 deletions(-) diff --git a/board/storopack/smegw01/Kconfig b/board/storopack/smegw01/Kconfig index d8f24695d0..390214c285 100644 --- a/board/storopack/smegw01/Kconfig +++ b/board/storopack/smegw01/Kconfig @@ -12,4 +12,11 @@ config SYS_CONFIG_NAME config IMX_CONFIG default "board/storopack/smegw01/imximage.cfg" +config SYS_BOOT_LOCKED + bool "Lock boot process to EMMC" + default y + help + Say N here if you want to boot from eMMC and SD. + Say Y to boot from eMMC. + endif diff --git a/board/storopack/smegw01/smegw01.c b/board/storopack/smegw01/smegw01.c index 7d4de9326d..e648b196b9 100644 --- a/board/storopack/smegw01/smegw01.c +++ b/board/storopack/smegw01/smegw01.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -103,3 +104,19 @@ uint board_mmc_get_env_part(struct mmc *mmc) part = 0; return part; } + +enum env_location env_get_location(enum env_operation op, int prio) +{ + if (op == ENVOP_SAVE || op == ENVOP_ERASE) + return ENVL_MMC; + + switch (prio) { + case 0: + return ENVL_NOWHERE; + + case 1: + return ENVL_MMC; + } + + return ENVL_UNKNOWN; +} diff --git a/configs/smegw01_defconfig b/configs/smegw01_defconfig index 54cf1cfc1f..ea25b3b87c 100644 --- a/configs/smegw01_defconfig +++ b/configs/smegw01_defconfig @@ -7,6 +7,7 @@ CONFIG_ENV_OFFSET=0x100000 CONFIG_DM_GPIO=y CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01" CONFIG_TARGET_SMEGW01=y +# CONFIG_SYS_BOOT_LOCKED is not set CONFIG_ENV_OFFSET_REDUND=0x110000 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y # CONFIG_ARMV7_VIRT is not set @@ -17,13 +18,18 @@ CONFIG_SYS_MEMTEST_START=0x80000000 CONFIG_SYS_MEMTEST_END=0xa0000000 CONFIG_FIT=y CONFIG_FIT_VERBOSE=y +CONFIG_AUTOBOOT_MENU_SHOW=y +CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE=y CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; if run loadimage; then run mmcboot; else run altbootcmd; fi; " +CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; run mmcboot; " +CONFIG_USE_PREBOOT=y +CONFIG_PREBOOT="run setup_boot_menu;" CONFIG_HUSH_PARSER=y CONFIG_SYS_MAXARGS=32 CONFIG_SYS_PBSIZE=532 # CONFIG_CMD_BOOTD is not set CONFIG_CMD_BOOTZ=y +CONFIG_CMD_BOOTMENU=y # CONFIG_CMD_IMI is not set # CONFIG_CMD_XIMG is not set CONFIG_CMD_MEMTEST=y @@ -43,9 +49,12 @@ CONFIG_CMD_SQUASHFS=y CONFIG_CMD_FS_GENERIC=y CONFIG_OF_CONTROL=y CONFIG_ENV_OVERWRITE=y +CONFIG_ENV_IS_NOWHERE=y CONFIG_SYS_REDUNDAND_ENVIRONMENT=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_SYS_MMC_ENV_DEV=1 +CONFIG_ENV_WRITEABLE_LIST=y +CONFIG_ENV_ACCESS_IGNORE_FORCE=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_BOUNCE_BUFFER=y CONFIG_BOOTCOUNT_LIMIT=y diff --git a/include/configs/smegw01.h b/include/configs/smegw01.h index 8521883277..6f373973ab 100644 --- a/include/configs/smegw01.h +++ b/include/configs/smegw01.h @@ -22,6 +22,32 @@ #define EXTRA_BOOTPARAMS #endif +#ifdef CONFIG_SYS_BOOT_LOCKED +#define EXTRA_ENV_FLAGS +#define SETUP_BOOT_MENU "setup_boot_menu=setenv bootmenu_0 eMMC=run bootcmd\0" +#else +#define EXTRA_ENV_FLAGS "mmcdev:dw," +#define SETUP_BOOT_MENU "setup_boot_menu=" \ + "if test \"${mmcdev}\" = 1; then " \ + "setenv emmc_priority 0;" \ + "setenv sd_priority 1;" \ + "else " \ + "setenv emmc_priority 1;" \ + "setenv sd_priority 0;" \ + "fi;" \ + "setenv bootmenu_${emmc_priority} eMMC=run boot_emmc;" \ + "setenv bootmenu_${sd_priority} SD=run boot_sd;\0" +#endif + +#define CFG_ENV_FLAGS_LIST_STATIC \ + "mmcpart:dw," \ + "mmcpart_committed:dw," \ + "ustate:dw," \ + "bootcount:dw," \ + "bootlimit:dw," \ + "upgrade_available:dw," \ + EXTRA_ENV_FLAGS + #define CFG_EXTRA_ENV_SETTINGS \ "image=fitImage\0" \ "console=ttymxc0\0" \ @@ -40,13 +66,28 @@ "fi;\0" \ "bootlimit=3\0" \ "fit_addr=0x88000000\0" \ - "loadimage=load mmc ${mmcdev}#rootfs-${mmcpart_committed} ${fit_addr} boot/${image}\0" \ + "loadimage=load mmc ${mmcdev}:${gpt_partition_entry} ${fit_addr} boot/${image}\0" \ "loadpart=gpt setenv mmc ${mmcdev} rootfs-${mmcpart_committed}\0" \ "loadbootpart=mmc partconf 1 boot_part\0" \ - "mmcboot=echo Booting from mmc ...; " \ + "boot_sd=setenv mmcdev_wanted 0; run persist_mmcdev; run bootcmd;\0" \ + "boot_emmc=setenv mmcdev_wanted 1; run persist_mmcdev; run bootcmd;\0" \ + "persist_mmcdev=" \ + "if test \"${mmcdev}\" != \"${mmcdev_wanted}\"; then " \ + "setenv mmcdev \"${mmcdev_wanted}\";" \ + "saveenv;" \ + "fi;\0" \ + "mmcboot=echo Booting...; " \ + "echo mmcdev: ${mmcdev}; " \ "run commit_mmc; " \ + "echo mmcpart: ${mmcpart_committed}; " \ "run loadpart; " \ + "echo gptpart: ${gpt_partition_entry}; " \ "run loadbootpart; " \ + "if run loadimage; then " \ + "; " \ + "else " \ + "run altbootcmd; " \ + "fi; " \ "run mmcargs; " \ "if bootm ${fit_addr}; then " \ "; " \ @@ -61,7 +102,8 @@ "setenv mmcpart 1; " \ "setenv mmcpart_committed 1;" \ "fi; setenv bootcount 0; setenv upgrade_available; setenv ustate 3; saveenv; " \ - "run bootcmd;\0" + "run bootcmd;\0" \ + SETUP_BOOT_MENU /* Physical Memory Map */ #define PHYS_SDRAM MMDC0_ARB_BASE_ADDR -- 2.39.5