From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 00FD7C6FD18
	for <u-boot@archiver.kernel.org>; Tue, 18 Apr 2023 13:50:00 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 36856860A8;
	Tue, 18 Apr 2023 15:48:23 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="L2Cw3exE";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 99585860A0; Tue, 18 Apr 2023 15:48:14 +0200 (CEST)
Received: from mail-oa1-x32.google.com (mail-oa1-x32.google.com
 [IPv6:2001:4860:4864:20::32])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 7925D860A9
 for <u-boot@lists.denx.de>; Tue, 18 Apr 2023 15:48:10 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=festevam@gmail.com
Received: by mail-oa1-x32.google.com with SMTP id
 586e51a60fabf-1840ad6769fso435211fac.0
 for <u-boot@lists.denx.de>; Tue, 18 Apr 2023 06:48:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1681825690; x=1684417690;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ZeUOQFFrncAD11dEBWEGgT0+luhISiXtEHGpS6OWvsg=;
 b=L2Cw3exECCx5JLtTIuZk/GzHFAagmXMvHfSE1QPHUsMwjFHBgwwdqXLy19runsvjAC
 QO38B4BC4vPgXBc95t9iJPRJNnZCdtGlHd1NFNKP21HqTPuGHOjypgY6yySSiumCTvvK
 TviLR5y28NxUV8maPZH7x2609RfnC4BT46Kfe4hqN0pzNfFsiLNn2g7+2ygWEStcTBJY
 tCo/6QLyy7tIcsahufTj72YGbEwPNv8HGTd/PIU4DgLesPU/BNEHmAcZ2ahlPhoz5h+A
 Ny24tcP3evNgsEalbkSHEnzOLkpwyTVEgLSt5nwgZvdnPR9SHZzYS1jnQ4QI6LhbuvZt
 wrqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1681825690; x=1684417690;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ZeUOQFFrncAD11dEBWEGgT0+luhISiXtEHGpS6OWvsg=;
 b=dLsyInlxg2QLfmcJXWWSaaTKTedK90S9Zl1uR8ibf40g/kCCN2VGfShI+tfKcVwJYT
 fVdQfQ74x3laEaHI1Z5KskH6SmuFOmcKnFI2LLDAeivcQQFUBBYyVXJcXe3+X3Q22F1C
 ntUqdh20IL4nroRg0Q7ZIULZg+ppTJF1oZmgw/s07T4cvDiY/+MrfZtRG0eAFwyQb5A+
 WwZF29KrrLNLoyqT2NgAwswpWjBaT1cpOHjur+acm7XeoGDAL4F9sVIycMqE6AoYynsM
 J6FzeZANeGHKpmtq+Q4vwprhfLdOOa0304krhyQiqju3En/42tNC5B49LOIjv16+MouN
 Wv2A==
X-Gm-Message-State: AAQBX9e/GKVm4D/Y2z4pn0Fx6Njr7vVfSlfIAdLQmBxajZrvyD3kiZV0
 P3s+KlPhFVCn/lreIBObtZU=
X-Google-Smtp-Source: AKy350YAr/+2fK3/hdOzv/4DawqhLkuX+IA9YeL9AhP5Hcm18hRT4lDNBB7BohR2/Xsgt1whxyFidg==
X-Received: by 2002:a4a:e549:0:b0:541:d843:5337 with SMTP id
 s9-20020a4ae549000000b00541d8435337mr6078952oot.0.1681825689968; 
 Tue, 18 Apr 2023 06:48:09 -0700 (PDT)
Received: from fabio-Precision-3551.. ([2804:14c:485:4b69:df3a:5c40:f24a:e8cc])
 by smtp.gmail.com with ESMTPSA id
 1-20020a4a1a01000000b0054157801d51sm5823246oof.38.2023.04.18.06.48.08
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 18 Apr 2023 06:48:09 -0700 (PDT)
From: Fabio Estevam <festevam@gmail.com>
To: sbabic@denx.de
Cc: u-boot@lists.denx.de, eduard@lionizers.com,
 Fabio Estevam <festevam@denx.de>
Subject: [PATCH 10/13] smegw01: Add lockdown U-Boot env support
Date: Tue, 18 Apr 2023 10:47:41 -0300
Message-Id: <20230418134744.343023-10-festevam@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230418134744.343023-1-festevam@gmail.com>
References: <20230418134744.343023-1-festevam@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

From: Eduard Strehlau <eduard@lionizers.com>

Add lockdown U-Boot env support so that only certain U-Boot environment
variables are allowed to be modified.

Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
---
 board/storopack/smegw01/Kconfig   |  7 +++++
 board/storopack/smegw01/smegw01.c | 17 +++++++++++
 configs/smegw01_defconfig         | 11 ++++++-
 include/configs/smegw01.h         | 48 +++++++++++++++++++++++++++++--
 4 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/board/storopack/smegw01/Kconfig b/board/storopack/smegw01/Kconfig
index d8f24695d0..390214c285 100644
--- a/board/storopack/smegw01/Kconfig
+++ b/board/storopack/smegw01/Kconfig
@@ -12,4 +12,11 @@ config SYS_CONFIG_NAME
 config IMX_CONFIG
 	default "board/storopack/smegw01/imximage.cfg"
 
+config SYS_BOOT_LOCKED
+	bool "Lock boot process to EMMC"
+	default y
+	help
+	  Say N here if you want to boot from eMMC and SD.
+	  Say Y to boot from eMMC.
+
 endif
diff --git a/board/storopack/smegw01/smegw01.c b/board/storopack/smegw01/smegw01.c
index 9482f88773..e786429476 100644
--- a/board/storopack/smegw01/smegw01.c
+++ b/board/storopack/smegw01/smegw01.c
@@ -14,6 +14,7 @@
 #include <asm/io.h>
 #include <common.h>
 #include <env.h>
+#include <env_internal.h>
 #include <asm/arch/crm_regs.h>
 #include <asm/setup.h>
 #include <asm/bootm.h>
@@ -113,3 +114,19 @@ uint mmc_get_env_part(struct mmc *mmc)
 
 	return part;
 }
+
+enum env_location env_get_location(enum env_operation op, int prio)
+{
+	if (op == ENVOP_SAVE || op == ENVOP_ERASE)
+		return ENVL_MMC;
+
+	switch (prio) {
+	case 0:
+		return ENVL_NOWHERE;
+
+	case 1:
+		return ENVL_MMC;
+	}
+
+	return ENVL_UNKNOWN;
+}
diff --git a/configs/smegw01_defconfig b/configs/smegw01_defconfig
index 54cf1cfc1f..ea25b3b87c 100644
--- a/configs/smegw01_defconfig
+++ b/configs/smegw01_defconfig
@@ -7,6 +7,7 @@ CONFIG_ENV_OFFSET=0x100000
 CONFIG_DM_GPIO=y
 CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01"
 CONFIG_TARGET_SMEGW01=y
+# CONFIG_SYS_BOOT_LOCKED is not set
 CONFIG_ENV_OFFSET_REDUND=0x110000
 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 # CONFIG_ARMV7_VIRT is not set
@@ -17,13 +18,18 @@ CONFIG_SYS_MEMTEST_START=0x80000000
 CONFIG_SYS_MEMTEST_END=0xa0000000
 CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
+CONFIG_AUTOBOOT_MENU_SHOW=y
+CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE=y
 CONFIG_USE_BOOTCOMMAND=y
-CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; if run loadimage; then run mmcboot; else run altbootcmd; fi; "
+CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; run mmcboot; "
+CONFIG_USE_PREBOOT=y
+CONFIG_PREBOOT="run setup_boot_menu;"
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_MAXARGS=32
 CONFIG_SYS_PBSIZE=532
 # CONFIG_CMD_BOOTD is not set
 CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_BOOTMENU=y
 # CONFIG_CMD_IMI is not set
 # CONFIG_CMD_XIMG is not set
 CONFIG_CMD_MEMTEST=y
@@ -43,9 +49,12 @@ CONFIG_CMD_SQUASHFS=y
 CONFIG_CMD_FS_GENERIC=y
 CONFIG_OF_CONTROL=y
 CONFIG_ENV_OVERWRITE=y
+CONFIG_ENV_IS_NOWHERE=y
 CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
 CONFIG_SYS_RELOC_GD_ENV_ADDR=y
 CONFIG_SYS_MMC_ENV_DEV=1
+CONFIG_ENV_WRITEABLE_LIST=y
+CONFIG_ENV_ACCESS_IGNORE_FORCE=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_BOUNCE_BUFFER=y
 CONFIG_BOOTCOUNT_LIMIT=y
diff --git a/include/configs/smegw01.h b/include/configs/smegw01.h
index 8521883277..6f373973ab 100644
--- a/include/configs/smegw01.h
+++ b/include/configs/smegw01.h
@@ -22,6 +22,32 @@
 #define EXTRA_BOOTPARAMS
 #endif
 
+#ifdef CONFIG_SYS_BOOT_LOCKED
+#define EXTRA_ENV_FLAGS
+#define SETUP_BOOT_MENU "setup_boot_menu=setenv bootmenu_0 eMMC=run bootcmd\0"
+#else
+#define EXTRA_ENV_FLAGS "mmcdev:dw,"
+#define SETUP_BOOT_MENU "setup_boot_menu=" \
+	"if test \"${mmcdev}\" = 1; then " \
+		"setenv emmc_priority 0;" \
+		"setenv sd_priority 1;" \
+	"else " \
+		"setenv emmc_priority 1;" \
+		"setenv sd_priority 0;" \
+	"fi;" \
+	"setenv bootmenu_${emmc_priority} eMMC=run boot_emmc;" \
+	"setenv bootmenu_${sd_priority} SD=run boot_sd;\0"
+#endif
+
+#define CFG_ENV_FLAGS_LIST_STATIC \
+	"mmcpart:dw," \
+	"mmcpart_committed:dw," \
+	"ustate:dw," \
+	"bootcount:dw," \
+	"bootlimit:dw," \
+	"upgrade_available:dw," \
+	EXTRA_ENV_FLAGS
+
 #define CFG_EXTRA_ENV_SETTINGS \
 	"image=fitImage\0" \
 	"console=ttymxc0\0" \
@@ -40,13 +66,28 @@
 						  "fi;\0" \
 	"bootlimit=3\0" \
 	"fit_addr=0x88000000\0" \
-	"loadimage=load mmc ${mmcdev}#rootfs-${mmcpart_committed} ${fit_addr} boot/${image}\0" \
+	"loadimage=load mmc ${mmcdev}:${gpt_partition_entry} ${fit_addr} boot/${image}\0" \
 	"loadpart=gpt setenv mmc ${mmcdev} rootfs-${mmcpart_committed}\0" \
 	"loadbootpart=mmc partconf 1 boot_part\0" \
-	"mmcboot=echo Booting from mmc ...; " \
+	"boot_sd=setenv mmcdev_wanted 0; run persist_mmcdev; run bootcmd;\0" \
+	"boot_emmc=setenv mmcdev_wanted 1; run persist_mmcdev; run bootcmd;\0" \
+	"persist_mmcdev=" \
+		"if test \"${mmcdev}\" != \"${mmcdev_wanted}\"; then " \
+			"setenv mmcdev \"${mmcdev_wanted}\";" \
+			"saveenv;" \
+		"fi;\0" \
+	"mmcboot=echo Booting...; " \
+		"echo mmcdev: ${mmcdev}; " \
 	  "run commit_mmc; " \
+		"echo mmcpart: ${mmcpart_committed}; " \
 		"run loadpart; " \
+		"echo gptpart: ${gpt_partition_entry}; " \
 		"run loadbootpart; " \
+		"if run loadimage; then " \
+			"; " \
+		"else " \
+			"run altbootcmd; " \
+		"fi; " \
 		"run mmcargs; " \
 		"if bootm ${fit_addr}; then " \
 			"; " \
@@ -61,7 +102,8 @@
 			"setenv mmcpart 1; " \
 			"setenv mmcpart_committed 1;" \
 		"fi; setenv bootcount 0; setenv upgrade_available; setenv ustate 3; saveenv; " \
-		"run bootcmd;\0"
+		"run bootcmd;\0" \
+		SETUP_BOOT_MENU
 
 /* Physical Memory Map */
 #define PHYS_SDRAM			MMDC0_ARB_BASE_ADDR
-- 
2.38.1