From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id F12C3C77B75
	for <u-boot@archiver.kernel.org>; Fri, 21 Apr 2023 10:59:12 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 07FC5862A3;
	Fri, 21 Apr 2023 12:57:44 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Mq0tWm5l";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 6E6ED862EE; Fri, 21 Apr 2023 12:57:26 +0200 (CEST)
Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com
 [IPv6:2001:4860:4864:20::33])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 595258629E
 for <u-boot@lists.denx.de>; Fri, 21 Apr 2023 12:57:22 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=festevam@gmail.com
Received: by mail-oa1-x33.google.com with SMTP id
 586e51a60fabf-187c4f6ffddso204385fac.0
 for <u-boot@lists.denx.de>; Fri, 21 Apr 2023 03:57:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1682074642; x=1684666642;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=prfIQF+ZAitgk1ZySFAx+VUtGlfaLFodL+joveBQMOc=;
 b=Mq0tWm5lcPB+S8omCYBMJ+0AFb4zfJDpMy/d104ijZpuSEYjWctVYUD2SiY2rewLkL
 49dh2LmwW95CkMlTbGtQfDha03FcN6xyP8I0eodXeMTaE7C6ZM/0oM7/sdWgr9dsJzJO
 o8L3BwaBByQkDH0QGmM9bKtoZek8NgbtwMHjfQ74o5OoBqB9v6qOMwBnMRADHO95k1XT
 QKekjykVrVqV/FXOSvZN/MiEYu0n61LEoPM68+KPoMrJ3x+v0yvFvQq3l8goDbWA8SwA
 BmX7G9fBWvSF7z35s/9qjPVne83ILCXaXUTbRXWYZocvwYibkGEmYlQszOeGI3VtPG1N
 Ao5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1682074642; x=1684666642;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=prfIQF+ZAitgk1ZySFAx+VUtGlfaLFodL+joveBQMOc=;
 b=j7qdpV78WRQJ0xxxf0EXGHc4n56ETDxacC0IjTOm+Th1G18TZqTMyN3IhzqhbhINl2
 SJcuvyv6nqOu2NOut8ftixWOrbttq1t73tg30JlCEYppsd+V/gjuqE8UrR7vS1R7bX8A
 TOg9QawXj9vB6N3dFosD4RU6Tn0ublu25VkxKS1gT7KUSZBf8XBzV1jDDHqo759NcBb+
 5mPWrgK49SPdc2Z+uS4ZVifM/qhqogM5HdpaLzHKqvBpdarBqUguQlyZ9sehwezdKXwy
 wc9EXrYHB+nOSyucai4oOtRdKNUnTosOu+1JOqH1xNn06Nr+zojdHuYg1NMvnWd4T7EN
 k3QA==
X-Gm-Message-State: AAQBX9fVIfDpkU28O27EqF51vEQXj77fz1+gDZyTqiR8JVFd4xmNcMWs
 nOQ3Zyn/cSK4pHF32D/TPY8=
X-Google-Smtp-Source: AKy350Y+OwqiAD9SUO+RyD0ZqqXMd2yAECLnzePBOhA/+n2vmSCqeSOQqJlr23RaAK+RjBdXPjU9Dw==
X-Received: by 2002:aca:3357:0:b0:38c:56d9:5976 with SMTP id
 z84-20020aca3357000000b0038c56d95976mr2217408oiz.4.1682074641800; 
 Fri, 21 Apr 2023 03:57:21 -0700 (PDT)
Received: from fabio-Precision-3551.. ([2804:14c:485:4b69:ada1:37ca:9336:4705])
 by smtp.gmail.com with ESMTPSA id
 ay13-20020a056808300d00b0038e086c764dsm1508354oib.43.2023.04.21.03.57.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 21 Apr 2023 03:57:21 -0700 (PDT)
From: Fabio Estevam <festevam@gmail.com>
To: sbabic@denx.de
Cc: eduard@lionizers.com, u-boot@lists.denx.de,
 Fabio Estevam <festevam@denx.de>
Subject: [PATCH v2 10/13] smegw01: Add lockdown U-Boot env support
Date: Fri, 21 Apr 2023 07:56:53 -0300
Message-Id: <20230421105656.1062558-10-festevam@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230421105656.1062558-1-festevam@gmail.com>
References: <20230421105656.1062558-1-festevam@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

From: Eduard Strehlau <eduard@lionizers.com>

Add lockdown U-Boot env support so that only certain U-Boot environment
variables are allowed to be modified.

Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
---
Changes since v1:
- None

 board/storopack/smegw01/Kconfig   |  7 +++++
 board/storopack/smegw01/smegw01.c | 17 +++++++++++
 configs/smegw01_defconfig         | 11 ++++++-
 include/configs/smegw01.h         | 48 +++++++++++++++++++++++++++++--
 4 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/board/storopack/smegw01/Kconfig b/board/storopack/smegw01/Kconfig
index d8f24695d0..390214c285 100644
--- a/board/storopack/smegw01/Kconfig
+++ b/board/storopack/smegw01/Kconfig
@@ -12,4 +12,11 @@ config SYS_CONFIG_NAME
 config IMX_CONFIG
 	default "board/storopack/smegw01/imximage.cfg"
 
+config SYS_BOOT_LOCKED
+	bool "Lock boot process to EMMC"
+	default y
+	help
+	  Say N here if you want to boot from eMMC and SD.
+	  Say Y to boot from eMMC.
+
 endif
diff --git a/board/storopack/smegw01/smegw01.c b/board/storopack/smegw01/smegw01.c
index 9482f88773..e786429476 100644
--- a/board/storopack/smegw01/smegw01.c
+++ b/board/storopack/smegw01/smegw01.c
@@ -14,6 +14,7 @@
 #include <asm/io.h>
 #include <common.h>
 #include <env.h>
+#include <env_internal.h>
 #include <asm/arch/crm_regs.h>
 #include <asm/setup.h>
 #include <asm/bootm.h>
@@ -113,3 +114,19 @@ uint mmc_get_env_part(struct mmc *mmc)
 
 	return part;
 }
+
+enum env_location env_get_location(enum env_operation op, int prio)
+{
+	if (op == ENVOP_SAVE || op == ENVOP_ERASE)
+		return ENVL_MMC;
+
+	switch (prio) {
+	case 0:
+		return ENVL_NOWHERE;
+
+	case 1:
+		return ENVL_MMC;
+	}
+
+	return ENVL_UNKNOWN;
+}
diff --git a/configs/smegw01_defconfig b/configs/smegw01_defconfig
index 54cf1cfc1f..ea25b3b87c 100644
--- a/configs/smegw01_defconfig
+++ b/configs/smegw01_defconfig
@@ -7,6 +7,7 @@ CONFIG_ENV_OFFSET=0x100000
 CONFIG_DM_GPIO=y
 CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01"
 CONFIG_TARGET_SMEGW01=y
+# CONFIG_SYS_BOOT_LOCKED is not set
 CONFIG_ENV_OFFSET_REDUND=0x110000
 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 # CONFIG_ARMV7_VIRT is not set
@@ -17,13 +18,18 @@ CONFIG_SYS_MEMTEST_START=0x80000000
 CONFIG_SYS_MEMTEST_END=0xa0000000
 CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
+CONFIG_AUTOBOOT_MENU_SHOW=y
+CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE=y
 CONFIG_USE_BOOTCOMMAND=y
-CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; if run loadimage; then run mmcboot; else run altbootcmd; fi; "
+CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; run mmcboot; "
+CONFIG_USE_PREBOOT=y
+CONFIG_PREBOOT="run setup_boot_menu;"
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_MAXARGS=32
 CONFIG_SYS_PBSIZE=532
 # CONFIG_CMD_BOOTD is not set
 CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_BOOTMENU=y
 # CONFIG_CMD_IMI is not set
 # CONFIG_CMD_XIMG is not set
 CONFIG_CMD_MEMTEST=y
@@ -43,9 +49,12 @@ CONFIG_CMD_SQUASHFS=y
 CONFIG_CMD_FS_GENERIC=y
 CONFIG_OF_CONTROL=y
 CONFIG_ENV_OVERWRITE=y
+CONFIG_ENV_IS_NOWHERE=y
 CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
 CONFIG_SYS_RELOC_GD_ENV_ADDR=y
 CONFIG_SYS_MMC_ENV_DEV=1
+CONFIG_ENV_WRITEABLE_LIST=y
+CONFIG_ENV_ACCESS_IGNORE_FORCE=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_BOUNCE_BUFFER=y
 CONFIG_BOOTCOUNT_LIMIT=y
diff --git a/include/configs/smegw01.h b/include/configs/smegw01.h
index 8521883277..6f373973ab 100644
--- a/include/configs/smegw01.h
+++ b/include/configs/smegw01.h
@@ -22,6 +22,32 @@
 #define EXTRA_BOOTPARAMS
 #endif
 
+#ifdef CONFIG_SYS_BOOT_LOCKED
+#define EXTRA_ENV_FLAGS
+#define SETUP_BOOT_MENU "setup_boot_menu=setenv bootmenu_0 eMMC=run bootcmd\0"
+#else
+#define EXTRA_ENV_FLAGS "mmcdev:dw,"
+#define SETUP_BOOT_MENU "setup_boot_menu=" \
+	"if test \"${mmcdev}\" = 1; then " \
+		"setenv emmc_priority 0;" \
+		"setenv sd_priority 1;" \
+	"else " \
+		"setenv emmc_priority 1;" \
+		"setenv sd_priority 0;" \
+	"fi;" \
+	"setenv bootmenu_${emmc_priority} eMMC=run boot_emmc;" \
+	"setenv bootmenu_${sd_priority} SD=run boot_sd;\0"
+#endif
+
+#define CFG_ENV_FLAGS_LIST_STATIC \
+	"mmcpart:dw," \
+	"mmcpart_committed:dw," \
+	"ustate:dw," \
+	"bootcount:dw," \
+	"bootlimit:dw," \
+	"upgrade_available:dw," \
+	EXTRA_ENV_FLAGS
+
 #define CFG_EXTRA_ENV_SETTINGS \
 	"image=fitImage\0" \
 	"console=ttymxc0\0" \
@@ -40,13 +66,28 @@
 						  "fi;\0" \
 	"bootlimit=3\0" \
 	"fit_addr=0x88000000\0" \
-	"loadimage=load mmc ${mmcdev}#rootfs-${mmcpart_committed} ${fit_addr} boot/${image}\0" \
+	"loadimage=load mmc ${mmcdev}:${gpt_partition_entry} ${fit_addr} boot/${image}\0" \
 	"loadpart=gpt setenv mmc ${mmcdev} rootfs-${mmcpart_committed}\0" \
 	"loadbootpart=mmc partconf 1 boot_part\0" \
-	"mmcboot=echo Booting from mmc ...; " \
+	"boot_sd=setenv mmcdev_wanted 0; run persist_mmcdev; run bootcmd;\0" \
+	"boot_emmc=setenv mmcdev_wanted 1; run persist_mmcdev; run bootcmd;\0" \
+	"persist_mmcdev=" \
+		"if test \"${mmcdev}\" != \"${mmcdev_wanted}\"; then " \
+			"setenv mmcdev \"${mmcdev_wanted}\";" \
+			"saveenv;" \
+		"fi;\0" \
+	"mmcboot=echo Booting...; " \
+		"echo mmcdev: ${mmcdev}; " \
 	  "run commit_mmc; " \
+		"echo mmcpart: ${mmcpart_committed}; " \
 		"run loadpart; " \
+		"echo gptpart: ${gpt_partition_entry}; " \
 		"run loadbootpart; " \
+		"if run loadimage; then " \
+			"; " \
+		"else " \
+			"run altbootcmd; " \
+		"fi; " \
 		"run mmcargs; " \
 		"if bootm ${fit_addr}; then " \
 			"; " \
@@ -61,7 +102,8 @@
 			"setenv mmcpart 1; " \
 			"setenv mmcpart_committed 1;" \
 		"fi; setenv bootcount 0; setenv upgrade_available; setenv ustate 3; saveenv; " \
-		"run bootcmd;\0"
+		"run bootcmd;\0" \
+		SETUP_BOOT_MENU
 
 /* Physical Memory Map */
 #define PHYS_SDRAM			MMDC0_ARB_BASE_ADDR
-- 
2.38.1