From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 7E280C77B60
	for <u-boot@archiver.kernel.org>; Wed, 26 Apr 2023 13:28:11 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id C98428636B;
	Wed, 26 Apr 2023 15:26:30 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="lBZG9m1E";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id C6E1186395; Wed, 26 Apr 2023 15:26:13 +0200 (CEST)
Received: from mail-oa1-x2b.google.com (mail-oa1-x2b.google.com
 [IPv6:2001:4860:4864:20::2b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id F33DE8639F
 for <u-boot@lists.denx.de>; Wed, 26 Apr 2023 15:26:09 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=festevam@gmail.com
Received: by mail-oa1-x2b.google.com with SMTP id
 586e51a60fabf-1877eda6a1eso725850fac.1
 for <u-boot@lists.denx.de>; Wed, 26 Apr 2023 06:26:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1682515568; x=1685107568;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=QhnTA29jXYbdjYLo/k3Lx8QSFUk35uKi51c3EWLsbvQ=;
 b=lBZG9m1ESic6MLOyy+t65Jj8wdeugJOis8zAvaFk16ZZ5JBobolJ+0AagVj4dno9Ob
 weCnkfW91EWchgr5gRATKB8sW6s8ITxdNwexTMQbIYpDNp59shWFUnZHNrQAz/yj1EXh
 DC0K1Wc9c1ZFjZ2hvoHxbOxJuRZcAmk6UV9AXZdv7UtGovqdmqBdEd2erV1klpPHZryV
 3cOni61hHLrWXOir79BgYLRjA8tCPrYpM1LZNkuT8l7TXP43FZKTgndRUIQOeNKdUou7
 xAkeHn1cjfKGvs2NXHSvUp0+rPVI1CpaVkh1Z1vueGIQ+kN8IN9BS1/2DNPQZwNp/4BA
 fMMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1682515568; x=1685107568;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=QhnTA29jXYbdjYLo/k3Lx8QSFUk35uKi51c3EWLsbvQ=;
 b=fP6zz2fjwDz5LY6VFQA2DQmQ7p4yN5mVrtLscGiCjswxV5Y3KU3Nu5sRDW9vgevu9X
 qUtmUrJ1sW9VSbc7mgQT0sTRwgBmwLkELONVPVFFCpHPG3FU/IHWc/AsnFmUs5Szsgr3
 75vKxLeMfObp2tUgP4yOjYK5N8bKJwCE5O2yUqB/6dyk76J8WlQ6977IYEj2A4e/z3H0
 0bA821Kd2EURqxFUHOaCUnaPpB0BWLmoLjE7JJ8huw91b46lSre6n87Uf9WVzHd7lNbA
 3qBplx06KSClPMrJT4iQw8mnkqLnMHCsCgM7+f6sS9bbAFvY8fwo8Q1hIk0u8VYH2rmy
 vErQ==
X-Gm-Message-State: AAQBX9cgfI0jxOGTUEJb6rMANVbqncMeu6dHvQ6/5mcruiOKlOwQC4Xa
 VMQ2wa8aG/XjuzSm04lA+b5Es7qFzPlbCg==
X-Google-Smtp-Source: AKy350bJM5C6PMjl4l6DMu9iWLn0MobvH44/tukcWhk+CdYbjuqr160rTQlfh7AyCDeHqByLzl5C5A==
X-Received: by 2002:a05:6870:589c:b0:184:8047:5594 with SMTP id
 be28-20020a056870589c00b0018480475594mr12412621oab.5.1682515568445; 
 Wed, 26 Apr 2023 06:26:08 -0700 (PDT)
Received: from fabio-Precision-3551.. ([2804:14c:485:4b69:f6e1:8741:de7a:38fc])
 by smtp.gmail.com with ESMTPSA id
 h9-20020a056830164900b006a61bef7968sm6762384otr.53.2023.04.26.06.26.06
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 26 Apr 2023 06:26:07 -0700 (PDT)
From: Fabio Estevam <festevam@gmail.com>
To: sbabic@denx.de
Cc: eduard@lionizers.com, u-boot@lists.denx.de,
 Fabio Estevam <festevam@denx.de>
Subject: [PATCH v4 10/14] smegw01: Add lockdown U-Boot env support
Date: Wed, 26 Apr 2023 10:25:29 -0300
Message-Id: <20230426132533.1145591-10-festevam@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230426132533.1145591-1-festevam@gmail.com>
References: <20230426132533.1145591-1-festevam@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

From: Eduard Strehlau <eduard@lionizers.com>

Add lockdown U-Boot env support so that only certain U-Boot environment
variables are allowed to be modified.

Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
---
Changes since v3:
- None

 board/storopack/smegw01/Kconfig   |  7 +++++
 board/storopack/smegw01/smegw01.c | 17 +++++++++++
 configs/smegw01_defconfig         | 11 ++++++-
 include/configs/smegw01.h         | 48 +++++++++++++++++++++++++++++--
 4 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/board/storopack/smegw01/Kconfig b/board/storopack/smegw01/Kconfig
index d8f24695d0d2..390214c285bb 100644
--- a/board/storopack/smegw01/Kconfig
+++ b/board/storopack/smegw01/Kconfig
@@ -12,4 +12,11 @@ config SYS_CONFIG_NAME
 config IMX_CONFIG
 	default "board/storopack/smegw01/imximage.cfg"
 
+config SYS_BOOT_LOCKED
+	bool "Lock boot process to EMMC"
+	default y
+	help
+	  Say N here if you want to boot from eMMC and SD.
+	  Say Y to boot from eMMC.
+
 endif
diff --git a/board/storopack/smegw01/smegw01.c b/board/storopack/smegw01/smegw01.c
index 7d4de9326d6f..e648b196b9d1 100644
--- a/board/storopack/smegw01/smegw01.c
+++ b/board/storopack/smegw01/smegw01.c
@@ -14,6 +14,7 @@
 #include <asm/io.h>
 #include <common.h>
 #include <env.h>
+#include <env_internal.h>
 #include <asm/arch/crm_regs.h>
 #include <asm/setup.h>
 #include <asm/bootm.h>
@@ -103,3 +104,19 @@ uint board_mmc_get_env_part(struct mmc *mmc)
 		part = 0;
 	return part;
 }
+
+enum env_location env_get_location(enum env_operation op, int prio)
+{
+	if (op == ENVOP_SAVE || op == ENVOP_ERASE)
+		return ENVL_MMC;
+
+	switch (prio) {
+	case 0:
+		return ENVL_NOWHERE;
+
+	case 1:
+		return ENVL_MMC;
+	}
+
+	return ENVL_UNKNOWN;
+}
diff --git a/configs/smegw01_defconfig b/configs/smegw01_defconfig
index 54cf1cfc1f1b..ea25b3b87ce4 100644
--- a/configs/smegw01_defconfig
+++ b/configs/smegw01_defconfig
@@ -7,6 +7,7 @@ CONFIG_ENV_OFFSET=0x100000
 CONFIG_DM_GPIO=y
 CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01"
 CONFIG_TARGET_SMEGW01=y
+# CONFIG_SYS_BOOT_LOCKED is not set
 CONFIG_ENV_OFFSET_REDUND=0x110000
 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 # CONFIG_ARMV7_VIRT is not set
@@ -17,13 +18,18 @@ CONFIG_SYS_MEMTEST_START=0x80000000
 CONFIG_SYS_MEMTEST_END=0xa0000000
 CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
+CONFIG_AUTOBOOT_MENU_SHOW=y
+CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE=y
 CONFIG_USE_BOOTCOMMAND=y
-CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; if run loadimage; then run mmcboot; else run altbootcmd; fi; "
+CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; run mmcboot; "
+CONFIG_USE_PREBOOT=y
+CONFIG_PREBOOT="run setup_boot_menu;"
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_MAXARGS=32
 CONFIG_SYS_PBSIZE=532
 # CONFIG_CMD_BOOTD is not set
 CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_BOOTMENU=y
 # CONFIG_CMD_IMI is not set
 # CONFIG_CMD_XIMG is not set
 CONFIG_CMD_MEMTEST=y
@@ -43,9 +49,12 @@ CONFIG_CMD_SQUASHFS=y
 CONFIG_CMD_FS_GENERIC=y
 CONFIG_OF_CONTROL=y
 CONFIG_ENV_OVERWRITE=y
+CONFIG_ENV_IS_NOWHERE=y
 CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
 CONFIG_SYS_RELOC_GD_ENV_ADDR=y
 CONFIG_SYS_MMC_ENV_DEV=1
+CONFIG_ENV_WRITEABLE_LIST=y
+CONFIG_ENV_ACCESS_IGNORE_FORCE=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_BOUNCE_BUFFER=y
 CONFIG_BOOTCOUNT_LIMIT=y
diff --git a/include/configs/smegw01.h b/include/configs/smegw01.h
index 852188327777..6f373973ab84 100644
--- a/include/configs/smegw01.h
+++ b/include/configs/smegw01.h
@@ -22,6 +22,32 @@
 #define EXTRA_BOOTPARAMS
 #endif
 
+#ifdef CONFIG_SYS_BOOT_LOCKED
+#define EXTRA_ENV_FLAGS
+#define SETUP_BOOT_MENU "setup_boot_menu=setenv bootmenu_0 eMMC=run bootcmd\0"
+#else
+#define EXTRA_ENV_FLAGS "mmcdev:dw,"
+#define SETUP_BOOT_MENU "setup_boot_menu=" \
+	"if test \"${mmcdev}\" = 1; then " \
+		"setenv emmc_priority 0;" \
+		"setenv sd_priority 1;" \
+	"else " \
+		"setenv emmc_priority 1;" \
+		"setenv sd_priority 0;" \
+	"fi;" \
+	"setenv bootmenu_${emmc_priority} eMMC=run boot_emmc;" \
+	"setenv bootmenu_${sd_priority} SD=run boot_sd;\0"
+#endif
+
+#define CFG_ENV_FLAGS_LIST_STATIC \
+	"mmcpart:dw," \
+	"mmcpart_committed:dw," \
+	"ustate:dw," \
+	"bootcount:dw," \
+	"bootlimit:dw," \
+	"upgrade_available:dw," \
+	EXTRA_ENV_FLAGS
+
 #define CFG_EXTRA_ENV_SETTINGS \
 	"image=fitImage\0" \
 	"console=ttymxc0\0" \
@@ -40,13 +66,28 @@
 						  "fi;\0" \
 	"bootlimit=3\0" \
 	"fit_addr=0x88000000\0" \
-	"loadimage=load mmc ${mmcdev}#rootfs-${mmcpart_committed} ${fit_addr} boot/${image}\0" \
+	"loadimage=load mmc ${mmcdev}:${gpt_partition_entry} ${fit_addr} boot/${image}\0" \
 	"loadpart=gpt setenv mmc ${mmcdev} rootfs-${mmcpart_committed}\0" \
 	"loadbootpart=mmc partconf 1 boot_part\0" \
-	"mmcboot=echo Booting from mmc ...; " \
+	"boot_sd=setenv mmcdev_wanted 0; run persist_mmcdev; run bootcmd;\0" \
+	"boot_emmc=setenv mmcdev_wanted 1; run persist_mmcdev; run bootcmd;\0" \
+	"persist_mmcdev=" \
+		"if test \"${mmcdev}\" != \"${mmcdev_wanted}\"; then " \
+			"setenv mmcdev \"${mmcdev_wanted}\";" \
+			"saveenv;" \
+		"fi;\0" \
+	"mmcboot=echo Booting...; " \
+		"echo mmcdev: ${mmcdev}; " \
 	  "run commit_mmc; " \
+		"echo mmcpart: ${mmcpart_committed}; " \
 		"run loadpart; " \
+		"echo gptpart: ${gpt_partition_entry}; " \
 		"run loadbootpart; " \
+		"if run loadimage; then " \
+			"; " \
+		"else " \
+			"run altbootcmd; " \
+		"fi; " \
 		"run mmcargs; " \
 		"if bootm ${fit_addr}; then " \
 			"; " \
@@ -61,7 +102,8 @@
 			"setenv mmcpart 1; " \
 			"setenv mmcpart_committed 1;" \
 		"fi; setenv bootcount 0; setenv upgrade_available; setenv ustate 3; saveenv; " \
-		"run bootcmd;\0"
+		"run bootcmd;\0" \
+		SETUP_BOOT_MENU
 
 /* Physical Memory Map */
 #define PHYS_SDRAM			MMDC0_ARB_BASE_ADDR
-- 
2.34.1