On 1/6/26 13:59, Neal Frager wrote:
Add command for checking if boot was authenticated.
Signed-off-by: Igor Opaniuk <[email protected]>
Signed-off-by: Neal Frager <[email protected]>
---
board/xilinx/zynqmp/zynqmp.c | 38 ++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
index 3b28ba62374..92351aca36c 100644
--- a/board/xilinx/zynqmp/zynqmp.c
+++ b/board/xilinx/zynqmp/zynqmp.c
@@ -149,6 +149,44 @@ static void print_secure_boot(void)
status & ZYNQMP_CSU_STATUS_ENCRYPTED ? "" : "not ");
}
+static bool is_boot_authenticated(void)
+{
+ u32 status = 0;
+ int ret;
+
+ ret = zynqmp_mmio_read((ulong)&csu_base->status, &status);
+ if (ret) {
+ printf("Can't obtain boot auth state");
+ return false;
+ }
+
+ return (status & BIT(0));
+}
+
+static int do_is_boot_authenticated(struct cmd_tbl *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ int ret;
+
+ if (is_boot_authenticated()) {
+ printf("Board is in closed state\n");
+
+ ret = env_set("board_is_closed", "1");
I don't think we should create variable in this form.
+ if (ret)
+ return CMD_RET_FAILURE;
+ } else {
+ printf("Board is in open state\n");
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+U_BOOT_CMD(
+ is_boot_authenticated, CONFIG_SYS_MAXARGS, 1,
+ do_is_boot_authenticated,
+ "Check if the board is authenticated", ""
+);
Also having this high level command doesn't look good.
You should extend
arch/arm/mach-zynqmp/zynqmp.c
and create new command there and return 0 or 1 based on status.
Then you can use it in scripts without creating variable.
Or obviously you can create variable when command pass/failed.
zynqmp is_boot_authenticated || setenv whatever
M
