Hi Neal, Few comments below for consideration, apart from that:
Reviewed-by: Tomas Melin <[email protected]> On 08/01/2026 09:46, Neal Frager wrote: > Add command for checking if boot was authenticated. > > Signed-off-by: Igor Opaniuk <[email protected]> > Signed-off-by: Neal Frager <[email protected]> > --- > V1->V2: > - extended zynqmp command with verify_auth sub-command > - changed return value, so it can be used with scripts > V2->V3: > - separated status and ret values > - replaced BIT(0) with ZYNQMP_CSU_STATUS_AUTHENTICATED > - changed env variable name to "boot_auth" > V3->V4: > - removed unnecessary zynqmp_verify_auth function > V4->V5: > - added newline to zynqmp_mmio_read error msg > --- > arch/arm/mach-zynqmp/zynqmp.c | 35 ++++++++++++++++++++++++++++++++++- > 1 file changed, 34 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/mach-zynqmp/zynqmp.c b/arch/arm/mach-zynqmp/zynqmp.c > index c0398a466ff..bcfbe229148 100644 > --- a/arch/arm/mach-zynqmp/zynqmp.c > +++ b/arch/arm/mach-zynqmp/zynqmp.c > @@ -362,6 +362,36 @@ static int do_zynqmp_reboot(struct cmd_tbl *cmdtp, int > flag, > return CMD_RET_SUCCESS; > } > > +static int do_zynqmp_verify_auth(struct cmd_tbl *cmdtp, int flag, > + int argc, char * const argv[]) > +{ > + u32 status; > + int ret; > + > + ret = zynqmp_mmio_read((ulong)&csu_base->status, &status); > + if (ret) { > + printf("Can't obtain boot auth state\n"); > + return CMD_RET_FAILURE; > + } > + > + status &= ZYNQMP_CSU_STATUS_AUTHENTICATED; > + if (status) { Even cleaner could simply be if (status & ZYNQMP_CSU_STATUS_AUTHENTICATED) { > + printf("Boot is authenticated\n"); These prints (is/is not) seem redundant to me as the env is populated with the required boot_auth value. Perhaps change to debug statements or remove? Thanks, Tomas > + > + ret = env_set("boot_auth", "1"); > + if (ret) > + return CMD_RET_FAILURE; > + } else { > + printf("Boot is not authenticated\n"); > + > + ret = env_set("boot_auth", "0"); > + if (ret) > + return CMD_RET_FAILURE; > + } > + > + return CMD_RET_SUCCESS; > +} > + > static struct cmd_tbl cmd_zynqmp_sub[] = { > U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""), > U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""), > @@ -371,6 +401,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = { > U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""), > U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""), > U_BOOT_CMD_MKENT(reboot, 3, 0, do_zynqmp_reboot, "", ""), > + U_BOOT_CMD_MKENT(verify_auth, 2, 0, do_zynqmp_verify_auth, "", ""), > #ifdef CONFIG_DEFINE_TCM_OCM_MMAP > U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""), > #endif > @@ -446,10 +477,12 @@ U_BOOT_LONGHELP(zynqmp, > " 48 bytes hash value into srcaddr\n" > " Optional key_addr can be specified for saving sha3 hash value\n" > " Note: srcaddr/srclen should not be 0\n" > + "zynqmp verify_auth - verifies if boot.bin was authenticated\n" > + " Returns boot_auth : 0 not authenticated, 1 authenticated\n" > ); > > U_BOOT_CMD( > - zynqmp, 9, 1, do_zynqmp, > + zynqmp, 10, 1, do_zynqmp, > "ZynqMP sub-system", > zynqmp_help_text > );
