Merge cdf53ec0b208f6f0c8cfe238b1c5d9b1ee2776bf on remote branch
Change-Id: Ib0f9ee8b7164d85a701f7f239d036b78769a719e
diff --git a/platform/init.c b/platform/init.c
index f429527..46f934c 100644
--- a/platform/init.c
+++ b/platform/init.c
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2008 Travis Geiselbrecht
*
- * Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2014-2016,2019 The Linux Foundation. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
@@ -127,6 +127,11 @@
return 1;
}
+__WEAK uint32_t platform_boot_dev_is_nand()
+{
+ return 0;
+}
+
__WEAK uint32_t platform_get_boot_dev()
{
return 0;
diff --git a/platform/msm_shared/boot_device.c b/platform/msm_shared/boot_device.c
index f73b4dd..9f4ad32 100644
--- a/platform/msm_shared/boot_device.c
+++ b/platform/msm_shared/boot_device.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2016,2019 The Linux Foundation. All rights reserved.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -68,6 +68,35 @@
return boot_dev_type;
}
+/*
+ * Return 1 if boot from NAND else 0
+ * For MDM : If the device is not Emmc,
+ * By default : It is treated as NAND
+ * For non-MDM (MSM) : If the device is neither EMMC nor UFS
+ * It will be treated as NAND.
+ * BOOT_DEFAULT in case of Non-MDM targets is EMMC.
+ */
+uint32_t platform_boot_dev_is_nand()
+{
+ uint32_t val = 0;
+
+ val = platform_get_boot_dev();
+ switch(val)
+ {
+#if USE_MDM_BOOT_CFG
+ case BOOT_EMMC:
+ return 0;
+#else
+ case BOOT_DEFAULT:
+ case BOOT_EMMC:
+ case BOOT_UFS:
+ return 0;
+#endif
+ default:
+ return 1;
+ };
+}
+
void platform_boot_dev_cmdline(char *buf)
{
uint32_t val = 0;
diff --git a/platform/msm_shared/include/boot_device.h b/platform/msm_shared/include/boot_device.h
index 2e2a02f..a0897ec 100644
--- a/platform/msm_shared/include/boot_device.h
+++ b/platform/msm_shared/include/boot_device.h
@@ -94,6 +94,7 @@
void platform_read_boot_config();
uint32_t platform_get_boot_dev();
uint32_t platform_boot_dev_isemmc();
+uint32_t platform_boot_dev_is_nand();
void platform_boot_dev_cmdline(char *buf);
int get_boot_image_info(void **image_buffer, uint32_t *imgsize,char *imgname);
diff --git a/platform/msm_shared/scm.c b/platform/msm_shared/scm.c
index 139c2f7..4e600e3 100644
--- a/platform/msm_shared/scm.c
+++ b/platform/msm_shared/scm.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2011-2018,2019 The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -39,6 +39,7 @@
#include <board.h>
#include <qseecomi_lk.h>
#include <qseecom_lk_api.h>
+#include <boot_device.h>
#include "scm.h"
#pragma GCC optimize ("O0")
@@ -1268,6 +1269,7 @@
uint32_t *resp = NULL;
scmcall_arg scm_arg = {0};
scmcall_ret scm_ret = {0};
+ bool secure_value = false;
resp = memalign(CACHE_LINE, (2 * sizeof(uint32_t)));
ASSERT(resp);
@@ -1283,14 +1285,21 @@
if (!ret) {
/* Check for secure device: Bit#0 = 0, Bit#1 = 0 Bit#2 = 0 , Bit#5 = 0 */
/* Check Bit#6 = 1 only for TZ.BF.4.0 */
- if (!CHECK_BIT(resp[0], SECBOOT_FUSE_BIT) && !CHECK_BIT(resp[0], SECBOOT_FUSE_SHK_BIT) &&
- !CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_DISABLED_BIT) &&
- !CHECK_BIT(resp[0], SECBOOT_FUSE_RPMB_ENABLED_BIT)) {
- if ((qseecom_get_version() < QSEE_VERSION_40))
- secure_boot_enabled = true;
- else if (CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_RE_ENABLED_BIT))
- secure_boot_enabled = true;
- }
+ secure_value = !CHECK_BIT(resp[0], SECBOOT_FUSE_BIT) &&
+ !CHECK_BIT(resp[0], SECBOOT_FUSE_SHK_BIT) &&
+ !CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_DISABLED_BIT);
+
+ /* For nand based devices, skip to check the rpmb enabled bit*/
+ if (!platform_boot_dev_is_nand())
+ secure_value = secure_value && !CHECK_BIT(resp[0], SECBOOT_FUSE_RPMB_ENABLED_BIT);
+
+ if (secure_value) {
+ if ((qseecom_get_version() < QSEE_VERSION_40))
+ secure_boot_enabled = true;
+ else if (CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_RE_ENABLED_BIT))
+ secure_boot_enabled = true;
+ }
+
/* Bit 2 - DEBUG_DISABLE_CHECK */
if (CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_DISABLED_BIT))
wdog_debug_fuse_disabled = false;