Merge cdf53ec0b208f6f0c8cfe238b1c5d9b1ee2776bf on remote branch

Change-Id: Ib0f9ee8b7164d85a701f7f239d036b78769a719e
diff --git a/platform/init.c b/platform/init.c
index f429527..46f934c 100644
--- a/platform/init.c
+++ b/platform/init.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2008 Travis Geiselbrecht
  *
- * Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2014-2016,2019 The Linux Foundation. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining
  * a copy of this software and associated documentation files
@@ -127,6 +127,11 @@
         return 1;
 }
 
+__WEAK uint32_t platform_boot_dev_is_nand()
+{
+        return 0;
+}
+
 __WEAK uint32_t platform_get_boot_dev()
 {
         return 0;
diff --git a/platform/msm_shared/boot_device.c b/platform/msm_shared/boot_device.c
index f73b4dd..9f4ad32 100644
--- a/platform/msm_shared/boot_device.c
+++ b/platform/msm_shared/boot_device.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2016,2019 The Linux Foundation. All rights reserved.
 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -68,6 +68,35 @@
 	return boot_dev_type;
 }
 
+/*
+ * Return 1 if boot from NAND else 0
+ * For MDM : If the device is not Emmc,
+ *           By default : It is treated as NAND
+ * For non-MDM (MSM) : If the device is neither EMMC nor UFS
+ *           It will be treated as NAND.
+ * BOOT_DEFAULT in case of Non-MDM targets is EMMC.
+ */
+uint32_t platform_boot_dev_is_nand()
+{
+        uint32_t val = 0;
+
+        val = platform_get_boot_dev();
+        switch(val)
+        {
+#if USE_MDM_BOOT_CFG
+                case BOOT_EMMC:
+                        return 0;
+#else
+                case BOOT_DEFAULT:
+                case BOOT_EMMC:
+                case BOOT_UFS:
+                        return 0;
+#endif
+                default:
+                        return 1;
+        };
+}
+
 void platform_boot_dev_cmdline(char *buf)
 {
 	uint32_t val = 0;
diff --git a/platform/msm_shared/include/boot_device.h b/platform/msm_shared/include/boot_device.h
index 2e2a02f..a0897ec 100644
--- a/platform/msm_shared/include/boot_device.h
+++ b/platform/msm_shared/include/boot_device.h
@@ -94,6 +94,7 @@
 void platform_read_boot_config();
 uint32_t platform_get_boot_dev();
 uint32_t platform_boot_dev_isemmc();
+uint32_t platform_boot_dev_is_nand();
 void platform_boot_dev_cmdline(char *buf);
 int get_boot_image_info(void **image_buffer, uint32_t *imgsize,char *imgname);
 
diff --git a/platform/msm_shared/scm.c b/platform/msm_shared/scm.c
index 139c2f7..4e600e3 100644
--- a/platform/msm_shared/scm.c
+++ b/platform/msm_shared/scm.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2011-2018,2019 The Linux Foundation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -39,6 +39,7 @@
 #include <board.h>
 #include <qseecomi_lk.h>
 #include <qseecom_lk_api.h>
+#include <boot_device.h>
 #include "scm.h"
 
 #pragma GCC optimize ("O0")
@@ -1268,6 +1269,7 @@
 	uint32_t *resp = NULL;
 	scmcall_arg scm_arg = {0};
 	scmcall_ret scm_ret = {0};
+	bool secure_value = false;
 
 	resp = memalign(CACHE_LINE, (2 * sizeof(uint32_t)));
 	ASSERT(resp);
@@ -1283,14 +1285,21 @@
 	if (!ret) {
 		/* Check for secure device: Bit#0 = 0, Bit#1 = 0 Bit#2 = 0 , Bit#5 = 0 */
 		/* Check Bit#6 = 1 only for TZ.BF.4.0 */
-        	if (!CHECK_BIT(resp[0], SECBOOT_FUSE_BIT) && !CHECK_BIT(resp[0], SECBOOT_FUSE_SHK_BIT) &&
-        		!CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_DISABLED_BIT) &&
-                        !CHECK_BIT(resp[0], SECBOOT_FUSE_RPMB_ENABLED_BIT)) {
-                        if ((qseecom_get_version() < QSEE_VERSION_40))
-	                        secure_boot_enabled = true;
-                        else if (CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_RE_ENABLED_BIT))
-	                        secure_boot_enabled = true;
-        	}
+		secure_value = !CHECK_BIT(resp[0], SECBOOT_FUSE_BIT) &&
+				!CHECK_BIT(resp[0], SECBOOT_FUSE_SHK_BIT) &&
+				!CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_DISABLED_BIT);
+
+		/* For nand based devices, skip to check the rpmb enabled bit*/
+		if (!platform_boot_dev_is_nand())
+                        secure_value = secure_value && !CHECK_BIT(resp[0], SECBOOT_FUSE_RPMB_ENABLED_BIT);
+
+		if (secure_value) {
+			if ((qseecom_get_version() < QSEE_VERSION_40))
+				 secure_boot_enabled = true;
+			else if (CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_RE_ENABLED_BIT))
+				secure_boot_enabled = true;
+		}
+
 		/* Bit 2 - DEBUG_DISABLE_CHECK */
 		if (CHECK_BIT(resp[0], SECBOOT_FUSE_DEBUG_DISABLED_BIT))
 			wdog_debug_fuse_disabled = false;