board: zynqmp: add cmd for getting boot auth state

Add command for checking if boot was authenticated.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Tomas Melin <tomas.melin@vaisala.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/20260112100253.2778715-1-neal.frager@amd.com

diff --git a/arch/arm/mach-zynqmp/zynqmp.c b/arch/arm/mach-zynqmp/zynqmp.c
index c0398a466ff7eee9ba5736e3a73a8c3122fa6f2e..cea6f8f4a99d59ba1995bd14f82f20bfcc900bce 100644 (file)
--- a/arch/arm/mach-zynqmp/zynqmp.c
+++ b/arch/arm/mach-zynqmp/zynqmp.c
@@ -362,6 +362,35 @@ static int do_zynqmp_reboot(struct cmd_tbl *cmdtp, int flag,
        return CMD_RET_SUCCESS;
 }
 
+static int do_zynqmp_verify_auth(struct cmd_tbl *cmdtp, int flag,
+                                int argc, char * const argv[])
+{
+       u32 status;
+       int ret;
+
+       ret = zynqmp_mmio_read((ulong)&csu_base->status, &status);
+       if (ret) {
+               printf("Can't obtain boot auth state\n");
+               return CMD_RET_FAILURE;
+       }
+
+       if (status & ZYNQMP_CSU_STATUS_AUTHENTICATED) {
+               debug("Boot is authenticated\n");
+
+               ret = env_set("boot_auth", "1");
+               if (ret)
+                       return CMD_RET_FAILURE;
+       } else {
+               debug("Boot is not authenticated\n");
+
+               ret = env_set("boot_auth", "0");
+               if (ret)
+                       return CMD_RET_FAILURE;
+       }
+
+       return CMD_RET_SUCCESS;
+}
+
 static struct cmd_tbl cmd_zynqmp_sub[] = {
        U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
        U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
@@ -371,6 +400,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = {
        U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
        U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
        U_BOOT_CMD_MKENT(reboot, 3, 0, do_zynqmp_reboot, "", ""),
+       U_BOOT_CMD_MKENT(verify_auth, 2, 0, do_zynqmp_verify_auth, "", ""),
 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
        U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
 #endif
@@ -446,6 +476,8 @@ U_BOOT_LONGHELP(zynqmp,
        "       48 bytes hash value into srcaddr\n"
        "       Optional key_addr can be specified for saving sha3 hash value\n"
        "       Note: srcaddr/srclen should not be 0\n"
+       "zynqmp verify_auth - verifies if boot.bin was authenticated\n"
+       "       Create boot_auth var : 0 not authenticated, 1 authenticated\n"
        );
 
 U_BOOT_CMD(