From 654df8bd50db56440565ca291f5335cedca9e1fb Mon Sep 17 00:00:00 2001 From: Gonzalo Ruiz Date: Wed, 5 Feb 2025 15:52:12 +0100 Subject: [PATCH] trustfence: repurpose TRUSTFENCE_GPIO_ENABLE to contain the GPIO name Now all platforms support setting the GPIO name instead of an index as the configuration for the GPIO-enabled secure console. Repurpose the TRUSTFENCE_GPIO_ENABLE macro to directly set the GPIO name. Also take the opportunity to remove TRUSTFENCE_GPIO_ENABLE and TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE commented definitions from bbclass and conf files, and remove a duplicated TRUSTFENCE_CONSOLE_DISABLE definition from ccmp1.inc. Signed-off-by: Gonzalo Ruiz --- meta-digi-arm/conf/machine/ccmp13-dvk.conf | 4 ---- meta-digi-arm/conf/machine/ccmp15-dvk.conf | 4 ---- meta-digi-arm/conf/machine/include/ccmp1.inc | 6 ------ meta-digi-dey/classes/trustfence.bbclass | 20 +++++--------------- 4 files changed, 5 insertions(+), 29 deletions(-) diff --git a/meta-digi-arm/conf/machine/ccmp13-dvk.conf b/meta-digi-arm/conf/machine/ccmp13-dvk.conf index 5e14ebcee..062789124 100644 --- a/meta-digi-arm/conf/machine/ccmp13-dvk.conf +++ b/meta-digi-arm/conf/machine/ccmp13-dvk.conf @@ -166,10 +166,6 @@ BOOTABLE_ARTIFACTS = " \ fip/fip-ccmp13-dvk-256MB-optee.bin \ " -# TRUSTFENCE basic support -# Alternatively, uncommment to enable the console with the specified GPIO -# TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME ?= "GPIOA5" - # Default overlayfs_etc mount point and type OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data" OVERLAYFS_ETC_DEVICE ?= "ubi1:data" diff --git a/meta-digi-arm/conf/machine/ccmp15-dvk.conf b/meta-digi-arm/conf/machine/ccmp15-dvk.conf index 147a02344..d38181d6c 100644 --- a/meta-digi-arm/conf/machine/ccmp15-dvk.conf +++ b/meta-digi-arm/conf/machine/ccmp15-dvk.conf @@ -179,10 +179,6 @@ BOOTABLE_ARTIFACTS = " \ fip/fip-ccmp15-dvk-1GB-optee.bin \ " -# TRUSTFENCE basic support -# Alternatively, uncommment to enable the console with the specified GPIO -# TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME ?= "GPIOB6" - # Default overlayfs_etc mount point and type OVERLAYFS_ETC_MOUNT_POINT ?= "/mnt/data" OVERLAYFS_ETC_DEVICE ?= "ubi1:data" diff --git a/meta-digi-arm/conf/machine/include/ccmp1.inc b/meta-digi-arm/conf/machine/include/ccmp1.inc index e9c37fdc7..9d2488217 100644 --- a/meta-digi-arm/conf/machine/include/ccmp1.inc +++ b/meta-digi-arm/conf/machine/include/ccmp1.inc @@ -74,12 +74,6 @@ WKS_FILE_DEPENDS ?= " \ ${@bb.utils.contains('BOOTSCHEME_LABELS', 'optee', 'virtual/optee-os', '', d)} \ " -# Default secure console configuration -TRUSTFENCE_CONSOLE_DISABLE ?= "0" - -# Alternatively, uncommment to enable the console autoboot stop passphrase -# TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = "" - # Disable the generation of flashlayout files ENABLE_FLASHLAYOUT_CONFIG = "0" diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 0f9311cef..a5d18706e 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -14,12 +14,6 @@ TRUSTFENCE_ENABLED = "1" # Default secure console configuration TRUSTFENCE_CONSOLE_DISABLE ?= "0" -# Uncomment to enable the console with the specified passphrase -#TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = "my_secure_passphrase" - -# Alternatively, uncommment to enable the console with the specified GPIO -#TRUSTFENCE_CONSOLE_GPIO_ENABLE = "4" - # Default secure boot configuration TRUSTFENCE_SIGN ?= "1" TRUSTFENCE_SIGN_KEYS_PATH ?= "default" @@ -161,16 +155,12 @@ python () { elif (d.getVar("DEY_SOC_VENDOR") == "STM"): d.appendVar("UBOOT_TF_CONF", 'CONFIG_AUTOBOOT_KEYED=y CONFIG_AUTOBOOT_ENCRYPTION=y CONFIG_AUTOBOOT_STOP_STR_ENABLE=y CONFIG_AUTOBOOT_STOP_STR_SHA256="%s" ' % passphrase_hash) elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"): + d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NAME="%s" ' % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE")) if (d.getVar("DEY_SOC_VENDOR") == "NXP"): - d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE")) - if d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME"): - d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_GPIO_NAME="%s" ' % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME")) - if d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_ACTIVE_LOW"): - d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW=y ") - else: - d.appendVar("UBOOT_TF_CONF", '"# CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW is not set" ') - elif (d.getVar("DEY_SOC_VENDOR") == "STM"): - d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NAME="%s" ' % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME")) + if d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_ACTIVE_LOW"): + d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW=y ") + else: + d.appendVar("UBOOT_TF_CONF", '"# CONFIG_CONSOLE_ENABLE_GPIO_ACTIVE_LOW is not set" ') # Secure boot configuration if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"):