meta-ampere: mtmitchell: support Host Secure Provisioning procedure
BMC shall assert SPECIAL_BOOT GPIO to the CPU to trigger Host Secure
Provision. Then BMC shall reset the system, or turn on the system if
it is being OFF.
After the host enters Provisioning Boot Mode successfully (or having
failure), BMC shall deassert the SPECIAL_BOOT GPIO to LOW.
Tested:
1. Flash HostFW with PASS case.
- $ ampere_flash_bios.sh spinor.img 1 1
- Host boot with logs:
[00:00:00.248,000] <inf> scu_stat: is_special_boot() = 1
[00:00:00.383,000] <inf> SECpro_cert_ext: Assert FW_BOOT_OK
[00:00:00.383,000] <inf> SECpro_cert_ext: Deassert FAULT_ALERT
[00:00:00.383,000] <inf> SECpro_cert_ext: SEC provision completed \
successfully
2. Flash HostFW with FAULT case.
- $ ampere_flash_bios.sh spinor_fault.img 1 1
- Host boot with logs:
[00:00:00.253,000] <inf> scu_stat: is_special_boot() = 1
[00:00:00.388,000] <err> SECpro_cert_ext: Invalid version cert 0.0
[00:00:00.388,000] <inf> SECpro_cert_ext: Assert FW_BOOT_OK
[00:00:00.388,000] <err> SECpro_cert_ext: SEC provision failed
[00:00:00.388,000] <err> SECpro_cert_ext: Sending error on \
FAULT_ALERT
3. Turn off the Host, flash HostFW with PASS case. After flash done,
Host boot with logs is the same with step #1.
Signed-off-by: Hieu Huynh <hieuh@os.amperecomputing.com>
Change-Id: I546c7ffd80474edf6165e67f1b96eacbedcd0939
diff --git a/meta-ampere/meta-mitchell/recipes-ampere/platform/ampere-utils/ampere_flash_bios.sh b/meta-ampere/meta-mitchell/recipes-ampere/platform/ampere-utils/ampere_flash_bios.sh
index 0e0c18c..3c9cd42 100755
--- a/meta-ampere/meta-mitchell/recipes-ampere/platform/ampere-utils/ampere_flash_bios.sh
+++ b/meta-ampere/meta-mitchell/recipes-ampere/platform/ampere-utils/ampere_flash_bios.sh
@@ -51,7 +51,10 @@
if [ $# -eq 0 ]; then
- echo "Usage: $(basename "$0") <UEFI/EDKII image file>"
+ echo "Usage: $(basename "$0") <UEFI/EDKII image file> <DEV_SEL> [SPECIAL_BOOT]"
+ echo "Where:"
+ echo " DEV_SEL 1 is Primary SPI (by default), 2 is Second SPI"
+ echo " SPECIAL_BOOT: Optional, input '1' to enter & flash SPECIAL_BOOT mode. Default: 0"
exit 0
fi
@@ -67,6 +70,12 @@
DEV_SEL="$2"
fi
+SPECIAL_BOOT=0
+if [[ "$3" == "1" ]]; then
+ SPECIAL_BOOT=1
+fi
+
+echo "SPECIAL_BOOT mode: $SPECIAL_BOOT"
# Turn off the Host if it is currently ON
chassisstate=$(obmcutil chassisstate | awk -F. '{print $NF}')
echo "--- Current Chassis State: $chassisstate"
@@ -104,9 +113,20 @@
exit 0
fi
+# Restrict to flash Second Host SPI-NOR in case of SPECIAL_BOOT
+if [ $SPECIAL_BOOT == 1 ] && [ "$DEV_SEL" == 2 ]; then
+ echo "Not allow to flash the Second Host SPI-NOR with SPECIAL_BOOT image"
+ exit
+fi
+
# Flash the firmware
do_flash
+# Assert SPECIAL_BOOT GPIO PIN
+if [[ $SPECIAL_BOOT == 1 ]]; then
+ gpioset $(gpiofind host0-special-boot)=1
+fi
+
# Switch the SPI bus to the primary spi device
echo "Switch to the Primary Host SPI-NOR"
gpioset $(gpiofind spi0-backup-sel)=1 # Primary SPI
@@ -118,9 +138,25 @@
exit 1
fi
-if [ "$chassisstate" == 'On' ];
+if [ "$chassisstate" == 'On' ] || [ $SPECIAL_BOOT == 1 ];
then
sleep 5
echo "Turn on the Host"
obmcutil poweron
fi
+
+# Deassert SPECIAL_BOOT GPIO PIN if it is being asserted
+if [[ $SPECIAL_BOOT == 1 ]]; then
+ # Time out checking for Host ON is 60s
+ cnt=12
+ while [ "$cnt" -gt 0 ];
+ do
+ cnt=$((cnt - 1))
+ if systemctl status obmc-host-already-on@0.target | grep "Active: active"; then
+ echo "Deassert SPECIAL_BOOT GPIO PIN if it is being asserted."
+ gpioset $(gpiofind host0-special-boot)=0
+ exit 0
+ fi
+ sleep 5
+ done
+fi