From 79e29cb8fbc5c568358989327a164257b05cc608 Mon Sep 17 00:00:00 2001 From: Liming Sun Date: Mon, 7 Oct 2019 11:48:46 -0400 Subject: platform/mellanox: Add bootctl driver for Mellanox BlueField Soc This commit adds the bootctl platform driver for Mellanox BlueField Soc, which queries secure state and controls the eMMC boot partition swapping by sending SMC calls to ATF running at EL3. Below are the sequences of typical use case. 1. User requests boot partition swapping, which could be on-demand or during boot-image upgrade via UEFI capsule; 2. This bootctl driver handles the request and sends SMC call to ATF. ATF programs register BREADCRUMB0 which has value preserved during warm reset. It also programs eMMC to swap the boot partition; 3. After software reset (rebooting), ATF BL1 (BootRom) checks register BREADCRUMB0 and enable watchdog if configured; 4. If booting fails, the watchdog timer will trigger rebooting. In such case, ATF Boot ROM will switch the boot partition back to the previous one. This is a robust feature and used to prevent failure during boot partition upgrade. Reviewed-by: Vadim Pasternak Signed-off-by: Liming Sun Signed-off-by: Andy Shevchenko --- .../ABI/testing/sysfs-platform-mellanox-bootctl | 58 ++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-platform-mellanox-bootctl (limited to 'Documentation') diff --git a/Documentation/ABI/testing/sysfs-platform-mellanox-bootctl b/Documentation/ABI/testing/sysfs-platform-mellanox-bootctl new file mode 100644 index 000000000000..c65a80574869 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-platform-mellanox-bootctl @@ -0,0 +1,58 @@ +What: /sys/bus/platform/devices/MLNXBF04:00/driver/lifecycle_state +Date: Oct 2019 +KernelVersion: 5.5 +Contact: "Liming Sun " +Description: + The Life-cycle state of the SoC, which could be one of the + following values. + Production - Production state and can be updated to secure + GA Secured - Secure chip and not able to change state + GA Non-Secured - Non-Secure chip and not able to change state + RMA - Return Merchandise Authorization + +What: /sys/bus/platform/devices/MLNXBF04:00/driver/post_reset_wdog +Date: Oct 2019 +KernelVersion: 5.5 +Contact: "Liming Sun " +Description: + The watchdog setting in seconds for the next booting. It's used + to reboot the chip and recover it to the old state if the new + boot partition fails. + +What: /sys/bus/platform/devices/MLNXBF04:00/driver/reset_action +Date: Oct 2019 +KernelVersion: 5.5 +Contact: "Liming Sun " +Description: + The source of the boot stream for the next reset. It could be + one of the following values. + external - boot from external source (USB or PCIe) + emmc - boot from the onchip eMMC + emmc_legacy - boot from the onchip eMMC in legacy (slow) mode + +What: /sys/bus/platform/devices/MLNXBF04:00/driver/second_reset_action +Date: Oct 2019 +KernelVersion: 5.5 +Contact: "Liming Sun " +Description: + Update the source of the boot stream after next reset. It could + be one of the following values and will be applied after next + reset. + external - boot from external source (USB or PCIe) + emmc - boot from the onchip eMMC + emmc_legacy - boot from the onchip eMMC in legacy (slow) mode + swap_emmc - swap the primary / secondary boot partition + none - cancel the action + +What: /sys/bus/platform/devices/MLNXBF04:00/driver/secure_boot_fuse_state +Date: Oct 2019 +KernelVersion: 5.5 +Contact: "Liming Sun " +Description: + The state of eFuse versions with the following values. + InUse - burnt, valid and currently in use + Used - burnt and valid + Free - not burnt and free to use + Skipped - not burnt but not free (skipped) + Wasted - burnt and invalid + Invalid - not burnt but marked as valid (error state). -- cgit v1.2.3