smegw01: Add lockdown U-Boot env support

Add lockdown U-Boot env support so that only certain U-Boot environment
variables are allowed to be modified.

Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>

board/storopack/smegw01/Kconfig

@@ -12,4 +12,11 @@ config SYS_CONFIG_NAME
 config IMX_CONFIG
 	default "board/storopack/smegw01/imximage.cfg"
 
+config SYS_BOOT_LOCKED
+	bool "Lock boot process to EMMC"
+	default y
+	help
+	  Say N here if you want to boot from eMMC and SD.
+	  Say Y to boot from eMMC.
+
 endif

board/storopack/smegw01/smegw01.c

@@ -14,6 +14,7 @@
 #include <asm/io.h>
 #include <common.h>
 #include <env.h>
+#include <env_internal.h>
 #include <asm/arch/crm_regs.h>
 #include <asm/setup.h>
 #include <asm/bootm.h>
@@ -103,3 +104,19 @@ uint board_mmc_get_env_part(struct mmc *mmc)
 		part = 0;
 	return part;
 }
+
+enum env_location env_get_location(enum env_operation op, int prio)
+{
+	if (op == ENVOP_SAVE || op == ENVOP_ERASE)
+		return ENVL_MMC;
+
+	switch (prio) {
+	case 0:
+		return ENVL_NOWHERE;
+
+	case 1:
+		return ENVL_MMC;
+	}
+
+	return ENVL_UNKNOWN;
+}

configs/smegw01_defconfig

@@ -7,6 +7,7 @@ CONFIG_ENV_OFFSET=0x100000
 CONFIG_DM_GPIO=y
 CONFIG_DEFAULT_DEVICE_TREE="imx7d-smegw01"
 CONFIG_TARGET_SMEGW01=y
+# CONFIG_SYS_BOOT_LOCKED is not set
 CONFIG_ENV_OFFSET_REDUND=0x110000
 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 # CONFIG_ARMV7_VIRT is not set
@@ -17,13 +18,18 @@ CONFIG_SYS_MEMTEST_START=0x80000000
 CONFIG_SYS_MEMTEST_END=0xa0000000
 CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
+CONFIG_AUTOBOOT_MENU_SHOW=y
+CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE=y
 CONFIG_USE_BOOTCOMMAND=y
-CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; if run loadimage; then run mmcboot; else run altbootcmd; fi; "
+CONFIG_BOOTCOMMAND="if test \"${ustate}\" = 1; then setenv upgrade_available 1; saveenv; fi; run mmcboot; "
+CONFIG_USE_PREBOOT=y
+CONFIG_PREBOOT="run setup_boot_menu;"
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_MAXARGS=32
 CONFIG_SYS_PBSIZE=532
 # CONFIG_CMD_BOOTD is not set
 CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_BOOTMENU=y
 # CONFIG_CMD_IMI is not set
 # CONFIG_CMD_XIMG is not set
 CONFIG_CMD_MEMTEST=y
@@ -43,9 +49,12 @@ CONFIG_CMD_SQUASHFS=y
 CONFIG_CMD_FS_GENERIC=y
 CONFIG_OF_CONTROL=y
 CONFIG_ENV_OVERWRITE=y
+CONFIG_ENV_IS_NOWHERE=y
 CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
 CONFIG_SYS_RELOC_GD_ENV_ADDR=y
 CONFIG_SYS_MMC_ENV_DEV=1
+CONFIG_ENV_WRITEABLE_LIST=y
+CONFIG_ENV_ACCESS_IGNORE_FORCE=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_BOUNCE_BUFFER=y
 CONFIG_BOOTCOUNT_LIMIT=y

include/configs/smegw01.h

@@ -22,6 +22,32 @@
 #define EXTRA_BOOTPARAMS
 #endif
 
+#ifdef CONFIG_SYS_BOOT_LOCKED
+#define EXTRA_ENV_FLAGS
+#define SETUP_BOOT_MENU "setup_boot_menu=setenv bootmenu_0 eMMC=run bootcmd\0"
+#else
+#define EXTRA_ENV_FLAGS "mmcdev:dw,"
+#define SETUP_BOOT_MENU "setup_boot_menu=" \
+	"if test \"${mmcdev}\" = 1; then " \
+		"setenv emmc_priority 0;" \
+		"setenv sd_priority 1;" \
+	"else " \
+		"setenv emmc_priority 1;" \
+		"setenv sd_priority 0;" \
+	"fi;" \
+	"setenv bootmenu_${emmc_priority} eMMC=run boot_emmc;" \
+	"setenv bootmenu_${sd_priority} SD=run boot_sd;\0"
+#endif
+
+#define CFG_ENV_FLAGS_LIST_STATIC \
+	"mmcpart:dw," \
+	"mmcpart_committed:dw," \
+	"ustate:dw," \
+	"bootcount:dw," \
+	"bootlimit:dw," \
+	"upgrade_available:dw," \
+	EXTRA_ENV_FLAGS
+
 #define CFG_EXTRA_ENV_SETTINGS \
 	"image=fitImage\0" \
 	"console=ttymxc0\0" \
@@ -40,13 +66,28 @@
 						  "fi;\0" \
 	"bootlimit=3\0" \
 	"fit_addr=0x88000000\0" \
-	"loadimage=load mmc ${mmcdev}#rootfs-${mmcpart_committed} ${fit_addr} boot/${image}\0" \
+	"loadimage=load mmc ${mmcdev}:${gpt_partition_entry} ${fit_addr} boot/${image}\0" \
 	"loadpart=gpt setenv mmc ${mmcdev} rootfs-${mmcpart_committed}\0" \
 	"loadbootpart=mmc partconf 1 boot_part\0" \
-	"mmcboot=echo Booting from mmc ...; " \
+	"boot_sd=setenv mmcdev_wanted 0; run persist_mmcdev; run bootcmd;\0" \
+	"boot_emmc=setenv mmcdev_wanted 1; run persist_mmcdev; run bootcmd;\0" \
+	"persist_mmcdev=" \
+		"if test \"${mmcdev}\" != \"${mmcdev_wanted}\"; then " \
+			"setenv mmcdev \"${mmcdev_wanted}\";" \
+			"saveenv;" \
+		"fi;\0" \
+	"mmcboot=echo Booting...; " \
+		"echo mmcdev: ${mmcdev}; " \
 	  "run commit_mmc; " \
+		"echo mmcpart: ${mmcpart_committed}; " \
 		"run loadpart; " \
+		"echo gptpart: ${gpt_partition_entry}; " \
 		"run loadbootpart; " \
+		"if run loadimage; then " \
+			"; " \
+		"else " \
+			"run altbootcmd; " \
+		"fi; " \
 		"run mmcargs; " \
 		"if bootm ${fit_addr}; then " \
 			"; " \
@@ -61,7 +102,8 @@
 			"setenv mmcpart 1; " \
 			"setenv mmcpart_committed 1;" \
 		"fi; setenv bootcount 0; setenv upgrade_available; setenv ustate 3; saveenv; " \
-		"run bootcmd;\0"
+		"run bootcmd;\0" \
+		SETUP_BOOT_MENU
 
 /* Physical Memory Map */
 #define PHYS_SDRAM			MMDC0_ARB_BASE_ADDR