stm32mp: cmd_stm32key: add subcommand close

The expected sequence to close the device 1/ Load key in DDR with any supported load command 2/ Update OTP with key: STM32MP> stm32key read <addr> At this point the device is able to perform image authentication but non-authenticated images can still be used and executed. So it is the last moment to test boot with signed binary and check that the ROM code accepts them. 3/ Close the device: only signed binary will be accepted !! STM32MP> stm32key close Warning: Programming these OTP is an irreversible operation! This may brick your system if the HASH of key is invalid This command should be deactivated by default in real product. Signed-off-by: N Patrick Delaunay <patrick.delaunay@foss.st.com> Reviewed-by: N Patrice Chotard <patrice.chotard@foss.st.com>

stm32mp: cmd_stm32key: add subcommand close
The expected sequence to close the device 1/ Load key in DDR with any supported load command 2/ Update OTP with key: STM32MP> stm32key read <addr> At this point the device is able to perform image authentication but non-authenticated images can still be used and executed. So it is the last moment to test boot with signed binary and check that the ROM code accepts them. 3/ Close the device: only signed binary will be accepted !! STM32MP> stm32key close Warning: Programming these OTP is an irreversible operation! This may brick your system if the HASH of key is invalid This command should be deactivated by default in real product. Signed-off-by: N Patrick Delaunay <patrick.delaunay@foss.st.com> Reviewed-by: N Patrice Chotard <patrice.chotard@foss.st.com>
80cfc6c6 · Patrick Delaunay · d3551b8e · 80cfc6c6
隐藏空白更改
内联并排

Showing with 52 addition and 2 deletion

arch/arm/mach-stm32mp/cmd_stm32key.c arch/arm/mach-stm32mp/cmd_stm32key.c +52 -2

未找到文件。
--- a/arch/arm/mach-stm32mp/cmd_stm32key.c
+++ b/arch/arm/mach-stm32mp/cmd_stm32key.c
@@ -210,10 +210,60 @@ static int do_stm32key_fuse(struct cmd_tbl *cmdtp, int flag, int argc, char *con
 	return CMD_RET_SUCCESS;
 }

+static int do_stm32key_close(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	bool yes, lock, closed;
+	struct udevice *dev;
+	u32 val;
+	int ret;
+
+	yes = false;
+	if (argc == 2) {
+		if (strcmp(argv[1], "-y"))
+			return CMD_RET_USAGE;
+		yes = true;
+	}
+
+	ret = read_hash_otp(!yes, &lock, &closed);
+	if (ret) {
+		if (ret == -ENOENT)
+			printf("Error: OTP not programmed!\n");
+		return CMD_RET_FAILURE;
+	}
+
+	if (closed) {
+		printf("Error: already closed!\n");
+		return CMD_RET_FAILURE;
+	}
+
+	if (!lock)
+		printf("Warning: OTP not locked!\n");
+
+	if (!yes && !confirm_prog())
+		return CMD_RET_FAILURE;
+
+	ret = get_misc_dev(&dev);
+	if (ret)
+		return CMD_RET_FAILURE;
+
+	val = STM32_OTP_CLOSE_MASK;
+	ret = misc_write(dev, STM32_BSEC_OTP(STM32_OTP_CLOSE_ID), &val, 4);
+	if (ret != 4) {
+		printf("Error: can't update OTP\n");
+		return CMD_RET_FAILURE;
+	}
+
+	printf("Device is closed !\n");
+
+	return CMD_RET_SUCCESS;
+}
+
 static char stm32key_help_text[] =
 	"read [<addr>]: Read the hash stored at addr in memory or in OTP\n"
-	"stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n";
+	"stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n"
+	"stm32key close [-y] : Close the device, the hash stored in OTP\n";

 U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Fuse ST Hash key", stm32key_help_text,
 	U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read),
-	U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse));
+	U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse),
+	U_BOOT_SUBCMD_MKENT(close, 2, 0, do_stm32key_close));