Several improvements and protection on the command stm32key.
This command is used to experiment the secure boot on STM32MP15x; the expected sequence to manually activate it with this U-Boot command is: - Key generation with STM32 KeyGen tool - Key registration: update and lock PKH in OTP (stm32key fuse) - Perform image authentication of an image signed with STM32 Signing tool and check that the ROM code accepted them - Close the device, only signed binary will be accepted (stm32key close) Warning: Make sure that a device with Secure boot enabled is used, check the security field of the chip part number. Otherwise the chip will be bricked and could not be used anymore. This command is activated by default on STMicroelectronics evaluation boards but these OTP can also be updated directly by customer application or with Secure Secret Provisioning (SSP). Patrick Delaunay (7): stm32mp: configs: activate the command stm32key only for ST boards stm32mp: cmd_stm32key: use sub command stm32mp: cmd_stm32key: handle error in fuse_hash_value stm32mp: cmd_stm32key: lock of PKH OTP after fuse stm32mp: cmd_stm32key: add get_misc_dev function stm32mp: cmd_stm32key: add read OTP subcommand stm32mp: cmd_stm32key: add subcommand close arch/arm/mach-stm32mp/Kconfig | 4 +- arch/arm/mach-stm32mp/cmd_stm32key.c | 239 +++++++++++++++++++++++---- configs/stm32mp15_basic_defconfig | 1 + configs/stm32mp15_trusted_defconfig | 1 + 4 files changed, 208 insertions(+), 37 deletions(-) -- 2.25.1