Hi Patrick On 6/28/21 2:56 PM, Patrick Delaunay wrote: > Lock the OTP value of key's hash after the command > $> stm32key fuse <address> > > This operation forbids a second update of these OTP as they are > ECC protected in BSEC: any update of these OTP with a different value > causes a BSEC disturb error and the closed chip will be bricked. > > Signed-off-by: Patrick Delaunay <patrick.delau...@foss.st.com> > --- > > arch/arm/mach-stm32mp/cmd_stm32key.c | 14 ++++++++++---- > 1 file changed, 10 insertions(+), 4 deletions(-) > > diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c > b/arch/arm/mach-stm32mp/cmd_stm32key.c > index 2529139ebc..c4cb6342fa 100644 > --- a/arch/arm/mach-stm32mp/cmd_stm32key.c > +++ b/arch/arm/mach-stm32mp/cmd_stm32key.c > @@ -39,8 +39,9 @@ static int fuse_hash_value(u32 addr, bool print) > return ret; > } > > - for (i = 0; i < STM32_OTP_HASH_KEY_SIZE; i++) { > - word = STM32_OTP_HASH_KEY_START + i; > + for (i = 0, word = STM32_OTP_HASH_KEY_START; > + i < STM32_OTP_HASH_KEY_SIZE; > + i++, word++, addr += 4) { > val = __be32_to_cpu(*(u32 *)addr); > if (print) > printf("Fuse OTP %i : %x\n", word, val); > @@ -50,8 +51,13 @@ static int fuse_hash_value(u32 addr, bool print) > log_err("Fuse OTP %i failed\n", word); > return ret; > } > - > - addr += 4; > + /* on success, lock the OTP for HASH key */ > + val = 1; > + ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4); > + if (ret != 4) { > + log_err("Lock OTP %i failed\n", word); > + return ret; > + } > } > > return 0; > Reviewed-by: Patrice Chotard <patrice.chot...@foss.st.com>
Thanks Patrice