Hi Patrick
On 6/28/21 2:56 PM, Patrick Delaunay wrote:
> Lock the OTP value of key's hash after the command
> $> stm32key fuse <address>
>
> This operation forbids a second update of these OTP as they are
> ECC protected in BSEC: any update of these OTP with a different value
> causes a BSEC disturb error and the closed chip will be bricked.
>
> Signed-off-by: Patrick Delaunay <patrick.delau...@foss.st.com>
> ---
>
> arch/arm/mach-stm32mp/cmd_stm32key.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c
> b/arch/arm/mach-stm32mp/cmd_stm32key.c
> index 2529139ebc..c4cb6342fa 100644
> --- a/arch/arm/mach-stm32mp/cmd_stm32key.c
> +++ b/arch/arm/mach-stm32mp/cmd_stm32key.c
> @@ -39,8 +39,9 @@ static int fuse_hash_value(u32 addr, bool print)
> return ret;
> }
>
> - for (i = 0; i < STM32_OTP_HASH_KEY_SIZE; i++) {
> - word = STM32_OTP_HASH_KEY_START + i;
> + for (i = 0, word = STM32_OTP_HASH_KEY_START;
> + i < STM32_OTP_HASH_KEY_SIZE;
> + i++, word++, addr += 4) {
> val = __be32_to_cpu(*(u32 *)addr);
> if (print)
> printf("Fuse OTP %i : %x\n", word, val);
> @@ -50,8 +51,13 @@ static int fuse_hash_value(u32 addr, bool print)
> log_err("Fuse OTP %i failed\n", word);
> return ret;
> }
> -
> - addr += 4;
> + /* on success, lock the OTP for HASH key */
> + val = 1;
> + ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
> + if (ret != 4) {
> + log_err("Lock OTP %i failed\n", word);
> + return ret;
> + }
> }
>
> return 0;
>
Reviewed-by: Patrice Chotard <patrice.chot...@foss.st.com>
Thanks
Patrice
