Hi Patrick On 6/28/21 2:56 PM, Patrick Delaunay wrote: > The expected sequence to close the device > > 1/ Load key in DDR with any supported load command > 2/ Update OTP with key: STM32MP> stm32key read <addr> > > At this point the device is able to perform image authentication but > non-authenticated images can still be used and executed. > So it is the last moment to test boot with signed binary and > check that the ROM code accepts them. > > 3/ Close the device: only signed binary will be accepted !! > STM32MP> stm32key close > > Warning: Programming these OTP is an irreversible operation! > This may brick your system if the HASH of key is invalid > > This command should be deactivated by default in real product. > > Signed-off-by: Patrick Delaunay <patrick.delau...@foss.st.com> > --- > > arch/arm/mach-stm32mp/cmd_stm32key.c | 54 ++++++++++++++++++++++++++-- > 1 file changed, 52 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c > b/arch/arm/mach-stm32mp/cmd_stm32key.c > index 8c8d476b65..50840b0f38 100644 > --- a/arch/arm/mach-stm32mp/cmd_stm32key.c > +++ b/arch/arm/mach-stm32mp/cmd_stm32key.c > @@ -210,10 +210,60 @@ static int do_stm32key_fuse(struct cmd_tbl *cmdtp, int > flag, int argc, char *con > return CMD_RET_SUCCESS; > } > > +static int do_stm32key_close(struct cmd_tbl *cmdtp, int flag, int argc, char > *const argv[]) > +{ > + bool yes, lock, closed; > + struct udevice *dev; > + u32 val; > + int ret; > + > + yes = false; > + if (argc == 2) { > + if (strcmp(argv[1], "-y")) > + return CMD_RET_USAGE; > + yes = true; > + } > + > + ret = read_hash_otp(!yes, &lock, &closed); > + if (ret) { > + if (ret == -ENOENT) > + printf("Error: OTP not programmed!\n"); > + return CMD_RET_FAILURE; > + } > + > + if (closed) { > + printf("Error: already closed!\n"); > + return CMD_RET_FAILURE; > + } > + > + if (!lock) > + printf("Warning: OTP not locked!\n"); > + > + if (!yes && !confirm_prog()) > + return CMD_RET_FAILURE; > + > + ret = get_misc_dev(&dev); > + if (ret) > + return CMD_RET_FAILURE; > + > + val = STM32_OTP_CLOSE_MASK; > + ret = misc_write(dev, STM32_BSEC_OTP(STM32_OTP_CLOSE_ID), &val, 4); > + if (ret != 4) { > + printf("Error: can't update OTP\n"); > + return CMD_RET_FAILURE; > + } > + > + printf("Device is closed !\n"); > + > + return CMD_RET_SUCCESS; > +} > + > static char stm32key_help_text[] = > "read [<addr>]: Read the hash stored at addr in memory or in OTP\n" > - "stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n"; > + "stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n" > + "stm32key close [-y] : Close the device, the hash stored in OTP\n"; > > U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Fuse ST Hash key", stm32key_help_text, > U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read), > - U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse)); > + U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse), > + U_BOOT_SUBCMD_MKENT(close, 2, 0, do_stm32key_close)); > Reviewed-by: Patrice Chotard <patrice.chot...@foss.st.com>
Thanks Patrice