This message could not be delivered immediately due to an internal mail routing issue. The mail routing error has been resolved in the meantime. We apologize for the delay in delivery and any inconvenience this may have caused. In case of any questions please contact us via i...@hexagon.com.
Original sender: patrick.delau...@foss.st.com Original delivery time: 28-Jun-2021 01:28 PM (UTC) ----------------------------------------------------------------------------------------------------------------------- This email is not from Hexagon’s Office 365 instance. Please be careful while clicking links, opening attachments, or replying to this email. Several improvements and protection on the command stm32key. This command is used to experiment the secure boot on STM32MP15x; the expected sequence to manually activate it with this U-Boot command is: - Key generation with STM32 KeyGen tool - Key registration: update and lock PKH in OTP (stm32key fuse) - Perform image authentication of an image signed with STM32 Signing tool and check that the ROM code accepted them - Close the device, only signed binary will be accepted (stm32key close) Warning: Make sure that a device with Secure boot enabled is used, check the security field of the chip part number. Otherwise the chip will be bricked and could not be used anymore. This command is activated by default on STMicroelectronics evaluation boards but these OTP can also be updated directly by customer application or with Secure Secret Provisioning (SSP). Patrick Delaunay (7): stm32mp: configs: activate the command stm32key only for ST boards stm32mp: cmd_stm32key: use sub command stm32mp: cmd_stm32key: handle error in fuse_hash_value stm32mp: cmd_stm32key: lock of PKH OTP after fuse stm32mp: cmd_stm32key: add get_misc_dev function stm32mp: cmd_stm32key: add read OTP subcommand stm32mp: cmd_stm32key: add subcommand close arch/arm/mach-stm32mp/Kconfig | 4 +- arch/arm/mach-stm32mp/cmd_stm32key.c | 239 +++++++++++++++++++++++---- configs/stm32mp15_basic_defconfig | 1 + configs/stm32mp15_trusted_defconfig | 1 + 4 files changed, 208 insertions(+), 37 deletions(-) -- 2.25.1
