stm32mp: cmd_stm32key: add subcommand close
The expected sequence to close the device
1/ Load key in DDR with any supported load command
2/ Update OTP with key: STM32MP> stm32key read <addr>
At this point the device is able to perform image authentication but
non-authenticated images can still be used and executed.
So it is the last moment to test boot with signed binary and
check that the ROM code accepts them.
3/ Close the device: only signed binary will be accepted !!
STM32MP> stm32key close
Warning: Programming these OTP is an irreversible operation!
This may brick your system if the HASH of key is invalid
This command should be deactivated by default in real product.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
This commit is contained in:
Patrick Delaunay
parent
d3551b8eef
commit
80cfc6c692
|
|
@ -210,10 +210,60 @@ static int do_stm32key_fuse(struct cmd_tbl *cmdtp, int flag, int argc, char *con
|
||||||
return CMD_RET_SUCCESS;
|
return CMD_RET_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int do_stm32key_close(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
||||||
|
{
|
||||||
|
bool yes, lock, closed;
|
||||||
|
struct udevice *dev;
|
||||||
|
u32 val;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
yes = false;
|
||||||
|
if (argc == 2) {
|
||||||
|
if (strcmp(argv[1], "-y"))
|
||||||
|
return CMD_RET_USAGE;
|
||||||
|
yes = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = read_hash_otp(!yes, &lock, &closed);
|
||||||
|
if (ret) {
|
||||||
|
if (ret == -ENOENT)
|
||||||
|
printf("Error: OTP not programmed!\n");
|
||||||
|
return CMD_RET_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (closed) {
|
||||||
|
printf("Error: already closed!\n");
|
||||||
|
return CMD_RET_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!lock)
|
||||||
|
printf("Warning: OTP not locked!\n");
|
||||||
|
|
||||||
|
if (!yes && !confirm_prog())
|
||||||
|
return CMD_RET_FAILURE;
|
||||||
|
|
||||||
|
ret = get_misc_dev(&dev);
|
||||||
|
if (ret)
|
||||||
|
return CMD_RET_FAILURE;
|
||||||
|
|
||||||
|
val = STM32_OTP_CLOSE_MASK;
|
||||||
|
ret = misc_write(dev, STM32_BSEC_OTP(STM32_OTP_CLOSE_ID), &val, 4);
|
||||||
|
if (ret != 4) {
|
||||||
|
printf("Error: can't update OTP\n");
|
||||||
|
return CMD_RET_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("Device is closed !\n");
|
||||||
|
|
||||||
|
return CMD_RET_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
static char stm32key_help_text[] =
|
static char stm32key_help_text[] =
|
||||||
"read [<addr>]: Read the hash stored at addr in memory or in OTP\n"
|
"read [<addr>]: Read the hash stored at addr in memory or in OTP\n"
|
||||||
"stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n";
|
"stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n"
|
||||||
|
"stm32key close [-y] : Close the device, the hash stored in OTP\n";
|
||||||
|
|
||||||
U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Fuse ST Hash key", stm32key_help_text,
|
U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Fuse ST Hash key", stm32key_help_text,
|
||||||
U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read),
|
U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read),
|
||||||
U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse));
|
U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse),
|
||||||
|
U_BOOT_SUBCMD_MKENT(close, 2, 0, do_stm32key_close));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue