This message could not be delivered immediately due to an internal mail routing issue. The mail routing error has been resolved in the meantime. We apologize for the delay in delivery and any inconvenience this may have caused. In case of any questions please contact us via [email protected].
Original sender: [email protected] Original delivery time: 28-Jun-2021 01:04 PM (UTC) ----------------------------------------------------------------------------------------------------------------------- This email is not from Hexagon’s Office 365 instance. Please be careful while clicking links, opening attachments, or replying to this email. The expected sequence to close the device 1/ Load key in DDR with any supported load command 2/ Update OTP with key: STM32MP> stm32key read At this point the device is able to perform image authentication but non-authenticated images can still be used and executed. So it is the last moment to test boot with signed binary and check that the ROM code accepts them. 3/ Close the device: only signed binary will be accepted !! STM32MP> stm32key close Warning: Programming these OTP is an irreversible operation! This may brick your system if the HASH of key is invalid This command should be deactivated by default in real product. Signed-off-by: Patrick Delaunay --- arch/arm/mach-stm32mp/cmd_stm32key.c | 54 ++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c b/arch/arm/mach-stm32mp/cmd_stm32key.c index 8c8d476b65..50840b0f38 100644 --- a/arch/arm/mach-stm32mp/cmd_stm32key.c +++ b/arch/arm/mach-stm32mp/cmd_stm32key.c @@ -210,10 +210,60 @@ static int do_stm32key_fuse(struct cmd_tbl *cmdtp, int flag, int argc, char *con return CMD_RET_SUCCESS; } +static int do_stm32key_close(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + bool yes, lock, closed; + struct udevice *dev; + u32 val; + int ret; + + yes = false; + if (argc == 2) { + if (strcmp(argv[1], "-y")) + return CMD_RET_USAGE; + yes = true; + } + + ret = read_hash_otp(!yes, &lock, &closed); + if (ret) { + if (ret == -ENOENT) + printf("Error: OTP not programmed!\n"); + return CMD_RET_FAILURE; + } + + if (closed) { + printf("Error: already closed!\n"); + return CMD_RET_FAILURE; + } + + if (!lock) + printf("Warning: OTP not locked!\n"); + + if (!yes && !confirm_prog()) + return CMD_RET_FAILURE; + + ret = get_misc_dev(&dev); + if (ret) + return CMD_RET_FAILURE; + + val = STM32_OTP_CLOSE_MASK; + ret = misc_write(dev, STM32_BSEC_OTP(STM32_OTP_CLOSE_ID), &val, 4); + if (ret != 4) { + printf("Error: can't update OTP\n"); + return CMD_RET_FAILURE; + } + + printf("Device is closed !\n"); + + return CMD_RET_SUCCESS; +} + static char stm32key_help_text[] = "read []: Read the hash stored at addr in memory or in OTP\n" - "stm32key fuse [-y] : Fuse hash stored at addr in OTP\n"; + "stm32key fuse [-y] : Fuse hash stored at addr in OTP\n" + "stm32key close [-y] : Close the device, the hash stored in OTP\n"; U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Fuse ST Hash key", stm32key_help_text, U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read), - U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse)); + U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse), + U_BOOT_SUBCMD_MKENT(close, 2, 0, do_stm32key_close)); -- 2.25.1
