Allwinner devices which support TOC0 have anti-rollback protection efuses that are sometimes blown to prevent downgrading firmware.
Since we don't currently support configuring an anti-rollback version lets just set the max version in the TOC0 certificate so that the sbrom will never reject our image due to the anti-rollback protections having been used by BSP based firmware. Note that while there are 32 efuse bits the SBROM will reject any antirollback version above 31, as such setting 31 should ensure maxiumum hardware compatibility. Signed-off-by: James Hilliard <[email protected]> --- tools/sunxi_toc0.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c index 76693647a09..35bd43680d4 100644 --- a/tools/sunxi_toc0.c +++ b/tools/sunxi_toc0.c @@ -127,6 +127,11 @@ struct __packed toc0_cert_item { struct __packed toc0_extension { toc0_small_int tag_digest; uint8_t digest[32]; + toc0_small_seq tag_nvc_seq; + struct __packed toc0_nvc_seq { + int oid; + int nvc; + } nvc_seq; } extension; } explicit3; } mainSequence; @@ -174,6 +179,11 @@ static const struct toc0_cert_item cert_item_template = { { TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)), {}, + TOC0_SMALL_SEQ(sizeof(struct toc0_nvc_seq)), + { + 1, + 31, + }, }, }, }, -- 2.43.0
