random-mirrors/smaeul-u-boot
1
0
Fork 0
mirror of https://github.com/smaeul/u-boot.git synced 2025-11-24 04:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

stm32mp: cmd_stm32key: lock of PKH OTP after fuse

Browse Source 
Lock the OTP value of key's hash after the command
$> stm32key fuse <address>

This operation forbids a second update of these OTP as they are
ECC protected in BSEC: any update of these OTP with a different value
causes a BSEC disturb error and the closed chip will be bricked.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
This commit is contained in:
Patrick Delaunay 2021-06-28 14:56:00 +02:00
parent fe24090eb7
commit 3da2552a22
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
arch/arm/mach-stm32mp/cmd_stm32key.c
View File

@ -39,8 +39,9 @@ static int fuse_hash_value(u32 addr, bool print)
return ret;
}
for (i = 0; i < STM32_OTP_HASH_KEY_SIZE; i++) {
word = STM32_OTP_HASH_KEY_START + i;
for (i = 0, word = STM32_OTP_HASH_KEY_START;
i < STM32_OTP_HASH_KEY_SIZE;
i++, word++, addr += 4) {
val = __be32_to_cpu(*(u32 *)addr);
if (print)
printf("Fuse OTP %i : %x\n", word, val);
@ -50,8 +51,13 @@ static int fuse_hash_value(u32 addr, bool print)
log_err("Fuse OTP %i failed\n", word);
return ret;
}
addr += 4;
/* on success, lock the OTP for HASH key */
val = 1;
ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
if (ret != 4) {
log_err("Lock OTP %i failed\n", word);
return ret;
}
}
return 0;