diff options
author | Patrick Delaunay <patrick.delaunay@foss.st.com> | 2021-06-28 15:56:00 +0300 |
---|---|---|
committer | Patrick Delaunay <patrick.delaunay@foss.st.com> | 2021-07-16 10:28:46 +0300 |
commit | 3da2552a22580d5cb703bce9f07f1444136589a3 (patch) | |
tree | fdd05ffdd8224fcc5844e5edd46ba90e032d14d3 /arch/arm/mach-stm32mp | |
parent | fe24090eb7f7cfe33a964a7966e78b7ed954ee98 (diff) | |
download | u-boot-3da2552a22580d5cb703bce9f07f1444136589a3.tar.xz |
stm32mp: cmd_stm32key: lock of PKH OTP after fuse
Lock the OTP value of key's hash after the command
$> stm32key fuse <address>
This operation forbids a second update of these OTP as they are
ECC protected in BSEC: any update of these OTP with a different value
causes a BSEC disturb error and the closed chip will be bricked.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Diffstat (limited to 'arch/arm/mach-stm32mp')
-rw-r--r-- | arch/arm/mach-stm32mp/cmd_stm32key.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c b/arch/arm/mach-stm32mp/cmd_stm32key.c index 2529139ebc..c4cb6342fa 100644 --- a/arch/arm/mach-stm32mp/cmd_stm32key.c +++ b/arch/arm/mach-stm32mp/cmd_stm32key.c @@ -39,8 +39,9 @@ static int fuse_hash_value(u32 addr, bool print) return ret; } - for (i = 0; i < STM32_OTP_HASH_KEY_SIZE; i++) { - word = STM32_OTP_HASH_KEY_START + i; + for (i = 0, word = STM32_OTP_HASH_KEY_START; + i < STM32_OTP_HASH_KEY_SIZE; + i++, word++, addr += 4) { val = __be32_to_cpu(*(u32 *)addr); if (print) printf("Fuse OTP %i : %x\n", word, val); @@ -50,8 +51,13 @@ static int fuse_hash_value(u32 addr, bool print) log_err("Fuse OTP %i failed\n", word); return ret; } - - addr += 4; + /* on success, lock the OTP for HASH key */ + val = 1; + ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4); + if (ret != 4) { + log_err("Lock OTP %i failed\n", word); + return ret; + } } return 0; |