[PATCH 4/7] stm32mp: cmd_stm32key: lock of PKH OTP after fuse

Patrice CHOTARD patrice.chotard at foss.st.com
Thu Jul 1 09:35:54 CEST 2021


Hi Patrick

On 6/28/21 2:56 PM, Patrick Delaunay wrote:
> Lock the OTP value of key's hash after the command
> $> stm32key fuse <address>
> 
> This operation forbids a second update of these OTP as they are
> ECC protected in BSEC: any update of these OTP with a different value
> causes a BSEC disturb error and the closed chip will be bricked.
> 
> Signed-off-by: Patrick Delaunay <patrick.delaunay at foss.st.com>
> ---
> 
>  arch/arm/mach-stm32mp/cmd_stm32key.c | 14 ++++++++++----
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c b/arch/arm/mach-stm32mp/cmd_stm32key.c
> index 2529139ebc..c4cb6342fa 100644
> --- a/arch/arm/mach-stm32mp/cmd_stm32key.c
> +++ b/arch/arm/mach-stm32mp/cmd_stm32key.c
> @@ -39,8 +39,9 @@ static int fuse_hash_value(u32 addr, bool print)
>  		return ret;
>  	}
>  
> -	for (i = 0; i < STM32_OTP_HASH_KEY_SIZE; i++) {
> -		word = STM32_OTP_HASH_KEY_START + i;
> +	for (i = 0, word = STM32_OTP_HASH_KEY_START;
> +	     i < STM32_OTP_HASH_KEY_SIZE;
> +	     i++, word++, addr += 4) {
>  		val = __be32_to_cpu(*(u32 *)addr);
>  		if (print)
>  			printf("Fuse OTP %i : %x\n", word, val);
> @@ -50,8 +51,13 @@ static int fuse_hash_value(u32 addr, bool print)
>  			log_err("Fuse OTP %i failed\n", word);
>  			return ret;
>  		}
> -
> -		addr += 4;
> +		/* on success, lock the OTP for HASH key */
> +		val = 1;
> +		ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
> +		if (ret != 4) {
> +			log_err("Lock OTP %i failed\n", word);
> +			return ret;
> +		}
>  	}
>  
>  	return 0;
> 
Reviewed-by: Patrice Chotard <patrice.chotard at foss.st.com>

Thanks
Patrice


More information about the U-Boot mailing list