[PATCH 7/7] stm32mp: cmd_stm32key: add subcommand close

Patrick DELAUNAY patrick.delaunay at foss.st.com
Fri Jul 16 10:28:59 CEST 2021


Hi,

On 6/28/21 2:56 PM, Patrick Delaunay wrote:
> The expected sequence to close the device
>
> 1/ Load key in DDR with any supported load command
> 2/ Update OTP with key: STM32MP> stm32key read <addr>
>
> At this point the device is able to perform image authentication but
> non-authenticated images can still be used and executed.
> So it is the last moment to test boot with signed binary and
> check that the ROM code accepts them.
>
> 3/ Close the device: only signed binary will be accepted !!
>     STM32MP> stm32key close
>
> Warning: Programming these OTP is an irreversible operation!
>           This may brick your system if the HASH of key is invalid
>
> This command should be deactivated by default in real product.
>
> Signed-off-by: Patrick Delaunay <patrick.delaunay at foss.st.com>
> ---
>
>   arch/arm/mach-stm32mp/cmd_stm32key.c | 54 ++++++++++++++++++++++++++--
>   1 file changed, 52 insertions(+), 2 deletions(-)
>

Applied to u-boot-stm/master, thanks!

Regards
Patrick



More information about the U-Boot mailing list