[PATCH 0/7] stm32mp: cmd_stm32key: updates
Patrick Delaunay
patrick.delaunay at foss.st.com
Mon Jun 28 14:55:56 CEST 2021
Several improvements and protection on the command stm32key.
This command is used to experiment the secure boot on STM32MP15x;
the expected sequence to manually activate it with this U-Boot command is:
- Key generation with STM32 KeyGen tool
- Key registration: update and lock PKH in OTP (stm32key fuse)
- Perform image authentication of an image signed with
STM32 Signing tool and check that the ROM code accepted them
- Close the device, only signed binary will be accepted (stm32key close)
Warning: Make sure that a device with Secure boot enabled is used,
check the security field of the chip part number.
Otherwise the chip will be bricked and could not be used anymore.
This command is activated by default on STMicroelectronics evaluation
boards but these OTP can also be updated directly by customer
application or with Secure Secret Provisioning (SSP).
Patrick Delaunay (7):
stm32mp: configs: activate the command stm32key only for ST boards
stm32mp: cmd_stm32key: use sub command
stm32mp: cmd_stm32key: handle error in fuse_hash_value
stm32mp: cmd_stm32key: lock of PKH OTP after fuse
stm32mp: cmd_stm32key: add get_misc_dev function
stm32mp: cmd_stm32key: add read OTP subcommand
stm32mp: cmd_stm32key: add subcommand close
arch/arm/mach-stm32mp/Kconfig | 4 +-
arch/arm/mach-stm32mp/cmd_stm32key.c | 239 +++++++++++++++++++++++----
configs/stm32mp15_basic_defconfig | 1 +
configs/stm32mp15_trusted_defconfig | 1 +
4 files changed, 208 insertions(+), 37 deletions(-)
--
2.25.1
More information about the U-Boot
mailing list