[PATCH] Add ahab_commit command for imx8
John Ripple
john.ripple at keysight.com
Tue Jul 15 00:07:29 CEST 2025
The ahab_commit command allows the user to commit into the SECO fuses
that control the SRK key revocation information. This is used to Revoke
compromised SRK keys.
To use ahab_commit, the boot container must be built with an SRK
revocation bit mask that is not 0x0. For the SPSDK provided by NXP, this
means setting the 'srk_revoke_mask' option in the config file used to
sign the boot container. The 'ahab_commit 0x10' can then be used to commit
the SRK revocation information into the SECO fuses.
Signed-off-by: John Ripple <john.ripple at keysight.com>
---
arch/arm/mach-imx/imx8/ahab.c | 27 +++++++++++++++++++++++++++
drivers/misc/imx8/scu_api.c | 29 +++++++++++++++++++++++++++++
include/firmware/imx/sci/sci.h | 6 ++++++
3 files changed, 62 insertions(+)
diff --git a/arch/arm/mach-imx/imx8/ahab.c b/arch/arm/mach-imx/imx8/ahab.c
index 324e010bb2c..f9a425c899c 100644
--- a/arch/arm/mach-imx/imx8/ahab.c
+++ b/arch/arm/mach-imx/imx8/ahab.c
@@ -401,6 +401,27 @@ static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
return 0;
}
+static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u32 info;
+
+ if (argc < 2)
+ return CMD_RET_USAGE;
+
+ info = simple_strtoul(argv[1], NULL, 16);
+ printf("Commit index is 0x%x\n", info);
+
+ if (sc_seco_commit(-1, &info)) {
+ printf("Error in AHAB commit\n");
+ return -EIO;
+ }
+
+ printf("AHAB commit succeeded.\n");
+
+ return CMD_RET_SUCCESS;
+}
+
U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
"autenticate OS container via AHAB",
"addr\n"
@@ -416,3 +437,9 @@ U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
"Change AHAB lifecycle to OEM closed",
""
);
+
+U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit,
+ "commit into the fuses any new SRK revocation information that have been found\n"
+ "into the NXP (SECO FW) and OEM containers. For SRK revocation use 0x10 for the value.",
+ ""
+);
diff --git a/drivers/misc/imx8/scu_api.c b/drivers/misc/imx8/scu_api.c
index a40c8badf9a..ba93ff9bd74 100644
--- a/drivers/misc/imx8/scu_api.c
+++ b/drivers/misc/imx8/scu_api.c
@@ -1287,3 +1287,32 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 access, u32 *data)
return ret;
}
+
+int sc_seco_commit(sc_ipc_t ipc, u32 *info)
+{
+ struct udevice *dev = gd->arch.scu_dev;
+ struct sc_rpc_msg_s msg;
+ int size = sizeof(struct sc_rpc_msg_s);
+ int ret;
+
+ /* Fill in header */
+ RPC_VER(&msg) = SC_RPC_VERSION;
+ RPC_SIZE(&msg) = 2U;
+ RPC_SVC(&msg) = (u8)SC_RPC_SVC_SECO;
+ RPC_FUNC(&msg) = (u8)SECO_FUNC_COMMIT;
+
+ /* Fill in send message */
+ RPC_U32(&msg, 0U) = info;
+
+ /* Call RPC */
+ ret = misc_call(dev, SC_FALSE, &msg, size, &msg, size);
+
+ /* Copy out result */
+ ret = (int)RPC_R8(&msg);
+
+ /* Copy out receive message */
+ *info = RPC_U32(&msg, 0U);
+
+ /* Return result */
+ return ret;
+}
diff --git a/include/firmware/imx/sci/sci.h b/include/firmware/imx/sci/sci.h
index 588f3671103..876d52cac35 100644
--- a/include/firmware/imx/sci/sci.h
+++ b/include/firmware/imx/sci/sci.h
@@ -144,6 +144,7 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 access, u32 *data);
int sc_seco_secvio_config(sc_ipc_t ipc, u8 id, u8 access,
u32 *data0, u32 *data1, u32 *data2, u32 *data3,
u32 *data4, u8 size);
+int sc_seco_commit(sc_ipc_t ipc, u32 *info);
#else
/* PM API*/
static inline int sc_pm_set_resource_power_mode(sc_ipc_t ipc, sc_rsrc_t resource,
@@ -383,6 +384,11 @@ static inline int sc_seco_secvio_config(sc_ipc_t ipc, u8 id, u8 access, u32 *dat
return -EOPNOTSUPP;
}
+static inline int sc_seco_commit(sc_ipc_t ipc, u32 *info)
+{
+ return -EOPNOTSUPP;
+}
+
static inline void sc_pm_reboot(sc_ipc_t ipc, sc_pm_reset_type_t type)
{
}
base-commit: 235e14b0f1ad7cfd46e18635f22a3cba7209c766
branch: master
More information about the U-Boot
mailing list