[PATCH v3] imx8: Add ahab_commit command

Heiko Schocher hs at nabladev.com
Tue Sep 9 07:11:53 CEST 2025


Hello John,

On 08.09.25 23:18, John Ripple wrote:
> The ahab_commit command allows the user to commit into the SECO fuses
> that control the SRK key revocation information. This is used to Revoke
> compromised SRK keys.
> 
> To use ahab_commit, the boot container must be built with an SRK
> revocation bit mask that is not 0x0. For the SPSDK provided by NXP, this
> means setting the 'srk_revoke_mask' option in the config file used to
> sign the boot container. The 'ahab_commit 0x10' can then be used to commit
> the SRK revocation information into the SECO fuses.
> 
> Signed-off-by: John Ripple <john.ripple at keysight.com>
> ---
> Changes in v2:
> - Changed patch name to have imx8.
> 
> Changes in v3:
> - Changed patch name to only have imx8 at the start.
> - Add error checking for sc_seco_commit message.
> ---
> 
>   arch/arm/mach-imx/imx8/ahab.c  | 27 +++++++++++++++++++++++++++
>   drivers/misc/imx8/scu_api.c    | 30 ++++++++++++++++++++++++++++++
>   include/firmware/imx/sci/sci.h |  6 ++++++
>   3 files changed, 63 insertions(+)

Thanks!

Reviewed-by: Heiko Schocher <hs at nabladev.com>

just a nitpick...

[...]
> diff --git a/drivers/misc/imx8/scu_api.c b/drivers/misc/imx8/scu_api.c
> index 8985ab6584d..0337525774e 100644
> --- a/drivers/misc/imx8/scu_api.c
> +++ b/drivers/misc/imx8/scu_api.c
> @@ -1286,3 +1286,33 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 access, u32 *data)
>   
>   	return ret;
>   }
> +
> +int sc_seco_commit(sc_ipc_t ipc, u32 *info)
> +{
> +	struct udevice *dev = gd->arch.scu_dev;
> +	struct sc_rpc_msg_s msg;
> +	int size = sizeof(struct sc_rpc_msg_s);
> +	int ret;
> +
> +	/* Fill in header */
> +	RPC_VER(&msg) = SC_RPC_VERSION;
> +	RPC_SIZE(&msg) = 2U;
> +	RPC_SVC(&msg) = (u8)SC_RPC_SVC_SECO;
> +	RPC_FUNC(&msg) = (u8)SECO_FUNC_COMMIT;
> +
> +	/* Fill in send message */
> +	RPC_U32(&msg, 0U) = *info;
> +
> +	/* Call RPC */
> +	ret = misc_call(dev, SC_FALSE, &msg, size, &msg, size);
> +
> +	/* Copy out result */
> +	ret = (int)RPC_R8(&msg);
> +
> +	/* Copy out receive message */
> +	if (!ret)
> +		*info = RPC_U32(&msg, 0U);
> +
> +	/* Return result */

Do we really need this comment?

> +	return ret;
> +}

bye,
Heiko
-- 
Nabla Software Engineering
HRB 40522 Augsburg
Phone: +49 821 45592596
E-Mail: office at nabladev.com
Geschäftsführer : Stefano Babic


More information about the U-Boot mailing list