From: Sascha Hauer <s.hauer@pengutronix.de>
To: Marco Felsch <m.felsch@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 1/9] i.MX: HABv4: fix SRK_LOCK for i.MX8M devices
Date: Fri, 14 Jun 2024 09:50:03 +0200 [thread overview]
Message-ID: <Zmv2KyQq3ACxksc_@pengutronix.de> (raw)
In-Reply-To: <20240613130944.264396-1-m.felsch@pengutronix.de>
On Thu, Jun 13, 2024 at 03:09:36PM +0200, Marco Felsch wrote:
> All current known i.MX8M devices: i.MX8MQ, i.MX8MP, i.MX8MN, i.MX8MM use
> an other fuse to lock the SRK hash. Fix this by refactoring
This looks a bit inaccurate or misleading. What you want to say is that
all known i.MX8M devices use the same fuse to lock the SRK hash, but
it's another one than used on i.MX6.
Sascha
> imx_hab_write_srk_hash_ocotp() and make the lock fusing device specific.
>
> Fixes: 6c4d5bb5acfe ("i.MX: HABv4: implement interface for i.MX8MQ")
> Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
> ---
> drivers/hab/hab.c | 34 +++++++++++++++++++++++++++++---
> include/mach/imx/ocotp-fusemap.h | 1 +
> 2 files changed, 32 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
> index ed091058d8fb..28a091841a69 100644
> --- a/drivers/hab/hab.c
> +++ b/drivers/hab/hab.c
> @@ -128,7 +128,7 @@ static int imx_hab_read_srk_hash_ocotp(u8 *__srk)
> return 0;
> }
>
> -static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
> +static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk)
> {
> u32 *newsrk = (u32 *)__newsrk;
> int ret, i;
> @@ -139,6 +139,17 @@ static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
> return ret;
> }
>
> + return 0;
> +}
> +
> +static int imx6_hab_write_srk_hash_ocotp(const u8 *newsrk, unsigned flags)
> +{
> + int ret;
> +
> + ret = imx_hab_write_srk_hash_ocotp(newsrk);
> + if (ret)
> + return ret;
> +
> if (flags & IMX_SRK_HASH_WRITE_LOCK) {
> ret = imx_ocotp_write_field(OCOTP_SRK_LOCK, 1);
> if (ret < 0)
> @@ -148,6 +159,23 @@ static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
> return 0;
> }
>
> +static int imx8m_hab_write_srk_hash_ocotp(const u8 *newsrk, unsigned flags)
> +{
> + int ret;
> +
> + ret = imx_hab_write_srk_hash_ocotp(newsrk);
> + if (ret)
> + return ret;
> +
> + if (flags & IMX_SRK_HASH_WRITE_LOCK) {
> + ret = imx_ocotp_write_field(MX8M_OCOTP_SRK_LOCK, 1);
> + if (ret < 0)
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> static int imx_hab_permanent_write_enable_ocotp(int enable)
> {
> return imx_ocotp_permanent_write(enable);
> @@ -222,7 +250,7 @@ static struct imx_hab_ops imx_hab_ops_iim = {
> };
>
> static struct imx_hab_ops imx6_hab_ops_ocotp = {
> - .write_srk_hash = imx_hab_write_srk_hash_ocotp,
> + .write_srk_hash = imx6_hab_write_srk_hash_ocotp,
> .read_srk_hash = imx_hab_read_srk_hash_ocotp,
> .lockdown_device = imx6_hab_lockdown_device_ocotp,
> .device_locked_down = imx6_hab_device_locked_down_ocotp,
> @@ -231,7 +259,7 @@ static struct imx_hab_ops imx6_hab_ops_ocotp = {
> };
>
> static struct imx_hab_ops imx8m_hab_ops_ocotp = {
> - .write_srk_hash = imx_hab_write_srk_hash_ocotp,
> + .write_srk_hash = imx8m_hab_write_srk_hash_ocotp,
> .read_srk_hash = imx_hab_read_srk_hash_ocotp,
> .lockdown_device = imx8m_hab_lockdown_device_ocotp,
> .device_locked_down = imx8m_hab_device_locked_down_ocotp,
> diff --git a/include/mach/imx/ocotp-fusemap.h b/include/mach/imx/ocotp-fusemap.h
> index 823273895502..c4f94e61e8f8 100644
> --- a/include/mach/imx/ocotp-fusemap.h
> +++ b/include/mach/imx/ocotp-fusemap.h
> @@ -54,6 +54,7 @@
> #define OCOTP_GP2 (OCOTP_WORD(0x670) | OCOTP_BIT(0) | OCOTP_WIDTH(32))
> #define OCOTP_PAD_SETTINGS (OCOTP_WORD(0x6d0) | OCOTP_BIT(0) | OCOTP_WIDTH(6))
> /* i.MX8M moved the security related fuses */
> +#define MX8M_OCOTP_SRK_LOCK (OCOTP_WORD(0x400) | OCOTP_BIT(9) | OCOTP_WIDTH(1))
> #define MX8M_OCOTP_SEC_CONFIG_1 (OCOTP_WORD(0x470) | OCOTP_BIT(25) | OCOTP_WIDTH(1))
> #define MX8MQ_OCOTP_DIR_BT_DIS (OCOTP_WORD(0x470) | OCOTP_BIT(27) | OCOTP_WIDTH(1))
>
> --
> 2.39.2
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2024-06-14 7:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-13 13:09 Marco Felsch
2024-06-13 13:09 ` [PATCH 2/9] nvmem: ocotp: add support to get/set srk_revoke sticky bit Marco Felsch
2024-06-13 13:09 ` [PATCH 3/9] nvmem: ocotp: add support to query the field-return " Marco Felsch
2024-06-13 13:09 ` [PATCH 4/9] hab: convert flags to use BIT() macro Marco Felsch
2024-06-13 13:09 ` [PATCH 5/9] i.MX: HAB: add imx_hab_revoke_key support Marco Felsch
2024-06-14 11:57 ` Sascha Hauer
2024-06-25 8:07 ` Marco Felsch
2024-06-13 13:09 ` [PATCH 6/9] i.MX: HABv4: add more i.MX8M fuse defines Marco Felsch
2024-06-13 13:09 ` [PATCH 7/9] i.MX8M: HABv4: add an option to allow key revocation Marco Felsch
2024-06-13 13:09 ` [PATCH 8/9] i.MX8M: HABv4: add option to allow burning the field-return fuse Marco Felsch
2024-06-13 13:09 ` [PATCH 9/9] i.MX: HAB: add imx_hab_field_return support Marco Felsch
2024-06-14 7:50 ` Sascha Hauer [this message]
2024-06-14 10:16 ` [PATCH 1/9] i.MX: HABv4: fix SRK_LOCK for i.MX8M devices Marco Felsch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zmv2KyQq3ACxksc_@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=m.felsch@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox