[PATCHv2 2/3] cmd: SCP03: enable and provision command - Jorge Ramirez-Ortiz

From: Jorge Ramirez-Ortiz <jorge@foundries.io>
To: u-boot@lists.denx.de
Subject: [PATCHv2 2/3] cmd: SCP03: enable and provision command
Date: Sun,  7 Feb 2021 00:11:46 +0100	[thread overview]
Message-ID: <20210206231147.5368-2-jorge@foundries.io> (raw)
In-Reply-To: <20210206231147.5368-1-jorge@foundries.io>

Enable and provision the SCP03 keys on a TEE controlled secured elemt
from the U-Boot shell.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
---
 cmd/Kconfig  |  9 ++++++++
 cmd/Makefile |  3 +++
 cmd/scp03.c  | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 76 insertions(+)
 create mode 100644 cmd/scp03.c

diff --git a/cmd/Kconfig b/cmd/Kconfig
index 928a2a0a2d..4f990249b4 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -2021,6 +2021,15 @@ config HASH_VERIFY
 	help
 	  Add -v option to verify data against a hash.
 
+config CMD_SCP03
+	bool "scp03 - SCP03 enable and rotate/provision operations"
+	depends on SCP03
+	help
+	  Enables the SCP03 commands to activate I2C channel encryption and
+	  provision the SCP03 keys.
+	    scp03 enable
+	    scp03 provision
+
 config CMD_TPM_V1
 	bool
 
diff --git a/cmd/Makefile b/cmd/Makefile
index 176bf925fd..a7017e8452 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o
 # Android Verified Boot 2.0
 obj-$(CONFIG_CMD_AVB) += avb.o
 
+# Foundries.IO SCP03
+obj-$(CONFIG_CMD_SCP03) += scp03.o
+
 obj-$(CONFIG_ARM) += arm/
 obj-$(CONFIG_RISCV) += riscv/
 obj-$(CONFIG_SANDBOX) += sandbox/
diff --git a/cmd/scp03.c b/cmd/scp03.c
new file mode 100644
index 0000000000..07913dbd3e
--- /dev/null
+++ b/cmd/scp03.c
@@ -0,0 +1,64 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * (C) Copyright 2021, Foundries.IO
+ *
+ */
+
+#include <common.h>
+#include <command.h>
+#include <env.h>
+#include <scp03.h>
+
+int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc,
+		    char *const argv[])
+{
+	if (argc != 1)
+		return CMD_RET_USAGE;
+
+	if (tee_enable_scp03())
+		return CMD_RET_FAILURE;
+
+	return CMD_RET_SUCCESS;
+}
+
+int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc,
+		       char *const argv[])
+{
+	if (argc != 1)
+		return CMD_RET_USAGE;
+
+	if (tee_provision_scp03())
+		return CMD_RET_FAILURE;
+
+	return CMD_RET_SUCCESS;
+}
+
+static struct cmd_tbl cmd_scp03[] = {
+	U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""),
+	U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""),
+};
+
+static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc,
+		    char * const argv[])
+{
+	struct cmd_tbl *cp;
+
+	cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03));
+
+	argc--;
+	argv++;
+
+	if (!cp || argc > cp->maxargs)
+		return CMD_RET_USAGE;
+
+	if (flag == CMD_FLAG_REPEAT)
+		return CMD_RET_FAILURE;
+
+	return cp->cmd(cmdtp, flag, argc, argv);
+}
+
+U_BOOT_CMD(scp03, 2, 0, do_scp03,
+	   "Provides a command to enable SCP03 and provision the SCP03 keys\n",
+	   "\tenable    - enable SCP03\n"
+	   "\tprovision - provision SCP03\n"
+);
-- 
2.30.0
