[PATCH 7/7] stm32mp: cmd_stm32key: add subcommand close

From: Patrick Delaunay <patrick.delaunay@foss.st.com>
To: <u-boot@lists.denx.de>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>,
	Patrice Chotard <patrice.chotard@foss.st.com>,
	U-Boot STM32 <uboot-stm32@st-md-mailman.stormreply.com>
Subject: [PATCH 7/7] stm32mp: cmd_stm32key: add subcommand close
Date: Mon, 28 Jun 2021 14:56:03 +0200	[thread overview]
Message-ID: <20210628145519.7.Ice24ec3430539077cefa5a43cb6245847db3871e@changeid> (raw)
In-Reply-To: <20210628125603.2936135-1-patrick.delaunay@foss.st.com>

The expected sequence to close the device

1/ Load key in DDR with any supported load command
2/ Update OTP with key: STM32MP> stm32key read <addr>

At this point the device is able to perform image authentication but
non-authenticated images can still be used and executed.
So it is the last moment to test boot with signed binary and
check that the ROM code accepts them.

3/ Close the device: only signed binary will be accepted !!
   STM32MP> stm32key close

Warning: Programming these OTP is an irreversible operation!
         This may brick your system if the HASH of key is invalid

This command should be deactivated by default in real product.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
---

 arch/arm/mach-stm32mp/cmd_stm32key.c | 54 ++++++++++++++++++++++++++--
 1 file changed, 52 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c b/arch/arm/mach-stm32mp/cmd_stm32key.c
index 8c8d476b65..50840b0f38 100644
--- a/arch/arm/mach-stm32mp/cmd_stm32key.c
+++ b/arch/arm/mach-stm32mp/cmd_stm32key.c
@@ -210,10 +210,60 @@ static int do_stm32key_fuse(struct cmd_tbl *cmdtp, int flag, int argc, char *con
 	return CMD_RET_SUCCESS;
 }
 
+static int do_stm32key_close(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	bool yes, lock, closed;
+	struct udevice *dev;
+	u32 val;
+	int ret;
+
+	yes = false;
+	if (argc == 2) {
+		if (strcmp(argv[1], "-y"))
+			return CMD_RET_USAGE;
+		yes = true;
+	}
+
+	ret = read_hash_otp(!yes, &lock, &closed);
+	if (ret) {
+		if (ret == -ENOENT)
+			printf("Error: OTP not programmed!\n");
+		return CMD_RET_FAILURE;
+	}
+
+	if (closed) {
+		printf("Error: already closed!\n");
+		return CMD_RET_FAILURE;
+	}
+
+	if (!lock)
+		printf("Warning: OTP not locked!\n");
+
+	if (!yes && !confirm_prog())
+		return CMD_RET_FAILURE;
+
+	ret = get_misc_dev(&dev);
+	if (ret)
+		return CMD_RET_FAILURE;
+
+	val = STM32_OTP_CLOSE_MASK;
+	ret = misc_write(dev, STM32_BSEC_OTP(STM32_OTP_CLOSE_ID), &val, 4);
+	if (ret != 4) {
+		printf("Error: can't update OTP\n");
+		return CMD_RET_FAILURE;
+	}
+
+	printf("Device is closed !\n");
+
+	return CMD_RET_SUCCESS;
+}
+
 static char stm32key_help_text[] =
 	"read [<addr>]: Read the hash stored at addr in memory or in OTP\n"
-	"stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n";
+	"stm32key fuse [-y] <addr> : Fuse hash stored at addr in OTP\n"
+	"stm32key close [-y] : Close the device, the hash stored in OTP\n";
 
 U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Fuse ST Hash key", stm32key_help_text,
 	U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read),
-	U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse));
+	U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse),
+	U_BOOT_SUBCMD_MKENT(close, 2, 0, do_stm32key_close));
-- 
2.25.1

