From: Denis Osterland-Heim <denis.osterland@diehl.com>
To: "barebox@lists.infradead.org" <barebox@lists.infradead.org>
Subject: [PATCH] nvmem: ocotp: add support to revoke keys
Date: Thu, 11 Mar 2021 17:07:21 +0000 [thread overview]
Message-ID: <20210311170403.22671-1-denis.osterland@diehl.com> (raw)
From: Denis Osterland-Heim <Denis.Osterland@diehl.com>
Add device tree property 'barebox,key-revoke' with the syntax:
< key_phandle fuse_offset mask >
An example:
signature {
key1: key-img1 { ... };
key2: key-srk1 { ... };
};
};
&ocotp {
barebox,key-revoke = <
&key1 0x660 1
&key2 0x6f0 1
>;
};
Signed-off-by: Denis Osterland-Heim <Denis.Osterland@diehl.com>
---
.../bindings/misc/fsl,imx-ocotp.rst | 4 ++
drivers/nvmem/ocotp.c | 37 ++++++++++++++++++-
2 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst
index 202bb3aa0..63a6f5331 100644
--- a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst
+++ b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst
@@ -12,6 +12,9 @@ Optional properties:
can be multiple entries in the form <&phandle regofs> to assign a MAC
address to an Ethernet device.
+* ``barebox,key-revoke``: Revoke (remove) key if bit is set. This can be multiple
+ entries in the form <&phandle regofs mask> to revoke a key if bit is set.
+
Example:
.. code-block:: none
@@ -20,4 +23,5 @@ Example:
compatible = "fsl,imx6q-ocotp";
reg = <0x021bc000 0x4000>;
barebox,provide-mac-address = <&fec 0x620>;
+ barebox,key-revoke = <&/signature/key-img1 0x6f0 1>;
};
diff --git a/drivers/nvmem/ocotp.c b/drivers/nvmem/ocotp.c
index cee50955e..00ee6cd06 100644
--- a/drivers/nvmem/ocotp.c
+++ b/drivers/nvmem/ocotp.c
@@ -641,7 +641,7 @@ static struct regmap_bus imx_ocotp_regmap_bus = {
.reg_read = imx_ocotp_reg_read,
};
-static void imx_ocotp_init_dt(struct ocotp_priv *priv)
+static void imx_ocotp_init_mac_dt(struct ocotp_priv *priv)
{
char mac[MAC_BYTES];
const __be32 *prop;
@@ -673,6 +673,38 @@ static void imx_ocotp_init_dt(struct ocotp_priv *priv)
}
}
+static void imx_ocotp_init_key_dt(struct ocotp_priv *priv)
+{
+const __be32 *prop;
+struct device_node *node = priv->dev.parent->device_node;
+int len;
+
+if (!node)
+return;
+
+prop = of_get_property(node, "barebox,key-revoke", &len);
+if (!prop)
+return;
+
+for (; len >= 3; len -= 3) {
+struct device_node *rnode;
+uint32_t phandle, offset, mask;
+unsigned val;
+
+phandle = be32_to_cpup(prop++);
+
+rnode = of_find_node_by_phandle(phandle);
+offset = be32_to_cpup(prop++);
+mask = be32_to_cpup(prop++);
+
+if (imx6_ocotp_read_one_u32(priv, OCOTP_OFFSET_TO_INDEX(offset), &val))
+continue;
+
+if (val & mask)
+of_delete_node(rnode);
+}
+}
+
static int imx_ocotp_write(struct device_d *dev, const int offset,
const void *val, int bytes)
{
@@ -790,7 +822,8 @@ static int imx_ocotp_probe(struct device_d *dev)
if (IS_ENABLED(CONFIG_MACHINE_ID))
imx_ocotp_set_unique_machine_id();
-imx_ocotp_init_dt(priv);
+imx_ocotp_init_mac_dt(priv);
+imx_ocotp_init_key_dt(priv);
dev_add_param_bool(&(priv->dev), "sense_enable", NULL, NULL, &priv->sense_enable, priv);
--
2.30.2
Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315
________________________________
Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
- Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
https://www.diehl.com/group/de/transparenz-und-informationspflichten/
The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
- For general information on data protection and your respective rights please visit:
https://www.diehl.com/group/en/transparency-and-information-obligations/
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next reply other threads:[~2021-03-11 17:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-11 17:07 Denis Osterland-Heim [this message]
2021-03-12 10:15 ` Rouven Czerwinski
2021-03-12 14:39 ` Denis Osterland-Heim
2021-03-15 8:04 ` Sascha Hauer
2021-03-16 8:03 ` Denis Osterland-Heim
2021-03-16 8:11 ` sha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210311170403.22671-1-denis.osterland@diehl.com \
--to=denis.osterland@diehl.com \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox