From: Marco Felsch <m.felsch@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: Marco Felsch <m.felsch@pengutronix.de>
Subject: [PATCH v2 1/9] i.MX: HABv4: fix SRK_LOCK for i.MX8M devices
Date: Wed, 03 Jul 2024 19:20:18 +0200 [thread overview]
Message-ID: <20240703-v2024-05-0-topic-hab-v2-1-17419aa5d3a3@pengutronix.de> (raw)
In-Reply-To: <20240703-v2024-05-0-topic-hab-v2-0-17419aa5d3a3@pengutronix.de>
The fuse to lock the SRK hash on i.MX8M* SoCs is different than the one
used for the i.MX6 SoCs. Fix this by refactoring
imx_hab_write_srk_hash_ocotp() and make the lock fusing SoC specific.
Fixes: 6c4d5bb5acfe ("i.MX: HABv4: implement interface for i.MX8MQ")
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
drivers/hab/hab.c | 34 +++++++++++++++++++++++++++++++---
include/mach/imx/ocotp-fusemap.h | 1 +
2 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index ed091058d8fb..28a091841a69 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -128,7 +128,7 @@ static int imx_hab_read_srk_hash_ocotp(u8 *__srk)
return 0;
}
-static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
+static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk)
{
u32 *newsrk = (u32 *)__newsrk;
int ret, i;
@@ -139,6 +139,17 @@ static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
return ret;
}
+ return 0;
+}
+
+static int imx6_hab_write_srk_hash_ocotp(const u8 *newsrk, unsigned flags)
+{
+ int ret;
+
+ ret = imx_hab_write_srk_hash_ocotp(newsrk);
+ if (ret)
+ return ret;
+
if (flags & IMX_SRK_HASH_WRITE_LOCK) {
ret = imx_ocotp_write_field(OCOTP_SRK_LOCK, 1);
if (ret < 0)
@@ -148,6 +159,23 @@ static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
return 0;
}
+static int imx8m_hab_write_srk_hash_ocotp(const u8 *newsrk, unsigned flags)
+{
+ int ret;
+
+ ret = imx_hab_write_srk_hash_ocotp(newsrk);
+ if (ret)
+ return ret;
+
+ if (flags & IMX_SRK_HASH_WRITE_LOCK) {
+ ret = imx_ocotp_write_field(MX8M_OCOTP_SRK_LOCK, 1);
+ if (ret < 0)
+ return ret;
+ }
+
+ return 0;
+}
+
static int imx_hab_permanent_write_enable_ocotp(int enable)
{
return imx_ocotp_permanent_write(enable);
@@ -222,7 +250,7 @@ static struct imx_hab_ops imx_hab_ops_iim = {
};
static struct imx_hab_ops imx6_hab_ops_ocotp = {
- .write_srk_hash = imx_hab_write_srk_hash_ocotp,
+ .write_srk_hash = imx6_hab_write_srk_hash_ocotp,
.read_srk_hash = imx_hab_read_srk_hash_ocotp,
.lockdown_device = imx6_hab_lockdown_device_ocotp,
.device_locked_down = imx6_hab_device_locked_down_ocotp,
@@ -231,7 +259,7 @@ static struct imx_hab_ops imx6_hab_ops_ocotp = {
};
static struct imx_hab_ops imx8m_hab_ops_ocotp = {
- .write_srk_hash = imx_hab_write_srk_hash_ocotp,
+ .write_srk_hash = imx8m_hab_write_srk_hash_ocotp,
.read_srk_hash = imx_hab_read_srk_hash_ocotp,
.lockdown_device = imx8m_hab_lockdown_device_ocotp,
.device_locked_down = imx8m_hab_device_locked_down_ocotp,
diff --git a/include/mach/imx/ocotp-fusemap.h b/include/mach/imx/ocotp-fusemap.h
index 823273895502..c4f94e61e8f8 100644
--- a/include/mach/imx/ocotp-fusemap.h
+++ b/include/mach/imx/ocotp-fusemap.h
@@ -54,6 +54,7 @@
#define OCOTP_GP2 (OCOTP_WORD(0x670) | OCOTP_BIT(0) | OCOTP_WIDTH(32))
#define OCOTP_PAD_SETTINGS (OCOTP_WORD(0x6d0) | OCOTP_BIT(0) | OCOTP_WIDTH(6))
/* i.MX8M moved the security related fuses */
+#define MX8M_OCOTP_SRK_LOCK (OCOTP_WORD(0x400) | OCOTP_BIT(9) | OCOTP_WIDTH(1))
#define MX8M_OCOTP_SEC_CONFIG_1 (OCOTP_WORD(0x470) | OCOTP_BIT(25) | OCOTP_WIDTH(1))
#define MX8MQ_OCOTP_DIR_BT_DIS (OCOTP_WORD(0x470) | OCOTP_BIT(27) | OCOTP_WIDTH(1))
--
2.39.2
next prev parent reply other threads:[~2024-07-03 17:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-03 17:20 [PATCH v2 0/9] i.MX8M HAB and OCOTP additions and fixes Marco Felsch
2024-07-03 17:20 ` Marco Felsch [this message]
2024-07-03 18:48 ` [PATCH v2 1/9] i.MX: HABv4: fix SRK_LOCK for i.MX8M devices Ahmad Fatoum
2024-07-03 17:20 ` [PATCH v2 2/9] nvmem: ocotp: add support to get/set srk_revoke sticky bit Marco Felsch
2024-07-03 17:20 ` [PATCH v2 3/9] nvmem: ocotp: add support to query the field-return " Marco Felsch
2024-07-03 17:20 ` [PATCH v2 4/9] hab: convert flags to use BIT() macro Marco Felsch
2024-07-03 17:20 ` [PATCH v2 5/9] i.MX: HAB: add imx_hab_revoke_key support Marco Felsch
2024-07-03 17:20 ` [PATCH v2 6/9] i.MX: HABv4: add more i.MX8M fuse defines Marco Felsch
2024-07-03 17:20 ` [PATCH v2 7/9] i.MX8M: HABv4: add an option to allow key revocation Marco Felsch
2024-07-03 18:29 ` Ahmad Fatoum
2024-07-04 8:15 ` Marco Felsch
2024-07-30 8:27 ` Ahmad Fatoum
2024-07-30 10:38 ` Marco Felsch
2024-07-03 17:20 ` [PATCH v2 8/9] i.MX8M: HABv4: add option to allow burning the field-return fuse Marco Felsch
2024-07-03 17:20 ` [PATCH v2 9/9] i.MX: HAB: add imx_hab_field_return support Marco Felsch
2024-07-15 9:09 ` (subset) [PATCH v2 0/9] i.MX8M HAB and OCOTP additions and fixes Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240703-v2024-05-0-topic-hab-v2-1-17419aa5d3a3@pengutronix.de \
--to=m.felsch@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox