Re: [PATCH v2 1/9] i.MX: HABv4: fix SRK_LOCK for i.MX8M devices

[Ahmad Fatoum <a.fatoum@pengutronix.de>]

Hi,

On 03.07.24 19:20, Marco Felsch wrote:
> The fuse to lock the SRK hash on i.MX8M* SoCs is different than the one
> used for the i.MX6 SoCs. Fix this by refactoring
> imx_hab_write_srk_hash_ocotp() and make the lock fusing SoC specific.
> 
> Fixes: 6c4d5bb5acfe ("i.MX: HABv4: implement interface for i.MX8MQ")
> Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

Sascha, can this go into master?

Thanks,
Ahmad

> ---
>  drivers/hab/hab.c                | 34 +++++++++++++++++++++++++++++++---
>  include/mach/imx/ocotp-fusemap.h |  1 +
>  2 files changed, 32 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
> index ed091058d8fb..28a091841a69 100644
> --- a/drivers/hab/hab.c
> +++ b/drivers/hab/hab.c
> @@ -128,7 +128,7 @@ static int imx_hab_read_srk_hash_ocotp(u8 *__srk)
>  	return 0;
>  }
>  
> -static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
> +static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk)
>  {
>  	u32 *newsrk = (u32 *)__newsrk;
>  	int ret, i;
> @@ -139,6 +139,17 @@ static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
>  			return ret;
>  	}
>  
> +	return 0;
> +}
> +
> +static int imx6_hab_write_srk_hash_ocotp(const u8 *newsrk, unsigned flags)
> +{
> +	int ret;
> +
> +	ret = imx_hab_write_srk_hash_ocotp(newsrk);
> +	if (ret)
> +		return ret;
> +
>  	if (flags & IMX_SRK_HASH_WRITE_LOCK) {
>  		ret = imx_ocotp_write_field(OCOTP_SRK_LOCK, 1);
>  		if (ret < 0)
> @@ -148,6 +159,23 @@ static int imx_hab_write_srk_hash_ocotp(const u8 *__newsrk, unsigned flags)
>  	return 0;
>  }
>  
> +static int imx8m_hab_write_srk_hash_ocotp(const u8 *newsrk, unsigned flags)
> +{
> +	int ret;
> +
> +	ret = imx_hab_write_srk_hash_ocotp(newsrk);
> +	if (ret)
> +		return ret;
> +
> +	if (flags & IMX_SRK_HASH_WRITE_LOCK) {
> +		ret = imx_ocotp_write_field(MX8M_OCOTP_SRK_LOCK, 1);
> +		if (ret < 0)
> +			return ret;
> +	}
> +
> +	return 0;
> +}
> +
>  static int imx_hab_permanent_write_enable_ocotp(int enable)
>  {
>  	return imx_ocotp_permanent_write(enable);
> @@ -222,7 +250,7 @@ static struct imx_hab_ops imx_hab_ops_iim = {
>  };
>  
>  static struct imx_hab_ops imx6_hab_ops_ocotp = {
> -	.write_srk_hash = imx_hab_write_srk_hash_ocotp,
> +	.write_srk_hash = imx6_hab_write_srk_hash_ocotp,
>  	.read_srk_hash =  imx_hab_read_srk_hash_ocotp,
>  	.lockdown_device = imx6_hab_lockdown_device_ocotp,
>  	.device_locked_down = imx6_hab_device_locked_down_ocotp,
> @@ -231,7 +259,7 @@ static struct imx_hab_ops imx6_hab_ops_ocotp = {
>  };
>  
>  static struct imx_hab_ops imx8m_hab_ops_ocotp = {
> -	.write_srk_hash = imx_hab_write_srk_hash_ocotp,
> +	.write_srk_hash = imx8m_hab_write_srk_hash_ocotp,
>  	.read_srk_hash =  imx_hab_read_srk_hash_ocotp,
>  	.lockdown_device = imx8m_hab_lockdown_device_ocotp,
>  	.device_locked_down = imx8m_hab_device_locked_down_ocotp,
> diff --git a/include/mach/imx/ocotp-fusemap.h b/include/mach/imx/ocotp-fusemap.h
> index 823273895502..c4f94e61e8f8 100644
> --- a/include/mach/imx/ocotp-fusemap.h
> +++ b/include/mach/imx/ocotp-fusemap.h
> @@ -54,6 +54,7 @@
>  #define OCOTP_GP2			(OCOTP_WORD(0x670) | OCOTP_BIT(0) | OCOTP_WIDTH(32))
>  #define OCOTP_PAD_SETTINGS		(OCOTP_WORD(0x6d0) | OCOTP_BIT(0) | OCOTP_WIDTH(6))
>  /* i.MX8M moved the security related fuses */
> +#define MX8M_OCOTP_SRK_LOCK		(OCOTP_WORD(0x400) | OCOTP_BIT(9) | OCOTP_WIDTH(1))
>  #define MX8M_OCOTP_SEC_CONFIG_1		(OCOTP_WORD(0x470) | OCOTP_BIT(25) | OCOTP_WIDTH(1))
>  #define MX8MQ_OCOTP_DIR_BT_DIS		(OCOTP_WORD(0x470) | OCOTP_BIT(27) | OCOTP_WIDTH(1))
>  
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |