* [PATCH] nvmem: ocotp: add support to revoke keys
@ 2021-03-11 17:07 Denis Osterland-Heim
2021-03-12 10:15 ` Rouven Czerwinski
0 siblings, 1 reply; 6+ messages in thread
From: Denis Osterland-Heim @ 2021-03-11 17:07 UTC (permalink / raw)
To: barebox
From: Denis Osterland-Heim <Denis.Osterland@diehl.com>
Add device tree property 'barebox,key-revoke' with the syntax:
< key_phandle fuse_offset mask >
An example:
signature {
key1: key-img1 { ... };
key2: key-srk1 { ... };
};
};
&ocotp {
barebox,key-revoke = <
&key1 0x660 1
&key2 0x6f0 1
>;
};
Signed-off-by: Denis Osterland-Heim <Denis.Osterland@diehl.com>
---
.../bindings/misc/fsl,imx-ocotp.rst | 4 ++
drivers/nvmem/ocotp.c | 37 ++++++++++++++++++-
2 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst
index 202bb3aa0..63a6f5331 100644
--- a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst
+++ b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst
@@ -12,6 +12,9 @@ Optional properties:
can be multiple entries in the form <&phandle regofs> to assign a MAC
address to an Ethernet device.
+* ``barebox,key-revoke``: Revoke (remove) key if bit is set. This can be multiple
+ entries in the form <&phandle regofs mask> to revoke a key if bit is set.
+
Example:
.. code-block:: none
@@ -20,4 +23,5 @@ Example:
compatible = "fsl,imx6q-ocotp";
reg = <0x021bc000 0x4000>;
barebox,provide-mac-address = <&fec 0x620>;
+ barebox,key-revoke = <&/signature/key-img1 0x6f0 1>;
};
diff --git a/drivers/nvmem/ocotp.c b/drivers/nvmem/ocotp.c
index cee50955e..00ee6cd06 100644
--- a/drivers/nvmem/ocotp.c
+++ b/drivers/nvmem/ocotp.c
@@ -641,7 +641,7 @@ static struct regmap_bus imx_ocotp_regmap_bus = {
.reg_read = imx_ocotp_reg_read,
};
-static void imx_ocotp_init_dt(struct ocotp_priv *priv)
+static void imx_ocotp_init_mac_dt(struct ocotp_priv *priv)
{
char mac[MAC_BYTES];
const __be32 *prop;
@@ -673,6 +673,38 @@ static void imx_ocotp_init_dt(struct ocotp_priv *priv)
}
}
+static void imx_ocotp_init_key_dt(struct ocotp_priv *priv)
+{
+const __be32 *prop;
+struct device_node *node = priv->dev.parent->device_node;
+int len;
+
+if (!node)
+return;
+
+prop = of_get_property(node, "barebox,key-revoke", &len);
+if (!prop)
+return;
+
+for (; len >= 3; len -= 3) {
+struct device_node *rnode;
+uint32_t phandle, offset, mask;
+unsigned val;
+
+phandle = be32_to_cpup(prop++);
+
+rnode = of_find_node_by_phandle(phandle);
+offset = be32_to_cpup(prop++);
+mask = be32_to_cpup(prop++);
+
+if (imx6_ocotp_read_one_u32(priv, OCOTP_OFFSET_TO_INDEX(offset), &val))
+continue;
+
+if (val & mask)
+of_delete_node(rnode);
+}
+}
+
static int imx_ocotp_write(struct device_d *dev, const int offset,
const void *val, int bytes)
{
@@ -790,7 +822,8 @@ static int imx_ocotp_probe(struct device_d *dev)
if (IS_ENABLED(CONFIG_MACHINE_ID))
imx_ocotp_set_unique_machine_id();
-imx_ocotp_init_dt(priv);
+imx_ocotp_init_mac_dt(priv);
+imx_ocotp_init_key_dt(priv);
dev_add_param_bool(&(priv->dev), "sense_enable", NULL, NULL, &priv->sense_enable, priv);
--
2.30.2
Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315
________________________________
Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
- Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter:
https://www.diehl.com/group/de/transparenz-und-informationspflichten/
The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited.
- For general information on data protection and your respective rights please visit:
https://www.diehl.com/group/en/transparency-and-information-obligations/
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] nvmem: ocotp: add support to revoke keys 2021-03-11 17:07 [PATCH] nvmem: ocotp: add support to revoke keys Denis Osterland-Heim @ 2021-03-12 10:15 ` Rouven Czerwinski 2021-03-12 14:39 ` Denis Osterland-Heim 0 siblings, 1 reply; 6+ messages in thread From: Rouven Czerwinski @ 2021-03-12 10:15 UTC (permalink / raw) To: Denis Osterland-Heim, barebox Hello Denis, On Thu, 2021-03-11 at 17:07 +0000, Denis Osterland-Heim wrote: > From: Denis Osterland-Heim <Denis.Osterland@diehl.com> > > Add device tree property 'barebox,key-revoke' with the syntax: > < key_phandle fuse_offset mask > > > An example: > signature { > key1: key-img1 { ... }; > key2: key-srk1 { ... }; > }; > }; > &ocotp { > barebox,key-revoke = < > &key1 0x660 1 > &key2 0x6f0 1 > > ; > }; I think using device tree properties for this is a bad idea. This should rather be implemented as a revoke argument to the hab command. Revocation can than be done within a bootup script during barebox start. Regards, Rouven > Signed-off-by: Denis Osterland-Heim <Denis.Osterland@diehl.com> > --- > .../bindings/misc/fsl,imx-ocotp.rst | 4 ++ > drivers/nvmem/ocotp.c | 37 ++++++++++++++++++- > 2 files changed, 39 insertions(+), 2 deletions(-) > > diff --git a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst > index 202bb3aa0..63a6f5331 100644 > --- a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst > +++ b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst > @@ -12,6 +12,9 @@ Optional properties: > can be multiple entries in the form <&phandle regofs> to assign a MAC > address to an Ethernet device. > > +* ``barebox,key-revoke``: Revoke (remove) key if bit is set. This can be multiple > + entries in the form <&phandle regofs mask> to revoke a key if bit is set. > + > Example: > > .. code-block:: none > @@ -20,4 +23,5 @@ Example: > compatible = "fsl,imx6q-ocotp"; > reg = <0x021bc000 0x4000>; > barebox,provide-mac-address = <&fec 0x620>; > + barebox,key-revoke = <&/signature/key-img1 0x6f0 1>; > }; > diff --git a/drivers/nvmem/ocotp.c b/drivers/nvmem/ocotp.c > index cee50955e..00ee6cd06 100644 > --- a/drivers/nvmem/ocotp.c > +++ b/drivers/nvmem/ocotp.c > @@ -641,7 +641,7 @@ static struct regmap_bus imx_ocotp_regmap_bus = { > .reg_read = imx_ocotp_reg_read, > }; > > -static void imx_ocotp_init_dt(struct ocotp_priv *priv) > +static void imx_ocotp_init_mac_dt(struct ocotp_priv *priv) > { > char mac[MAC_BYTES]; > const __be32 *prop; > @@ -673,6 +673,38 @@ static void imx_ocotp_init_dt(struct ocotp_priv *priv) > } > } > > +static void imx_ocotp_init_key_dt(struct ocotp_priv *priv) > +{ > +const __be32 *prop; > +struct device_node *node = priv->dev.parent->device_node; > +int len; > + > +if (!node) > +return; > + > +prop = of_get_property(node, "barebox,key-revoke", &len); > +if (!prop) > +return; > + > +for (; len >= 3; len -= 3) { > +struct device_node *rnode; > +uint32_t phandle, offset, mask; > +unsigned val; > + > +phandle = be32_to_cpup(prop++); > + > +rnode = of_find_node_by_phandle(phandle); > +offset = be32_to_cpup(prop++); > +mask = be32_to_cpup(prop++); > + > +if (imx6_ocotp_read_one_u32(priv, OCOTP_OFFSET_TO_INDEX(offset), &val)) > +continue; > + > +if (val & mask) > +of_delete_node(rnode); > +} > +} > + > static int imx_ocotp_write(struct device_d *dev, const int offset, > const void *val, int bytes) > { > @@ -790,7 +822,8 @@ static int imx_ocotp_probe(struct device_d *dev) > if (IS_ENABLED(CONFIG_MACHINE_ID)) > imx_ocotp_set_unique_machine_id(); > > -imx_ocotp_init_dt(priv); > +imx_ocotp_init_mac_dt(priv); > +imx_ocotp_init_key_dt(priv); > > dev_add_param_bool(&(priv->dev), "sense_enable", NULL, NULL, &priv->sense_enable, priv); > > -- > 2.30.2 > > Diehl Connectivity Solutions GmbH > Geschäftsführung: Horst Leonberger > Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht > Nürnberg: HRB 32315 > > ________________________________ > > Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. > Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht. > Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt. > > - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter: > > https://www.diehl.com/group/de/transparenz-und-informationspflichten/ > > The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by > mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. > > - For general information on data protection and your respective rights please visit: > > https://www.diehl.com/group/en/transparency-and-information-obligations/ > > > > _______________________________________________ > barebox mailing list > barebox@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/barebox > _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nvmem: ocotp: add support to revoke keys 2021-03-12 10:15 ` Rouven Czerwinski @ 2021-03-12 14:39 ` Denis Osterland-Heim 2021-03-15 8:04 ` Sascha Hauer 0 siblings, 1 reply; 6+ messages in thread From: Denis Osterland-Heim @ 2021-03-12 14:39 UTC (permalink / raw) To: r.czerwinski, barebox Hi, It would be no problem to do it in a script. I did it as a fist prove of concept. My opinion is, that this hard coded implementation give stronger guarantee that this code is really executed. I would love to implement the HAB to check FIT signatures, but with MMU enabled it will not work AFAIK and code requiring MMU disabled is not welcome. This implementation allows you to utilize any fuse to revoke a key independent from HAB. The 0x660 from the example is GP1. Regards, Denis Am Freitag, den 12.03.2021, 11:15 +0100 schrieb Rouven Czerwinski: > Hello Denis, > > On Thu, 2021-03-11 at 17:07 +0000, Denis Osterland-Heim wrote: > > From: Denis Osterland-Heim <Denis.Osterland@diehl.com> > > > > Add device tree property 'barebox,key-revoke' with the syntax: > > < key_phandle fuse_offset mask > > > > > An example: > > signature { > > key1: key-img1 { ... }; > > key2: key-srk1 { ... }; > > }; > > }; > > &ocotp { > > barebox,key-revoke = < > > &key1 0x660 1 > > &key2 0x6f0 1 > > > ; > > > > }; > > I think using device tree properties for this is a bad idea. This > should rather be implemented as a revoke argument to the hab command. > Revocation can than be done within a bootup script during barebox > start. > > Regards, > Rouven > > > Signed-off-by: Denis Osterland-Heim <Denis.Osterland@diehl.com> > > --- > > .../bindings/misc/fsl,imx-ocotp.rst | 4 ++ > > drivers/nvmem/ocotp.c | 37 ++++++++++++++++++- > > 2 files changed, 39 insertions(+), 2 deletions(-) > > > > diff --git a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst > > index 202bb3aa0..63a6f5331 100644 > > --- a/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst > > +++ b/Documentation/devicetree/bindings/misc/fsl,imx-ocotp.rst > > @@ -12,6 +12,9 @@ Optional properties: > > can be multiple entries in the form <&phandle regofs> to assign a MAC > > address to an Ethernet device. > > > > +* ``barebox,key-revoke``: Revoke (remove) key if bit is set. This can be multiple > > + entries in the form <&phandle regofs mask> to revoke a key if bit is set. > > + > > Example: > > > > .. code-block:: none > > @@ -20,4 +23,5 @@ Example: > > compatible = "fsl,imx6q-ocotp"; > > reg = <0x021bc000 0x4000>; > > barebox,provide-mac-address = <&fec 0x620>; > > + barebox,key-revoke = <&/signature/key-img1 0x6f0 1>; > > }; > > diff --git a/drivers/nvmem/ocotp.c b/drivers/nvmem/ocotp.c > > index cee50955e..00ee6cd06 100644 > > --- a/drivers/nvmem/ocotp.c > > +++ b/drivers/nvmem/ocotp.c > > @@ -641,7 +641,7 @@ static struct regmap_bus imx_ocotp_regmap_bus = { > > .reg_read = imx_ocotp_reg_read, > > }; > > > > -static void imx_ocotp_init_dt(struct ocotp_priv *priv) > > +static void imx_ocotp_init_mac_dt(struct ocotp_priv *priv) > > { > > char mac[MAC_BYTES]; > > const __be32 *prop; > > @@ -673,6 +673,38 @@ static void imx_ocotp_init_dt(struct ocotp_priv *priv) > > } > > } > > > > +static void imx_ocotp_init_key_dt(struct ocotp_priv *priv) > > +{ > > +const __be32 *prop; > > +struct device_node *node = priv->dev.parent->device_node; > > +int len; > > + > > +if (!node) > > +return; > > + > > +prop = of_get_property(node, "barebox,key-revoke", &len); > > +if (!prop) > > +return; > > + > > +for (; len >= 3; len -= 3) { > > +struct device_node *rnode; > > +uint32_t phandle, offset, mask; > > +unsigned val; > > + > > +phandle = be32_to_cpup(prop++); > > + > > +rnode = of_find_node_by_phandle(phandle); > > +offset = be32_to_cpup(prop++); > > +mask = be32_to_cpup(prop++); > > + > > +if (imx6_ocotp_read_one_u32(priv, OCOTP_OFFSET_TO_INDEX(offset), &val)) > > +continue; > > + > > +if (val & mask) > > +of_delete_node(rnode); > > +} > > +} > > + > > static int imx_ocotp_write(struct device_d *dev, const int offset, > > const void *val, int bytes) > > { > > @@ -790,7 +822,8 @@ static int imx_ocotp_probe(struct device_d *dev) > > if (IS_ENABLED(CONFIG_MACHINE_ID)) > > imx_ocotp_set_unique_machine_id(); > > > > -imx_ocotp_init_dt(priv); > > +imx_ocotp_init_mac_dt(priv); > > +imx_ocotp_init_key_dt(priv); > > > > dev_add_param_bool(&(priv->dev), "sense_enable", NULL, NULL, &priv->sense_enable, priv); > > > > -- > > 2.30.2 > > > > Diehl Connectivity Solutions GmbH > > Geschäftsführung: Horst Leonberger > > Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht > > Nürnberg: HRB 32315 > > > > ________________________________ > > > > Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. > > Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht. > > Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt. > > > > - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter: > > > > https://www.diehl.com/group/de/transparenz-und-informationspflichten/ > > > > The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by > > mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. > > > > - For general information on data protection and your respective rights please visit: > > > > https://www.diehl.com/group/en/transparency-and-information-obligations/ > > > > > > > > _______________________________________________ > > barebox mailing list > > barebox@lists.infradead.org > > http://lists.infradead.org/mailman/listinfo/barebox > > > > Diehl Connectivity Solutions GmbH Geschäftsführung: Horst Leonberger Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht Nürnberg: HRB 32315 ________________________________ Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht. Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt. - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter: https://www.diehl.com/group/de/transparenz-und-informationspflichten/ The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. - For general information on data protection and your respective rights please visit: https://www.diehl.com/group/en/transparency-and-information-obligations/ _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nvmem: ocotp: add support to revoke keys 2021-03-12 14:39 ` Denis Osterland-Heim @ 2021-03-15 8:04 ` Sascha Hauer 2021-03-16 8:03 ` Denis Osterland-Heim 0 siblings, 1 reply; 6+ messages in thread From: Sascha Hauer @ 2021-03-15 8:04 UTC (permalink / raw) To: Denis Osterland-Heim; +Cc: r.czerwinski, barebox Hi Denis, On Fri, Mar 12, 2021 at 02:39:40PM +0000, Denis Osterland-Heim wrote: > Hi, > > It would be no problem to do it in a script. > I did it as a fist prove of concept. > My opinion is, that this hard coded implementation give stronger > guarantee that this code is really executed. You could also create a C function which you call from your board code. > > I would love to implement the HAB to check FIT signatures, > but with MMU enabled it will not work AFAIK and code requiring MMU disabled is not welcome. Are you sure it doesn't work? What I know is that the jump table for the HAB function is placed in the zero page which is set to faulting normally when the MMU is enabled. If that's the only problem we could solve that. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nvmem: ocotp: add support to revoke keys 2021-03-15 8:04 ` Sascha Hauer @ 2021-03-16 8:03 ` Denis Osterland-Heim 2021-03-16 8:11 ` sha 0 siblings, 1 reply; 6+ messages in thread From: Denis Osterland-Heim @ 2021-03-16 8:03 UTC (permalink / raw) To: sha; +Cc: r.czerwinski, barebox Hi Sascha, Am Montag, den 15.03.2021, 09:04 +0100 schrieb Sascha Hauer: > Hi Denis, > > On Fri, Mar 12, 2021 at 02:39:40PM +0000, Denis Osterland-Heim wrote: > > Hi, > > > > It would be no problem to do it in a script. > > I did it as a fist prove of concept. > > My opinion is, that this hard coded implementation give stronger > > guarantee that this code is really executed. > > You could also create a C function which you call from your board code. good Idea > > > > > I would love to implement the HAB to check FIT signatures, > > but with MMU enabled it will not work AFAIK and code requiring MMU disabled is not welcome. > > Are you sure it doesn't work? What I know is that the jump table for the > HAB function is placed in the zero page which is set to faulting > normally when the MMU is enabled. If that's the only problem we could > solve that. I would like to give it a try. enable CONFIG_ARCH_HAS_ZERO_PAGE zero_page_access(); pvt->some_function(); zero_page_faulting(); right? Regards, Denis > > Sascha > > Diehl Connectivity Solutions GmbH Geschäftsführung: Horst Leonberger Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht Nürnberg: HRB 32315 ________________________________ Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht. Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt. - Informationen zum Datenschutz, insbesondere zu Ihren Rechten, erhalten Sie unter: https://www.diehl.com/group/de/transparenz-und-informationspflichten/ The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. - For general information on data protection and your respective rights please visit: https://www.diehl.com/group/en/transparency-and-information-obligations/ _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nvmem: ocotp: add support to revoke keys 2021-03-16 8:03 ` Denis Osterland-Heim @ 2021-03-16 8:11 ` sha 0 siblings, 0 replies; 6+ messages in thread From: sha @ 2021-03-16 8:11 UTC (permalink / raw) To: Denis Osterland-Heim; +Cc: r.czerwinski, barebox On Tue, Mar 16, 2021 at 08:03:01AM +0000, Denis Osterland-Heim wrote: > Hi Sascha, > > Am Montag, den 15.03.2021, 09:04 +0100 schrieb Sascha Hauer: > > Hi Denis, > > > > On Fri, Mar 12, 2021 at 02:39:40PM +0000, Denis Osterland-Heim wrote: > > > Hi, > > > > > > It would be no problem to do it in a script. > > > I did it as a fist prove of concept. > > > My opinion is, that this hard coded implementation give stronger > > > guarantee that this code is really executed. > > > > You could also create a C function which you call from your board code. > good Idea > > > > > > > > > I would love to implement the HAB to check FIT signatures, > > > but with MMU enabled it will not work AFAIK and code requiring MMU disabled is not welcome. > > > > Are you sure it doesn't work? What I know is that the jump table for the > > HAB function is placed in the zero page which is set to faulting > > normally when the MMU is enabled. If that's the only problem we could > > solve that. > I would like to give it a try. > > enable CONFIG_ARCH_HAS_ZERO_PAGE > > zero_page_access(); > pvt->some_function(); > zero_page_faulting(); > > right? Yes, right. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-03-16 8:13 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-11 17:07 [PATCH] nvmem: ocotp: add support to revoke keys Denis Osterland-Heim 2021-03-12 10:15 ` Rouven Czerwinski 2021-03-12 14:39 ` Denis Osterland-Heim 2021-03-15 8:04 ` Sascha Hauer 2021-03-16 8:03 ` Denis Osterland-Heim 2021-03-16 8:11 ` sha
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox