projects / platform / kernel / u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d3551b8) | patch
stm32mp: cmd_stm32key: add subcommand close
authorPatrick Delaunay <patrick.delaunay@foss.st.com>
Mon, 28 Jun 2021 12:56:03 +0000 (14:56 +0200)
committerPatrick Delaunay <patrick.delaunay@foss.st.com>
Fri, 16 Jul 2021 07:28:46 +0000 (09:28 +0200)
commit80cfc6c692d2616d17ab4ed648fe93c4faec61d5
treeed38a1d6dcf836fa1d30e2706ed4af94dadceed3tree | snapshot
parentd3551b8eef99f7d239ee7609a6c0d1b057c38a4fcommit | diff
stm32mp: cmd_stm32key: add subcommand close

The expected sequence to close the device

1/ Load key in DDR with any supported load command
2/ Update OTP with key: STM32MP> stm32key read <addr>

At this point the device is able to perform image authentication but
non-authenticated images can still be used and executed.
So it is the last moment to test boot with signed binary and
check that the ROM code accepts them.

3/ Close the device: only signed binary will be accepted !!
   STM32MP> stm32key close

Warning: Programming these OTP is an irreversible operation!
         This may brick your system if the HASH of key is invalid

This command should be deactivated by default in real product.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
arch/arm/mach-stm32mp/cmd_stm32key.c diff | blob | history
Domain: System / Kernel;