stm32mp: cmd_stm32key: lock of PKH OTP after fuse

Lock the OTP value of key's hash after the command
$> stm32key fuse <address>

This operation forbids a second update of these OTP as they are
ECC protected in BSEC: any update of these OTP with a different value
causes a BSEC disturb error and the closed chip will be bricked.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>

diff --git a/arch/arm/mach-stm32mp/cmd_stm32key.c b/arch/arm/mach-stm32mp/cmd_stm32key.c
index 2529139..c4cb634 100644 (file)
--- a/arch/arm/mach-stm32mp/cmd_stm32key.c
+++ b/arch/arm/mach-stm32mp/cmd_stm32key.c
@@ -39,8 +39,9 @@ static int fuse_hash_value(u32 addr, bool print)
                return ret;
        }
 
-       for (i = 0; i < STM32_OTP_HASH_KEY_SIZE; i++) {
-               word = STM32_OTP_HASH_KEY_START + i;
+       for (i = 0, word = STM32_OTP_HASH_KEY_START;
+            i < STM32_OTP_HASH_KEY_SIZE;
+            i++, word++, addr += 4) {
                val = __be32_to_cpu(*(u32 *)addr);
                if (print)
                        printf("Fuse OTP %i : %x\n", word, val);
@@ -50,8 +51,13 @@ static int fuse_hash_value(u32 addr, bool print)
                        log_err("Fuse OTP %i failed\n", word);
                        return ret;
                }
-
-               addr += 4;
+               /* on success, lock the OTP for HASH key */
+               val = 1;
+               ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
+               if (ret != 4) {
+                       log_err("Lock OTP %i failed\n", word);
+                       return ret;
+               }
        }
 
        return 0;