summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPatrick Delaunay <patrick.delaunay@st.com>2020-02-12 19:37:38 +0100
committerPatrick Delaunay <patrick.delaunay@st.com>2020-03-24 14:05:35 +0100
commit7ae22d72781de76b3c23b018a3fccc172e9875de (patch)
tree44288593d3a084fa1b2a13288f38a6d663a5b6e9 /doc
parentdf2d1b8fc472bd0c7ec20d86337d437241d9b013 (diff)
downloadu-boot-7ae22d72781de76b3c23b018a3fccc172e9875de.tar.gz
arm: stm32mp: bsec: add permanent lock support in bsec driver
Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver. The write access only available for Trusted boot mode, based on new SMC STM32_SMC_WRLOCK_OTP. With the fuse command, the permanent lock status is accessed with 0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program divided by u32 size), for example: Read lock status of fuse 57 (0x39) STM32MP> fuse sense 0 0x10000039 1 Sensing bank 0: Word 0x10000039: 00000000 Set permanent lock of fuse 57 (0x39) STM32MP> fuse prog 0 0x10000039 1 Sensing bank 0: Word 0x10000039: 00000000 WARNING: the OTP lock is updated only after reboot WARING: Programming lock or fuses is an irreversible operation! This may brick your system. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Acked-by: Patrice Chotard <patrice.chotard@st.com>
Diffstat (limited to 'doc')
-rw-r--r--doc/board/st/stm32mp1.rst34
1 files changed, 24 insertions, 10 deletions
diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst
index 1640bf910e..ee42af6579 100644
--- a/doc/board/st/stm32mp1.rst
+++ b/doc/board/st/stm32mp1.rst
@@ -416,20 +416,26 @@ For STMicroelectonics board, it is retrieved in STM32MP15x OTP :
- OTP_58[15:0] = MAC_ADDR[47:32]
To program a MAC address on virgin OTP words above, you can use the fuse command
-on bank 0 to access to internal OTP:
+on bank 0 to access to internal OTP and lock them:
Prerequisite: check if a MAC address isn't yet programmed in OTP
-1) check OTP: their value must be equal to 0
+1) check OTP: their value must be equal to 0::
- STM32MP> fuse sense 0 57 2
- Sensing bank 0:
- Word 0x00000039: 00000000 00000000
+ STM32MP> fuse sense 0 57 2
+ Sensing bank 0:
+ Word 0x00000039: 00000000 00000000
+
+2) check environment variable::
+
+ STM32MP> env print ethaddr
+ ## Error: "ethaddr" not defined
-2) check environment variable
+3) check lock status of fuse 57 & 58 (at 0x39, 0=unlocked, 1=locked)::
- STM32MP> env print ethaddr
- ## Error: "ethaddr" not defined
+ STM32MP> fuse sense 0 0x10000039 2
+ Sensing bank 0:
+ Word 0x10000039: 00000000 00000000
Example to set mac address "12:34:56:78:9a:bc"
@@ -443,11 +449,19 @@ Example to set mac address "12:34:56:78:9a:bc"
Sensing bank 0:
Word 0x00000039: 78563412 0000bc9a
-3) next REBOOT, in the trace::
+3) Lock OTP::
+
+ STM32MP> fuse prog 0 0x10000039 1 1
+
+ STM32MP> fuse sense 0 0x10000039 2
+ Sensing bank 0:
+ Word 0x10000039: 00000001 00000001
+
+4) next REBOOT, in the trace::
### Setting environment from OTP MAC address = "12:34:56:78:9a:bc"
-4) check env update::
+5) check env update::
STM32MP> env print ethaddr
ethaddr=12:34:56:78:9a:bc