diff options
author | Patrick Delaunay <patrick.delaunay@st.com> | 2020-02-12 19:37:38 +0100 |
---|---|---|
committer | Patrick Delaunay <patrick.delaunay@st.com> | 2020-03-24 14:05:35 +0100 |
commit | 7ae22d72781de76b3c23b018a3fccc172e9875de (patch) | |
tree | 44288593d3a084fa1b2a13288f38a6d663a5b6e9 /doc | |
parent | df2d1b8fc472bd0c7ec20d86337d437241d9b013 (diff) | |
download | u-boot-7ae22d72781de76b3c23b018a3fccc172e9875de.tar.gz |
arm: stm32mp: bsec: add permanent lock support in bsec driver
Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver.
The write access only available for Trusted boot mode, based on new
SMC STM32_SMC_WRLOCK_OTP.
With the fuse command, the permanent lock status is accessed with
0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program
divided by u32 size), for example:
Read lock status of fuse 57 (0x39)
STM32MP> fuse sense 0 0x10000039 1
Sensing bank 0:
Word 0x10000039: 00000000
Set permanent lock of fuse 57 (0x39)
STM32MP> fuse prog 0 0x10000039 1
Sensing bank 0:
Word 0x10000039: 00000000
WARNING: the OTP lock is updated only after reboot
WARING: Programming lock or fuses is an irreversible operation!
This may brick your system.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/board/st/stm32mp1.rst | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst index 1640bf910e..ee42af6579 100644 --- a/doc/board/st/stm32mp1.rst +++ b/doc/board/st/stm32mp1.rst @@ -416,20 +416,26 @@ For STMicroelectonics board, it is retrieved in STM32MP15x OTP : - OTP_58[15:0] = MAC_ADDR[47:32] To program a MAC address on virgin OTP words above, you can use the fuse command -on bank 0 to access to internal OTP: +on bank 0 to access to internal OTP and lock them: Prerequisite: check if a MAC address isn't yet programmed in OTP -1) check OTP: their value must be equal to 0 +1) check OTP: their value must be equal to 0:: - STM32MP> fuse sense 0 57 2 - Sensing bank 0: - Word 0x00000039: 00000000 00000000 + STM32MP> fuse sense 0 57 2 + Sensing bank 0: + Word 0x00000039: 00000000 00000000 + +2) check environment variable:: + + STM32MP> env print ethaddr + ## Error: "ethaddr" not defined -2) check environment variable +3) check lock status of fuse 57 & 58 (at 0x39, 0=unlocked, 1=locked):: - STM32MP> env print ethaddr - ## Error: "ethaddr" not defined + STM32MP> fuse sense 0 0x10000039 2 + Sensing bank 0: + Word 0x10000039: 00000000 00000000 Example to set mac address "12:34:56:78:9a:bc" @@ -443,11 +449,19 @@ Example to set mac address "12:34:56:78:9a:bc" Sensing bank 0: Word 0x00000039: 78563412 0000bc9a -3) next REBOOT, in the trace:: +3) Lock OTP:: + + STM32MP> fuse prog 0 0x10000039 1 1 + + STM32MP> fuse sense 0 0x10000039 2 + Sensing bank 0: + Word 0x10000039: 00000001 00000001 + +4) next REBOOT, in the trace:: ### Setting environment from OTP MAC address = "12:34:56:78:9a:bc" -4) check env update:: +5) check env update:: STM32MP> env print ethaddr ethaddr=12:34:56:78:9a:bc |