From 7ae22d72781de76b3c23b018a3fccc172e9875de Mon Sep 17 00:00:00 2001 From: Patrick Delaunay Date: Wed, 12 Feb 2020 19:37:38 +0100 Subject: arm: stm32mp: bsec: add permanent lock support in bsec driver Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver. The write access only available for Trusted boot mode, based on new SMC STM32_SMC_WRLOCK_OTP. With the fuse command, the permanent lock status is accessed with 0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program divided by u32 size), for example: Read lock status of fuse 57 (0x39) STM32MP> fuse sense 0 0x10000039 1 Sensing bank 0: Word 0x10000039: 00000000 Set permanent lock of fuse 57 (0x39) STM32MP> fuse prog 0 0x10000039 1 Sensing bank 0: Word 0x10000039: 00000000 WARNING: the OTP lock is updated only after reboot WARING: Programming lock or fuses is an irreversible operation! This may brick your system. Signed-off-by: Patrick Delaunay Acked-by: Patrice Chotard --- doc/board/st/stm32mp1.rst | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) (limited to 'doc') diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst index 1640bf9..ee42af6 100644 --- a/doc/board/st/stm32mp1.rst +++ b/doc/board/st/stm32mp1.rst @@ -416,20 +416,26 @@ For STMicroelectonics board, it is retrieved in STM32MP15x OTP : - OTP_58[15:0] = MAC_ADDR[47:32] To program a MAC address on virgin OTP words above, you can use the fuse command -on bank 0 to access to internal OTP: +on bank 0 to access to internal OTP and lock them: Prerequisite: check if a MAC address isn't yet programmed in OTP -1) check OTP: their value must be equal to 0 +1) check OTP: their value must be equal to 0:: - STM32MP> fuse sense 0 57 2 - Sensing bank 0: - Word 0x00000039: 00000000 00000000 + STM32MP> fuse sense 0 57 2 + Sensing bank 0: + Word 0x00000039: 00000000 00000000 + +2) check environment variable:: + + STM32MP> env print ethaddr + ## Error: "ethaddr" not defined -2) check environment variable +3) check lock status of fuse 57 & 58 (at 0x39, 0=unlocked, 1=locked):: - STM32MP> env print ethaddr - ## Error: "ethaddr" not defined + STM32MP> fuse sense 0 0x10000039 2 + Sensing bank 0: + Word 0x10000039: 00000000 00000000 Example to set mac address "12:34:56:78:9a:bc" @@ -443,11 +449,19 @@ Example to set mac address "12:34:56:78:9a:bc" Sensing bank 0: Word 0x00000039: 78563412 0000bc9a -3) next REBOOT, in the trace:: +3) Lock OTP:: + + STM32MP> fuse prog 0 0x10000039 1 1 + + STM32MP> fuse sense 0 0x10000039 2 + Sensing bank 0: + Word 0x10000039: 00000001 00000001 + +4) next REBOOT, in the trace:: ### Setting environment from OTP MAC address = "12:34:56:78:9a:bc" -4) check env update:: +5) check env update:: STM32MP> env print ethaddr ethaddr=12:34:56:78:9a:bc -- cgit v1.1