imx: ele_ahab: Add ahab_commit command support

This message is used to commit into the fuses any new SRK revocation and
FW version information that have been found into the NXP (ELE FW) and
OEM containers.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

diff --git a/arch/arm/include/asm/mach-imx/ele_api.h b/arch/arm/include/asm/mach-imx/ele_api.h
index cfd4ecebb626d29ff7fa12787fa8ef4a9ba1f43f..a29b849d903a931e7348a70243ad178e3560d978 100644 (file)
--- a/arch/arm/include/asm/mach-imx/ele_api.h
+++ b/arch/arm/include/asm/mach-imx/ele_api.h
@@ -24,6 +24,7 @@
 #define ELE_GET_FW_VERSION_REQ (0x9D)
 #define ELE_RET_LIFECYCLE_UP_REQ (0xA0)
 #define ELE_GET_EVENTS_REQ (0xA2)
+#define ELE_COMMIT_REQ (0xA8)
 #define ELE_START_RNG (0xA3)
 #define ELE_GENERATE_DEK_BLOB (0xAF)
 #define ELE_ENABLE_PATCH_REQ (0xC3)
@@ -142,6 +143,7 @@ int ele_read_common_fuse(u16 fuse_id, u32 *fuse_words, u32 fuse_num, u32 *respon
 int ele_release_caam(u32 core_did, u32 *response);
 int ele_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response);
 int ele_get_events(u32 *events, u32 *events_cnt, u32 *response);
+int ele_commit(u16 fuse_id, u32 *response, u32 *info_type);
 int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size);
 int ele_dump_buffer(u32 *buffer, u32 buffer_length);
 int ele_get_info(struct ele_get_info_data *info, u32 *response);

diff --git a/arch/arm/mach-imx/ele_ahab.c b/arch/arm/mach-imx/ele_ahab.c
index 295c055ad0a9301ec36d4f5096b0627a6fdf0848..d02316ed6cb11b6f15c85bd1f6caaa1e8d8cd555 100644 (file)
--- a/arch/arm/mach-imx/ele_ahab.c
+++ b/arch/arm/mach-imx/ele_ahab.c
@@ -625,6 +625,29 @@ static int do_ahab_return_lifecycle(struct cmd_tbl *cmdtp, int flag, int argc, c
        return CMD_RET_SUCCESS;
 }
 
+static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc,
+                         char *const argv[])
+{
+       u32 index;
+       u32 resp;
+       u32 info_type;
+
+       if (argc < 2)
+               return CMD_RET_USAGE;
+
+       index = simple_strtoul(argv[1], NULL, 16);
+       printf("Commit index is 0x%x\n", index);
+
+       if (ele_commit(index, &resp, &info_type)) {
+               printf("Error in AHAB commit\n");
+               return -EIO;
+       }
+
+       printf("Ahab commit succeeded. Information type is 0x%x\n", info_type);
+
+       return 0;
+}
+
 U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
           "autenticate OS container via AHAB",
           "addr\n"
@@ -657,3 +680,9 @@ U_BOOT_CMD(ahab_return_lifecycle, CONFIG_SYS_MAXARGS, 1, do_ahab_return_lifecycl
           "addr\n"
           "addr - Return lifecycle message block signed by OEM SRK\n"
 );
+
+U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit,
+          "commit into the fuses any new SRK revocation and FW version information\n"
+          "that have been found into the NXP (ELE FW) and OEM containers",
+          ""
+);

diff --git a/drivers/misc/imx_ele/ele_api.c b/drivers/misc/imx_ele/ele_api.c
index 0c017734a4969ad0a5bb766c82c29a1cde62e295..e0ec22c7abf9fa8afa58d81c5f3a6ea439c909cb 100644 (file)
--- a/drivers/misc/imx_ele/ele_api.c
+++ b/drivers/misc/imx_ele/ele_api.c
@@ -528,6 +528,38 @@ int ele_start_rng(void)
        return ret;
 }
 
+int ele_commit(u16 fuse_id, u32 *response, u32 *info_type)
+{
+       struct udevice *dev = gd->arch.ele_dev;
+       int size = sizeof(struct ele_msg);
+       struct ele_msg msg;
+       int ret = 0;
+
+       if (!dev) {
+               printf("ele dev is not initialized\n");
+               return -ENODEV;
+       }
+
+       msg.version = ELE_VERSION;
+       msg.tag = ELE_CMD_TAG;
+       msg.size = 2;
+       msg.command = ELE_COMMIT_REQ;
+       msg.data[0] = fuse_id;
+
+       ret = misc_call(dev, false, &msg, size, &msg, size);
+       if (ret)
+               printf("Error: %s: ret %d, fuse_id 0x%x, response 0x%x\n",
+                      __func__, ret, fuse_id, msg.data[0]);
+
+       if (response)
+               *response = msg.data[0];
+
+       if (info_type)
+               *info_type = msg.data[1];
+
+       return ret;
+}
+
 int ele_write_secure_fuse(ulong signed_msg_blk, u32 *response)
 {
        struct udevice *dev = gd->arch.ele_dev;