imx: ele_ahab: Add ahab_commit command support
This message is used to commit into the fuses any new SRK revocation and
FW version information that have been found into the NXP (ELE FW) and
OEM containers.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
diff --git a/arch/arm/include/asm/mach-imx/ele_api.h b/arch/arm/include/asm/mach-imx/ele_api.h
index cfd4ece..a29b849 100644
--- a/arch/arm/include/asm/mach-imx/ele_api.h
+++ b/arch/arm/include/asm/mach-imx/ele_api.h
@@ -24,6 +24,7 @@
#define ELE_GET_FW_VERSION_REQ (0x9D)
#define ELE_RET_LIFECYCLE_UP_REQ (0xA0)
#define ELE_GET_EVENTS_REQ (0xA2)
+#define ELE_COMMIT_REQ (0xA8)
#define ELE_START_RNG (0xA3)
#define ELE_GENERATE_DEK_BLOB (0xAF)
#define ELE_ENABLE_PATCH_REQ (0xC3)
@@ -142,6 +143,7 @@
int ele_release_caam(u32 core_did, u32 *response);
int ele_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response);
int ele_get_events(u32 *events, u32 *events_cnt, u32 *response);
+int ele_commit(u16 fuse_id, u32 *response, u32 *info_type);
int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size);
int ele_dump_buffer(u32 *buffer, u32 buffer_length);
int ele_get_info(struct ele_get_info_data *info, u32 *response);
diff --git a/arch/arm/mach-imx/ele_ahab.c b/arch/arm/mach-imx/ele_ahab.c
index 295c055..d02316e 100644
--- a/arch/arm/mach-imx/ele_ahab.c
+++ b/arch/arm/mach-imx/ele_ahab.c
@@ -625,6 +625,29 @@
return CMD_RET_SUCCESS;
}
+static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u32 index;
+ u32 resp;
+ u32 info_type;
+
+ if (argc < 2)
+ return CMD_RET_USAGE;
+
+ index = simple_strtoul(argv[1], NULL, 16);
+ printf("Commit index is 0x%x\n", index);
+
+ if (ele_commit(index, &resp, &info_type)) {
+ printf("Error in AHAB commit\n");
+ return -EIO;
+ }
+
+ printf("Ahab commit succeeded. Information type is 0x%x\n", info_type);
+
+ return 0;
+}
+
U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
"autenticate OS container via AHAB",
"addr\n"
@@ -657,3 +680,9 @@
"addr\n"
"addr - Return lifecycle message block signed by OEM SRK\n"
);
+
+U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit,
+ "commit into the fuses any new SRK revocation and FW version information\n"
+ "that have been found into the NXP (ELE FW) and OEM containers",
+ ""
+);
diff --git a/drivers/misc/imx_ele/ele_api.c b/drivers/misc/imx_ele/ele_api.c
index 0c01773..e0ec22c 100644
--- a/drivers/misc/imx_ele/ele_api.c
+++ b/drivers/misc/imx_ele/ele_api.c
@@ -528,6 +528,38 @@
return ret;
}
+int ele_commit(u16 fuse_id, u32 *response, u32 *info_type)
+{
+ struct udevice *dev = gd->arch.ele_dev;
+ int size = sizeof(struct ele_msg);
+ struct ele_msg msg;
+ int ret = 0;
+
+ if (!dev) {
+ printf("ele dev is not initialized\n");
+ return -ENODEV;
+ }
+
+ msg.version = ELE_VERSION;
+ msg.tag = ELE_CMD_TAG;
+ msg.size = 2;
+ msg.command = ELE_COMMIT_REQ;
+ msg.data[0] = fuse_id;
+
+ ret = misc_call(dev, false, &msg, size, &msg, size);
+ if (ret)
+ printf("Error: %s: ret %d, fuse_id 0x%x, response 0x%x\n",
+ __func__, ret, fuse_id, msg.data[0]);
+
+ if (response)
+ *response = msg.data[0];
+
+ if (info_type)
+ *info_type = msg.data[1];
+
+ return ret;
+}
+
int ele_write_secure_fuse(ulong signed_msg_blk, u32 *response)
{
struct udevice *dev = gd->arch.ele_dev;