Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / b10cddf140f3ab27a4a6e6392960456fc6bf2f06^! / . / doc / board / st / stm32mp1.rst
commitb10cddf140f3ab27a4a6e6392960456fc6bf2f06[log] [tgz]
authorPatrick Delaunay <patrick.delaunay@st.com>Wed Feb 12 19:37:38 2020 +0100
committerPatrick Delaunay <patrick.delaunay@st.com>Tue Mar 24 14:05:35 2020 +0100
tree44288593d3a084fa1b2a13288f38a6d663a5b6e9
parent3b7dbd45f909d382557d23785aa6b6ef531fe43b [diff] [blame]
arm: stm32mp: bsec: add permanent lock support in bsec driver

Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver.
The write access only available for Trusted boot mode, based on new
SMC STM32_SMC_WRLOCK_OTP.

With the fuse command, the permanent lock status is accessed with
0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program
divided by u32 size), for example:

Read lock status of fuse 57 (0x39)

  STM32MP> fuse sense 0 0x10000039 1

  Sensing bank 0:

  Word 0x10000039: 00000000

Set permanent lock of fuse 57 (0x39)

  STM32MP> fuse prog 0 0x10000039 1

  Sensing bank 0:

  Word 0x10000039: 00000000

WARNING: the OTP lock is updated only after reboot

WARING: Programming lock or fuses is an irreversible operation!
        This may brick your system.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>

diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst
index 1640bf9..ee42af6 100644
--- a/doc/board/st/stm32mp1.rst
+++ b/doc/board/st/stm32mp1.rst

@@ -416,20 +416,26 @@
  - OTP_58[15:0] = MAC_ADDR[47:32]
 
 To program a MAC address on virgin OTP words above, you can use the fuse command
-on bank 0 to access to internal OTP:
+on bank 0 to access to internal OTP and lock them:
 
 Prerequisite: check if a MAC address isn't yet programmed in OTP
 
-1) check OTP: their value must be equal to 0
+1) check OTP: their value must be equal to 0::
 
-   STM32MP> fuse sense 0 57 2
-   Sensing bank 0:
-   Word 0x00000039: 00000000 00000000
+    STM32MP> fuse sense 0 57 2
+    Sensing bank 0:
+    Word 0x00000039: 00000000 00000000
+
+2) check environment variable::
 
-2) check environment variable
+    STM32MP> env print ethaddr
+    ## Error: "ethaddr" not defined
 
-   STM32MP> env print ethaddr
-   ## Error: "ethaddr" not defined
+3) check lock status of fuse 57 & 58 (at 0x39, 0=unlocked, 1=locked)::
+
+    STM32MP> fuse sense 0 0x10000039 2
+    Sensing bank 0:
+       Word 0x10000039: 00000000 00000000
 
 Example to set mac address "12:34:56:78:9a:bc"
 
@@ -443,11 +449,19 @@
     Sensing bank 0:
     Word 0x00000039: 78563412 0000bc9a
 
-3) next REBOOT, in the trace::
+3) Lock OTP::
+
+    STM32MP> fuse prog 0 0x10000039 1 1
+
+    STM32MP> fuse sense 0 0x10000039 2
+    Sensing bank 0:
+       Word 0x10000039: 00000001 00000001
+
+4) next REBOOT, in the trace::
 
     ### Setting environment from OTP MAC address = "12:34:56:78:9a:bc"
 
-4) check env update::
+5) check env update::
 
     STM32MP> env print ethaddr
     ethaddr=12:34:56:78:9a:bc