On 07/02/21, Simon Glass wrote:
Hi Jorge,
On Sat, 6 Feb 2021 at 16:05, Jorge Ramirez-Ortiz jorge@foundries.io wrote:
Enable and provision the SCP03 keys on a TEE controlled secured elemt from the U-Boot shell.
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io
cmd/Kconfig | 9 ++++++++ cmd/Makefile | 3 +++ cmd/scp03.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+) create mode 100644 cmd/scp03.c
Can we have a test for this please? See mem_search.c for an example.
you mean other than what I posted already (the sandbox test using the TEE emulator)?
I am not really sure what else can it do: this command sends a request to a TEE and waits to a response (and both are emulated on the sandbox).
diff --git a/cmd/Kconfig b/cmd/Kconfig index 928a2a0a2d..4f990249b4 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2021,6 +2021,15 @@ config HASH_VERIFY help Add -v option to verify data against a hash.
+config CMD_SCP03
bool "scp03 - SCP03 enable and rotate/provision operations"depends on SCP03helpEnables the SCP03 commands to activate I2C channel encryption andI2C-channel ?
sure
provision the SCP03 keys.scp03 enablescp03 provisionAlso add this to doc/usage (see 'make htmldocs')
ok
config CMD_TPM_V1 bool
diff --git a/cmd/Makefile b/cmd/Makefile index 176bf925fd..a7017e8452 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o # Android Verified Boot 2.0 obj-$(CONFIG_CMD_AVB) += avb.o
+# Foundries.IO SCP03 +obj-$(CONFIG_CMD_SCP03) += scp03.o
obj-$(CONFIG_ARM) += arm/ obj-$(CONFIG_RISCV) += riscv/ obj-$(CONFIG_SANDBOX) += sandbox/ diff --git a/cmd/scp03.c b/cmd/scp03.c new file mode 100644 index 0000000000..07913dbd3e --- /dev/null +++ b/cmd/scp03.c @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- (C) Copyright 2021, Foundries.IO
- */
+#include <common.h> +#include <command.h> +#include <env.h> +#include <scp03.h>
+int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])+{
if (argc != 1)return CMD_RET_USAGE;if (tee_enable_scp03())Do you want to report the failure with a message?
ok
return CMD_RET_FAILURE;return CMD_RET_SUCCESS;+}
+int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])+{
if (argc != 1)return CMD_RET_USAGE;if (tee_provision_scp03())return CMD_RET_FAILURE;return CMD_RET_SUCCESS;+}
+static struct cmd_tbl cmd_scp03[] = {
U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""),U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""),+};
+static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc,
char * const argv[])You could use U_BOOT_CMD_WITH_SUBCMDS() which might save some hassle here.
yes, much nicer. thanks
+{
struct cmd_tbl *cp;cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03));argc--;argv++;if (!cp || argc > cp->maxargs)return CMD_RET_USAGE;if (flag == CMD_FLAG_REPEAT)return CMD_RET_FAILURE;return cp->cmd(cmdtp, flag, argc, argv);+}
+U_BOOT_CMD(scp03, 2, 0, do_scp03,
"Provides a command to enable SCP03 and provision the SCP03 keys\n","\tenable - enable SCP03\n""\tprovision - provision SCP03\n"+);
2.30.0
Regards, Simon