Hi Jorge, On Sat, 6 Feb 2021 at 16:05, Jorge Ramirez-Ortiz <jo...@foundries.io> wrote: > > Enable and provision the SCP03 keys on a TEE controlled secured elemt > from the U-Boot shell. > > Signed-off-by: Jorge Ramirez-Ortiz <jo...@foundries.io> > --- > cmd/Kconfig | 9 ++++++++ > cmd/Makefile | 3 +++ > cmd/scp03.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 76 insertions(+) > create mode 100644 cmd/scp03.c
Can we have a test for this please? See mem_search.c for an example. > > diff --git a/cmd/Kconfig b/cmd/Kconfig > index 928a2a0a2d..4f990249b4 100644 > --- a/cmd/Kconfig > +++ b/cmd/Kconfig > @@ -2021,6 +2021,15 @@ config HASH_VERIFY > help > Add -v option to verify data against a hash. > > +config CMD_SCP03 > + bool "scp03 - SCP03 enable and rotate/provision operations" > + depends on SCP03 > + help > + Enables the SCP03 commands to activate I2C channel encryption and I2C-channel ? > + provision the SCP03 keys. > + scp03 enable > + scp03 provision Also add this to doc/usage (see 'make htmldocs') > + > config CMD_TPM_V1 > bool > > diff --git a/cmd/Makefile b/cmd/Makefile > index 176bf925fd..a7017e8452 100644 > --- a/cmd/Makefile > +++ b/cmd/Makefile > @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o > # Android Verified Boot 2.0 > obj-$(CONFIG_CMD_AVB) += avb.o > > +# Foundries.IO SCP03 > +obj-$(CONFIG_CMD_SCP03) += scp03.o > + > obj-$(CONFIG_ARM) += arm/ > obj-$(CONFIG_RISCV) += riscv/ > obj-$(CONFIG_SANDBOX) += sandbox/ > diff --git a/cmd/scp03.c b/cmd/scp03.c > new file mode 100644 > index 0000000000..07913dbd3e > --- /dev/null > +++ b/cmd/scp03.c > @@ -0,0 +1,64 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * (C) Copyright 2021, Foundries.IO > + * > + */ > + > +#include <common.h> > +#include <command.h> > +#include <env.h> > +#include <scp03.h> > + > +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc, > + char *const argv[]) > +{ > + if (argc != 1) > + return CMD_RET_USAGE; > + > + if (tee_enable_scp03()) Do you want to report the failure with a message? > + return CMD_RET_FAILURE; > + > + return CMD_RET_SUCCESS; > +} > + > +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc, > + char *const argv[]) > +{ > + if (argc != 1) > + return CMD_RET_USAGE; > + > + if (tee_provision_scp03()) > + return CMD_RET_FAILURE; > + > + return CMD_RET_SUCCESS; > +} > + > +static struct cmd_tbl cmd_scp03[] = { > + U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""), > + U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""), > +}; > + > +static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc, > + char * const argv[]) You could use U_BOOT_CMD_WITH_SUBCMDS() which might save some hassle here. > +{ > + struct cmd_tbl *cp; > + > + cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03)); > + > + argc--; > + argv++; > + > + if (!cp || argc > cp->maxargs) > + return CMD_RET_USAGE; > + > + if (flag == CMD_FLAG_REPEAT) > + return CMD_RET_FAILURE; > + > + return cp->cmd(cmdtp, flag, argc, argv); > +} > + > +U_BOOT_CMD(scp03, 2, 0, do_scp03, > + "Provides a command to enable SCP03 and provision the SCP03 > keys\n", > + "\tenable - enable SCP03\n" > + "\tprovision - provision SCP03\n" > +); > -- > 2.30.0 > Regards, Simon