Hi Jorge,
On Sat, 6 Feb 2021 at 16:05, Jorge Ramirez-Ortiz <jo...@foundries.io> wrote:
>
> Enable and provision the SCP03 keys on a TEE controlled secured elemt
> from the U-Boot shell.
>
> Signed-off-by: Jorge Ramirez-Ortiz <jo...@foundries.io>
> ---
> cmd/Kconfig | 9 ++++++++
> cmd/Makefile | 3 +++
> cmd/scp03.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 76 insertions(+)
> create mode 100644 cmd/scp03.c
Can we have a test for this please? See mem_search.c for an example.
>
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index 928a2a0a2d..4f990249b4 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -2021,6 +2021,15 @@ config HASH_VERIFY
> help
> Add -v option to verify data against a hash.
>
> +config CMD_SCP03
> + bool "scp03 - SCP03 enable and rotate/provision operations"
> + depends on SCP03
> + help
> + Enables the SCP03 commands to activate I2C channel encryption and
I2C-channel ?
> + provision the SCP03 keys.
> + scp03 enable
> + scp03 provision
Also add this to doc/usage (see 'make htmldocs')
> +
> config CMD_TPM_V1
> bool
>
> diff --git a/cmd/Makefile b/cmd/Makefile
> index 176bf925fd..a7017e8452 100644
> --- a/cmd/Makefile
> +++ b/cmd/Makefile
> @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o
> # Android Verified Boot 2.0
> obj-$(CONFIG_CMD_AVB) += avb.o
>
> +# Foundries.IO SCP03
> +obj-$(CONFIG_CMD_SCP03) += scp03.o
> +
> obj-$(CONFIG_ARM) += arm/
> obj-$(CONFIG_RISCV) += riscv/
> obj-$(CONFIG_SANDBOX) += sandbox/
> diff --git a/cmd/scp03.c b/cmd/scp03.c
> new file mode 100644
> index 0000000000..07913dbd3e
> --- /dev/null
> +++ b/cmd/scp03.c
> @@ -0,0 +1,64 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * (C) Copyright 2021, Foundries.IO
> + *
> + */
> +
> +#include <common.h>
> +#include <command.h>
> +#include <env.h>
> +#include <scp03.h>
> +
> +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc,
> + char *const argv[])
> +{
> + if (argc != 1)
> + return CMD_RET_USAGE;
> +
> + if (tee_enable_scp03())
Do you want to report the failure with a message?
> + return CMD_RET_FAILURE;
> +
> + return CMD_RET_SUCCESS;
> +}
> +
> +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc,
> + char *const argv[])
> +{
> + if (argc != 1)
> + return CMD_RET_USAGE;
> +
> + if (tee_provision_scp03())
> + return CMD_RET_FAILURE;
> +
> + return CMD_RET_SUCCESS;
> +}
> +
> +static struct cmd_tbl cmd_scp03[] = {
> + U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""),
> + U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""),
> +};
> +
> +static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc,
> + char * const argv[])
You could use U_BOOT_CMD_WITH_SUBCMDS() which might save some hassle here.
> +{
> + struct cmd_tbl *cp;
> +
> + cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03));
> +
> + argc--;
> + argv++;
> +
> + if (!cp || argc > cp->maxargs)
> + return CMD_RET_USAGE;
> +
> + if (flag == CMD_FLAG_REPEAT)
> + return CMD_RET_FAILURE;
> +
> + return cp->cmd(cmdtp, flag, argc, argv);
> +}
> +
> +U_BOOT_CMD(scp03, 2, 0, do_scp03,
> + "Provides a command to enable SCP03 and provision the SCP03
> keys\n",
> + "\tenable - enable SCP03\n"
> + "\tprovision - provision SCP03\n"
> +);
> --
> 2.30.0
>
Regards,
Simon
