On 07/02/21, Simon Glass wrote: > Hi Jorge, > > On Sat, 6 Feb 2021 at 16:05, Jorge Ramirez-Ortiz <jo...@foundries.io> wrote: > > > > Enable and provision the SCP03 keys on a TEE controlled secured elemt > > from the U-Boot shell. > > > > Signed-off-by: Jorge Ramirez-Ortiz <jo...@foundries.io> > > --- > > cmd/Kconfig | 9 ++++++++ > > cmd/Makefile | 3 +++ > > cmd/scp03.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > > 3 files changed, 76 insertions(+) > > create mode 100644 cmd/scp03.c > > Can we have a test for this please? See mem_search.c for an example.
you mean other than what I posted already (the sandbox test using the TEE emulator)? I am not really sure what else can it do: this command sends a request to a TEE and waits to a response (and both are emulated on the sandbox). > > > > > diff --git a/cmd/Kconfig b/cmd/Kconfig > > index 928a2a0a2d..4f990249b4 100644 > > --- a/cmd/Kconfig > > +++ b/cmd/Kconfig > > @@ -2021,6 +2021,15 @@ config HASH_VERIFY > > help > > Add -v option to verify data against a hash. > > > > +config CMD_SCP03 > > + bool "scp03 - SCP03 enable and rotate/provision operations" > > + depends on SCP03 > > + help > > + Enables the SCP03 commands to activate I2C channel encryption and > > I2C-channel ? sure > > > + provision the SCP03 keys. > > + scp03 enable > > + scp03 provision > > Also add this to doc/usage (see 'make htmldocs') ok > > > + > > config CMD_TPM_V1 > > bool > > > > diff --git a/cmd/Makefile b/cmd/Makefile > > index 176bf925fd..a7017e8452 100644 > > --- a/cmd/Makefile > > +++ b/cmd/Makefile > > @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o > > # Android Verified Boot 2.0 > > obj-$(CONFIG_CMD_AVB) += avb.o > > > > +# Foundries.IO SCP03 > > +obj-$(CONFIG_CMD_SCP03) += scp03.o > > + > > obj-$(CONFIG_ARM) += arm/ > > obj-$(CONFIG_RISCV) += riscv/ > > obj-$(CONFIG_SANDBOX) += sandbox/ > > diff --git a/cmd/scp03.c b/cmd/scp03.c > > new file mode 100644 > > index 0000000000..07913dbd3e > > --- /dev/null > > +++ b/cmd/scp03.c > > @@ -0,0 +1,64 @@ > > +// SPDX-License-Identifier: GPL-2.0+ > > +/* > > + * (C) Copyright 2021, Foundries.IO > > + * > > + */ > > + > > +#include <common.h> > > +#include <command.h> > > +#include <env.h> > > +#include <scp03.h> > > + > > +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc, > > + char *const argv[]) > > +{ > > + if (argc != 1) > > + return CMD_RET_USAGE; > > + > > + if (tee_enable_scp03()) > > Do you want to report the failure with a message? ok > > > + return CMD_RET_FAILURE; > > + > > + return CMD_RET_SUCCESS; > > +} > > + > > +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc, > > + char *const argv[]) > > +{ > > + if (argc != 1) > > + return CMD_RET_USAGE; > > + > > + if (tee_provision_scp03()) > > + return CMD_RET_FAILURE; > > + > > + return CMD_RET_SUCCESS; > > +} > > + > > +static struct cmd_tbl cmd_scp03[] = { > > + U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""), > > + U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""), > > +}; > > + > > +static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc, > > + char * const argv[]) > > You could use U_BOOT_CMD_WITH_SUBCMDS() which might save some hassle > here. yes, much nicer. thanks > > > +{ > > + struct cmd_tbl *cp; > > + > > + cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03)); > > + > > + argc--; > > + argv++; > > + > > + if (!cp || argc > cp->maxargs) > > + return CMD_RET_USAGE; > > + > > + if (flag == CMD_FLAG_REPEAT) > > + return CMD_RET_FAILURE; > > + > > + return cp->cmd(cmdtp, flag, argc, argv); > > +} > > + > > +U_BOOT_CMD(scp03, 2, 0, do_scp03, > > + "Provides a command to enable SCP03 and provision the SCP03 > > keys\n", > > + "\tenable - enable SCP03\n" > > + "\tprovision - provision SCP03\n" > > +); > > -- > > 2.30.0 > > > > Regards, > Simon