On 07/02/21, Simon Glass wrote:
> Hi Jorge,
>
> On Sat, 6 Feb 2021 at 16:05, Jorge Ramirez-Ortiz <jo...@foundries.io> wrote:
> >
> > Enable and provision the SCP03 keys on a TEE controlled secured elemt
> > from the U-Boot shell.
> >
> > Signed-off-by: Jorge Ramirez-Ortiz <jo...@foundries.io>
> > ---
> > cmd/Kconfig | 9 ++++++++
> > cmd/Makefile | 3 +++
> > cmd/scp03.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 76 insertions(+)
> > create mode 100644 cmd/scp03.c
>
> Can we have a test for this please? See mem_search.c for an example.
you mean other than what I posted already (the sandbox test using the
TEE emulator)?
I am not really sure what else can it do: this command sends a request
to a TEE and waits to a response (and both are emulated on the sandbox).
>
> >
> > diff --git a/cmd/Kconfig b/cmd/Kconfig
> > index 928a2a0a2d..4f990249b4 100644
> > --- a/cmd/Kconfig
> > +++ b/cmd/Kconfig
> > @@ -2021,6 +2021,15 @@ config HASH_VERIFY
> > help
> > Add -v option to verify data against a hash.
> >
> > +config CMD_SCP03
> > + bool "scp03 - SCP03 enable and rotate/provision operations"
> > + depends on SCP03
> > + help
> > + Enables the SCP03 commands to activate I2C channel encryption and
>
> I2C-channel ?
sure
>
> > + provision the SCP03 keys.
> > + scp03 enable
> > + scp03 provision
>
> Also add this to doc/usage (see 'make htmldocs')
ok
>
> > +
> > config CMD_TPM_V1
> > bool
> >
> > diff --git a/cmd/Makefile b/cmd/Makefile
> > index 176bf925fd..a7017e8452 100644
> > --- a/cmd/Makefile
> > +++ b/cmd/Makefile
> > @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o
> > # Android Verified Boot 2.0
> > obj-$(CONFIG_CMD_AVB) += avb.o
> >
> > +# Foundries.IO SCP03
> > +obj-$(CONFIG_CMD_SCP03) += scp03.o
> > +
> > obj-$(CONFIG_ARM) += arm/
> > obj-$(CONFIG_RISCV) += riscv/
> > obj-$(CONFIG_SANDBOX) += sandbox/
> > diff --git a/cmd/scp03.c b/cmd/scp03.c
> > new file mode 100644
> > index 0000000000..07913dbd3e
> > --- /dev/null
> > +++ b/cmd/scp03.c
> > @@ -0,0 +1,64 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * (C) Copyright 2021, Foundries.IO
> > + *
> > + */
> > +
> > +#include <common.h>
> > +#include <command.h>
> > +#include <env.h>
> > +#include <scp03.h>
> > +
> > +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char *const argv[])
> > +{
> > + if (argc != 1)
> > + return CMD_RET_USAGE;
> > +
> > + if (tee_enable_scp03())
>
> Do you want to report the failure with a message?
ok
>
> > + return CMD_RET_FAILURE;
> > +
> > + return CMD_RET_SUCCESS;
> > +}
> > +
> > +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char *const argv[])
> > +{
> > + if (argc != 1)
> > + return CMD_RET_USAGE;
> > +
> > + if (tee_provision_scp03())
> > + return CMD_RET_FAILURE;
> > +
> > + return CMD_RET_SUCCESS;
> > +}
> > +
> > +static struct cmd_tbl cmd_scp03[] = {
> > + U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""),
> > + U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""),
> > +};
> > +
> > +static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char * const argv[])
>
> You could use U_BOOT_CMD_WITH_SUBCMDS() which might save some hassle
> here.
yes, much nicer. thanks
>
> > +{
> > + struct cmd_tbl *cp;
> > +
> > + cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03));
> > +
> > + argc--;
> > + argv++;
> > +
> > + if (!cp || argc > cp->maxargs)
> > + return CMD_RET_USAGE;
> > +
> > + if (flag == CMD_FLAG_REPEAT)
> > + return CMD_RET_FAILURE;
> > +
> > + return cp->cmd(cmdtp, flag, argc, argv);
> > +}
> > +
> > +U_BOOT_CMD(scp03, 2, 0, do_scp03,
> > + "Provides a command to enable SCP03 and provision the SCP03
> > keys\n",
> > + "\tenable - enable SCP03\n"
> > + "\tprovision - provision SCP03\n"
> > +);
> > --
> > 2.30.0
> >
>
> Regards,
> Simon
