imx8: Add ahab_commit command

The ahab_commit command allows the user to commit into the SECO fuses that control the SRK key revocation information. This is used to Revoke compromised SRK keys. To use ahab_commit, the boot container must be built with an SRK revocation bit mask that is not 0x0. For the SPSDK provided by NXP, this means setting the 'srk_revoke_mask' option in the config file used to sign the boot container. The 'ahab_commit 0x10' can then be used to commit the SRK revocation information into the SECO fuses. Signed-off-by: John Ripple <john.ripple@keysight.com>
2025-09-09 13:53:22 -06:00
parent 464800d91b
commit b717a4090f
3 changed files with 66 additions and 0 deletions
--- a/arch/arm/mach-imx/imx8/ahab.c
+++ b/arch/arm/mach-imx/imx8/ahab.c
@@ -401,6 +401,29 @@ static int do_ahab_close(struct cmd_tbl *cmdtp, int flag, int argc,
 	return 0;
 }

+static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc,
+			  char *const argv[])
+{
+	u32 info;
+	int ret;
+
+	if (argc < 2)
+		return CMD_RET_USAGE;
+
+	info = simple_strtoul(argv[1], NULL, 16);
+	printf("Commit index is 0x%x\n", info);
+
+	ret = sc_seco_commit(-1, &info);
+	if (ret) {
+		printf("Error in AHAB commit\n");
+		return ret;
+	}
+
+	printf("AHAB commit succeeded.\n");
+
+	return CMD_RET_SUCCESS;
+}
+
 U_BOOT_CMD(auth_cntr, CONFIG_SYS_MAXARGS, 1, do_authenticate,
 	   "autenticate OS container via AHAB",
 	   "addr\n"
@@ -416,3 +439,9 @@ U_BOOT_CMD(ahab_close, CONFIG_SYS_MAXARGS, 1, do_ahab_close,
 	   "Change AHAB lifecycle to OEM closed",
 	   ""
 );
+
+U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit,
+	   "commit into the fuses any new SRK revocation information that have been found\n"
+	   "into the NXP (SECO FW) and OEM containers. For SRK revocation use 0x10 for the value.",
+	   ""
+);
--- a/drivers/misc/imx8/scu_api.c
+++ b/drivers/misc/imx8/scu_api.c
@@ -1286,3 +1286,34 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 access, u32 *data)

 	return ret;
 }
+
+int sc_seco_commit(sc_ipc_t ipc, u32 *info)
+{
+	struct udevice *dev = gd->arch.scu_dev;
+	struct sc_rpc_msg_s msg;
+	int size = sizeof(struct sc_rpc_msg_s);
+	int ret;
+
+	/* Fill in header */
+	RPC_VER(&msg) = SC_RPC_VERSION;
+	RPC_SIZE(&msg) = 2U;
+	RPC_SVC(&msg) = (u8)SC_RPC_SVC_SECO;
+	RPC_FUNC(&msg) = (u8)SECO_FUNC_COMMIT;
+
+	/* Fill in send message */
+	RPC_U32(&msg, 0U) = *info;
+
+	/* Call RPC */
+	ret = misc_call(dev, SC_FALSE, &msg, size, &msg, size);
+	if (ret)
+		return ret;
+
+	/* Copy out result */
+	ret = (int)RPC_R8(&msg);
+
+	/* Copy out receive message */
+	if (!ret)
+		*info = RPC_U32(&msg, 0U);
+
+	return ret;
+}
--- a/include/firmware/imx/sci/sci.h
+++ b/include/firmware/imx/sci/sci.h
@@ -144,6 +144,7 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 access, u32 *data);
 int sc_seco_secvio_config(sc_ipc_t ipc, u8 id, u8 access,
 			  u32 *data0, u32 *data1, u32 *data2, u32 *data3,
 			  u32 *data4, u8 size);
+int sc_seco_commit(sc_ipc_t ipc, u32 *info);
 #else
 /* PM API*/
 static inline int sc_pm_set_resource_power_mode(sc_ipc_t ipc, sc_rsrc_t resource,
@@ -383,6 +384,11 @@ static inline int sc_seco_secvio_config(sc_ipc_t ipc, u8 id, u8 access, u32 *dat
 	return -EOPNOTSUPP;
 }

+static inline int sc_seco_commit(sc_ipc_t ipc, u32 *info)
+{
+	return -EOPNOTSUPP;
+}
+
 static inline void sc_pm_reboot(sc_ipc_t ipc, sc_pm_reset_type_t type)
 {
 }