[PATCH 1/1] tools: imagetool: Disable TOC0 anti-rollback protection

public inbox for linux-sunxi@lists.linux.dev
 help / color / mirror / Atom feed

From: James Hilliard <james.hilliard1@gmail.com>
To: u-boot@lists.denx.de
Cc: linux-sunxi@lists.linux.dev,
	James Hilliard <james.hilliard1@gmail.com>,
	Jagan Teki <jagan@amarulasolutions.com>,
	Andre Przywara <andre.przywara@arm.com>,
	Tom Rini <trini@konsulko.com>
Subject: [PATCH 1/1] tools: imagetool: Disable TOC0 anti-rollback protection
Date: Mon,  2 Feb 2026 18:28:18 -0700	[thread overview]
Message-ID: <20260203012819.3406450-1-james.hilliard1@gmail.com> (raw)

Allwinner devices which support TOC0 have anti-rollback protection
efuses that are sometimes blown to prevent downgrading firmware.

Since we don't currently support configuring an anti-rollback version
lets just set the max version in the TOC0 certificate so that the
sbrom will never reject our image due to the anti-rollback protections
having been used by BSP based firmware.

Note that while there are 32 efuse bits the SBROM will reject any
antirollback version above 31, as such setting 31 should ensure
maxiumum hardware compatibility.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
 tools/sunxi_toc0.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index 76693647a09..35bd43680d4 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -127,6 +127,11 @@ struct __packed toc0_cert_item {
 				struct __packed toc0_extension {
 					toc0_small_int tag_digest;
 					uint8_t digest[32];
+					toc0_small_seq tag_nvc_seq;
+					struct __packed toc0_nvc_seq {
+						int oid;
+						int nvc;
+					} nvc_seq;
 				} extension;
 			} explicit3;
 		} mainSequence;
@@ -174,6 +179,11 @@ static const struct toc0_cert_item cert_item_template = {
 				{
 					TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)),
 					{},
+					TOC0_SMALL_SEQ(sizeof(struct toc0_nvc_seq)),
+					{
+						1,
+						31,
+					},
 				},
 			},
 		},
-- 
2.43.0

                 reply	other threads:[~2026-02-03  1:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:76693647a0 dfblob:35bd43680d )
 OR (
bs:"[PATCH 1/1] tools: imagetool: Disable TOC0 anti-rollback protection" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260203012819.3406450-1-james.hilliard1@gmail.com \
    --to=james.hilliard1@gmail.com \
    --cc=andre.przywara@arm.com \
    --cc=jagan@amarulasolutions.com \
    --cc=linux-sunxi@lists.linux.dev \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox