From: Jorge Ramirez-Ortiz, Foundries <jorge@foundries.io>
To: u-boot@lists.denx.de
Subject: [PATCH 2/3] cmd: SCP03: enable and provision command
Date: Sun, 7 Feb 2021 19:11:18 +0100 [thread overview]
Message-ID: <20210207181118.GA10270@trex> (raw)
In-Reply-To: <CAPnjgZ1-hA7g3DtL7j8wh6xS4cX0zk7W85+6miHs694LtUZBrw@mail.gmail.com>
On 07/02/21, Simon Glass wrote:
> Hi Jorge,
>
> On Sat, 6 Feb 2021 at 16:05, Jorge Ramirez-Ortiz <jorge@foundries.io> wrote:
> >
> > Enable and provision the SCP03 keys on a TEE controlled secured elemt
> > from the U-Boot shell.
> >
> > Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
> > ---
> > cmd/Kconfig | 9 ++++++++
> > cmd/Makefile | 3 +++
> > cmd/scp03.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 76 insertions(+)
> > create mode 100644 cmd/scp03.c
>
> Can we have a test for this please? See mem_search.c for an example.
you mean other than what I posted already (the sandbox test using the
TEE emulator)?
I am not really sure what else can it do: this command sends a request
to a TEE and waits to a response (and both are emulated on the sandbox).
>
> >
> > diff --git a/cmd/Kconfig b/cmd/Kconfig
> > index 928a2a0a2d..4f990249b4 100644
> > --- a/cmd/Kconfig
> > +++ b/cmd/Kconfig
> > @@ -2021,6 +2021,15 @@ config HASH_VERIFY
> > help
> > Add -v option to verify data against a hash.
> >
> > +config CMD_SCP03
> > + bool "scp03 - SCP03 enable and rotate/provision operations"
> > + depends on SCP03
> > + help
> > + Enables the SCP03 commands to activate I2C channel encryption and
>
> I2C-channel ?
sure
>
> > + provision the SCP03 keys.
> > + scp03 enable
> > + scp03 provision
>
> Also add this to doc/usage (see 'make htmldocs')
ok
>
> > +
> > config CMD_TPM_V1
> > bool
> >
> > diff --git a/cmd/Makefile b/cmd/Makefile
> > index 176bf925fd..a7017e8452 100644
> > --- a/cmd/Makefile
> > +++ b/cmd/Makefile
> > @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o
> > # Android Verified Boot 2.0
> > obj-$(CONFIG_CMD_AVB) += avb.o
> >
> > +# Foundries.IO SCP03
> > +obj-$(CONFIG_CMD_SCP03) += scp03.o
> > +
> > obj-$(CONFIG_ARM) += arm/
> > obj-$(CONFIG_RISCV) += riscv/
> > obj-$(CONFIG_SANDBOX) += sandbox/
> > diff --git a/cmd/scp03.c b/cmd/scp03.c
> > new file mode 100644
> > index 0000000000..07913dbd3e
> > --- /dev/null
> > +++ b/cmd/scp03.c
> > @@ -0,0 +1,64 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * (C) Copyright 2021, Foundries.IO
> > + *
> > + */
> > +
> > +#include <common.h>
> > +#include <command.h>
> > +#include <env.h>
> > +#include <scp03.h>
> > +
> > +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char *const argv[])
> > +{
> > + if (argc != 1)
> > + return CMD_RET_USAGE;
> > +
> > + if (tee_enable_scp03())
>
> Do you want to report the failure with a message?
ok
>
> > + return CMD_RET_FAILURE;
> > +
> > + return CMD_RET_SUCCESS;
> > +}
> > +
> > +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char *const argv[])
> > +{
> > + if (argc != 1)
> > + return CMD_RET_USAGE;
> > +
> > + if (tee_provision_scp03())
> > + return CMD_RET_FAILURE;
> > +
> > + return CMD_RET_SUCCESS;
> > +}
> > +
> > +static struct cmd_tbl cmd_scp03[] = {
> > + U_BOOT_CMD_MKENT(enable, 1, 0, do_scp03_enable, "", ""),
> > + U_BOOT_CMD_MKENT(provision, 1, 0, do_scp03_provision, "", ""),
> > +};
> > +
> > +static int do_scp03(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char * const argv[])
>
> You could use U_BOOT_CMD_WITH_SUBCMDS() which might save some hassle
> here.
yes, much nicer. thanks
>
> > +{
> > + struct cmd_tbl *cp;
> > +
> > + cp = find_cmd_tbl(argv[1], cmd_scp03, ARRAY_SIZE(cmd_scp03));
> > +
> > + argc--;
> > + argv++;
> > +
> > + if (!cp || argc > cp->maxargs)
> > + return CMD_RET_USAGE;
> > +
> > + if (flag == CMD_FLAG_REPEAT)
> > + return CMD_RET_FAILURE;
> > +
> > + return cp->cmd(cmdtp, flag, argc, argv);
> > +}
> > +
> > +U_BOOT_CMD(scp03, 2, 0, do_scp03,
> > + "Provides a command to enable SCP03 and provision the SCP03 keys\n",
> > + "\tenable - enable SCP03\n"
> > + "\tprovision - provision SCP03\n"
> > +);
> > --
> > 2.30.0
> >
>
> Regards,
> Simon
next prev parent reply other threads:[~2021-02-07 18:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-06 23:05 [PATCH 1/3] common: SCP03 control (enable and provision of keys) Jorge Ramirez-Ortiz
2021-02-06 23:05 ` [PATCH] drivers: tee: sandbox: secure channel protocol control Jorge Ramirez-Ortiz
2021-02-06 23:05 ` [PATCH 2/3] cmd: SCP03: enable and provision command Jorge Ramirez-Ortiz
2021-02-07 14:37 ` Simon Glass
2021-02-07 18:11 ` Jorge [this message]
2021-02-08 17:08 ` Simon Glass
2021-02-08 20:18 ` Jorge
2021-02-06 23:05 ` [PATCH 3/3] drivers: tee: sandbox: secure channel protocol control Jorge Ramirez-Ortiz
2021-02-07 14:37 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210207181118.GA10270@trex \
--to=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox