Hi, this fixes the HABv4 locking on i.MX8M devices and add additional features like: - key revocation - field-return burning - additional security related fuse defintions - automatic locking of the gp5 eFuse on i.MX8MP SoCs --- Changes in v3: - added GP5_LOCK support for i.MX8MP devices - renamed HABV4_CSF_UNLOCK_SRK_REVOKE to HABV4_CSF_SRK_REVOKE_UNLOCK - adapted to HAB_CERTS_ENV - Link to v2: https://lore.barebox.org/20240703-v2024-05-0-topic-hab-v2-0-17419aa5d3a3@xxxxxxxxxxxxxx Changes in v2: - Link to v1: https://lore.barebox.org/barebox/Zmv2KyQq3ACxksc_@xxxxxxxxxxxxxx/ - adapt patch-1 commit message - make use of 'bool permanent' parameter instead of introducing new IMX_SRK_* flags. To: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> To: open list:BAREBOX <barebox@xxxxxxxxxxxxxxxxxxx> --- Marco Felsch (8): nvmem: ocotp: add support to get/set srk_revoke sticky bit nvmem: ocotp: add support to query the field-return sticky bit hab: convert flags to use BIT() macro i.MX: HAB: add imx_hab_revoke_key support i.MX: HABv4: add more i.MX8M fuse defines i.MX8M: HABv4: add an option to allow key revocation i.MX8M: HABv4: add option to allow burning the field-return fuse i.MX: HAB: add imx_hab_field_return support Stefan Kerkmann (2): i.mx8: ocotp: add GPx_LOCK defines hab: lock GP5 on i.MX8MP socs arch/arm/mach-imx/Kconfig | 34 +++++++++++++ drivers/hab/hab.c | 98 ++++++++++++++++++++++++++++++++++-- drivers/nvmem/ocotp.c | 79 +++++++++++++++++++++++++++++ include/hab.h | 9 ++-- include/mach/imx/habv4-imx8-gencsf.h | 13 +++++ include/mach/imx/ocotp-fusemap.h | 28 +++++++++++ include/mach/imx/ocotp.h | 3 ++ scripts/Makefile.lib | 1 + 8 files changed, 258 insertions(+), 7 deletions(-) --- base-commit: fb590cfa8fea6906d3f78dd409856d350e24b582 change-id: 20240703-v2024-05-0-topic-hab-218bab0e829c Best regards, -- Stefan Kerkmann <s.kerkmann@xxxxxxxxxxxxxx>
