Re: [PATCH v3] imx8: Add ahab_commit command

Thu, 11 Sep 2025 23:51:08 -0700 

Hello John,

On 08.09.25 23:18, John Ripple wrote:

The ahab_commit command allows the user to commit into the SECO fuses
that control the SRK key revocation information. This is used to Revoke
compromised SRK keys.

To use ahab_commit, the boot container must be built with an SRK
revocation bit mask that is not 0x0. For the SPSDK provided by NXP, this
means setting the 'srk_revoke_mask' option in the config file used to
sign the boot container. The 'ahab_commit 0x10' can then be used to commit
the SRK revocation information into the SECO fuses.

Signed-off-by: John Ripple <[email protected]>
---
Changes in v2:
- Changed patch name to have imx8.

Changes in v3:
- Changed patch name to only have imx8 at the start.
- Add error checking for sc_seco_commit message.
---

  arch/arm/mach-imx/imx8/ahab.c  | 27 +++++++++++++++++++++++++++
  drivers/misc/imx8/scu_api.c    | 30 ++++++++++++++++++++++++++++++
  include/firmware/imx/sci/sci.h |  6 ++++++
  3 files changed, 63 insertions(+)


Thanks!

Reviewed-by: Heiko Schocher <[email protected]>

just a nitpick...

[...]

diff --git a/drivers/misc/imx8/scu_api.c b/drivers/misc/imx8/scu_api.c
index 8985ab6584d..0337525774e 100644
--- a/drivers/misc/imx8/scu_api.c
+++ b/drivers/misc/imx8/scu_api.c
@@ -1286,3 +1286,33 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 
access, u32 *data)
return ret; 
  }
+
+int sc_seco_commit(sc_ipc_t ipc, u32 *info)
+{
+       struct udevice *dev = gd->arch.scu_dev;
+       struct sc_rpc_msg_s msg;
+       int size = sizeof(struct sc_rpc_msg_s);
+       int ret;
+
+       /* Fill in header */
+       RPC_VER(&msg) = SC_RPC_VERSION;
+       RPC_SIZE(&msg) = 2U;
+       RPC_SVC(&msg) = (u8)SC_RPC_SVC_SECO;
+       RPC_FUNC(&msg) = (u8)SECO_FUNC_COMMIT;
+
+       /* Fill in send message */
+       RPC_U32(&msg, 0U) = *info;
+
+       /* Call RPC */
+       ret = misc_call(dev, SC_FALSE, &msg, size, &msg, size);
+
+       /* Copy out result */
+       ret = (int)RPC_R8(&msg);
+
+       /* Copy out receive message */
+       if (!ret)
+               *info = RPC_U32(&msg, 0U);
+
+       /* Return result */


Do we really need this comment?


+       return ret;
+}


bye,
Heiko
--
Nabla Software Engineering
HRB 40522 Augsburg
Phone: +49 821 45592596
E-Mail: [email protected]
Geschäftsführer : Stefano Babic

Reply via email to