From d6bb94f3a14ddbcf44c667134ed302eff054954c Mon Sep 17 00:00:00 2001 From: Robin van der Gracht Date: Wed, 24 Jan 2024 09:29:13 +0100 Subject: [PATCH] feat(stm32mp1): only fuse monotonic counter on closed devices The fused monotonic counter is checked by the ROM bootloader. The ROM bootloader won't allow booting images build with a lower STM32_TF_VERSION value. On non-closed devices a user can easily circumvent this. But it is annoying for a developer when open development hardware gets the counter value fused. Signed-off-by: Robin van der Gracht Change-Id: Ie52561368a3178de9d9a44b9d089664241452651 --- plat/st/stm32mp1/bl2_plat_setup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c index 321b8c5fd..fd86020ed 100644 --- a/plat/st/stm32mp1/bl2_plat_setup.c +++ b/plat/st/stm32mp1/bl2_plat_setup.c @@ -367,7 +367,9 @@ skip_console_init: print_reset_reason(); #if STM32MP15 - update_monotonic_counter(); + if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) { + update_monotonic_counter(); + } #endif stm32mp1_syscfg_enable_io_compensation_finish();