imx8: Add ahab_commit command

The ahab_commit command allows the user to commit into the SECO fuses
that control the SRK key revocation information. This is used to Revoke
compromised SRK keys.

To use ahab_commit, the boot container must be built with an SRK
revocation bit mask that is not 0x0. For the SPSDK provided by NXP, this
means setting the 'srk_revoke_mask' option in the config file used to
sign the boot container. The 'ahab_commit 0x10' can then be used to commit
the SRK revocation information into the SECO fuses.

Signed-off-by: John Ripple <[email protected]>

1 files changed, 6 insertions, 0 deletions

diff --git a/include/firmware/imx/sci/sci.h b/include/firmware/imx/sci/sci.h
index 588f3671103..876d52cac35 100644
--- a/include/firmware/imx/sci/sci.h
+++ b/include/firmware/imx/sci/sci.h
@@ -144,6 +144,7 @@ int sc_seco_secvio_dgo_config(sc_ipc_t ipc, u8 id, u8 access, u32 *data);
 int sc_seco_secvio_config(sc_ipc_t ipc, u8 id, u8 access,
 			  u32 *data0, u32 *data1, u32 *data2, u32 *data3,
 			  u32 *data4, u8 size);
+int sc_seco_commit(sc_ipc_t ipc, u32 *info);
 #else
 /* PM API*/
 static inline int sc_pm_set_resource_power_mode(sc_ipc_t ipc, sc_rsrc_t resource,
@@ -383,6 +384,11 @@ static inline int sc_seco_secvio_config(sc_ipc_t ipc, u8 id, u8 access, u32 *dat
 	return -EOPNOTSUPP;
 }
 
+static inline int sc_seco_commit(sc_ipc_t ipc, u32 *info)
+{
+	return -EOPNOTSUPP;
+}
+
 static inline void sc_pm_reboot(sc_ipc_t ipc, sc_pm_reset_type_t type)
 {
 }