[08/10] mmc-utils: Enable/Disable write protect

Message ID	20250407082833.108616-9-avri.altman@sandisk.com
State	New
Headers	show Received: from esa1.hgst.iphmx.com (esa1.hgst.iphmx.com [68.232.141.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC6F9225A20 for <linux-mmc@vger.kernel.org>; Mon, 7 Apr 2025 08:34:00 +0000 (UTC) IronPort-SDR: 67f37ff8_6yHKQdvOH7D+0hCSL5qEhQ4Gs8v5ugJbtf4zgAnSilL6hSu SnE78a0lT0wB1gJhU72vV8CmUW0CxxaqwlezG+g== WDCIronportException: Internal From: Avri Altman <avri.altman@sandisk.com> To: Ulf Hansson <ulf.hansson@linaro.org>, linux-mmc@vger.kernel.org Cc: Avri Altman <avri.altman@wdc.com> Subject: [PATCH 08/10] mmc-utils: Enable/Disable write protect Date: Mon, 7 Apr 2025 11:28:31 +0300 Message-Id: <20250407082833.108616-9-avri.altman@sandisk.com> In-Reply-To: <20250407082833.108616-1-avri.altman@sandisk.com> References: <20250407082833.108616-1-avri.altman@sandisk.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	mmc-utils: Secure Write Protect Mode Enhancements \| expand [00/10] mmc-utils: Secure Write Protect Mode Enhancements [01/10] mmc-utils: Initialize RPMB frame_out structures to zero [02/10] mmc-utils: Reduce scope of nargs for RPMB commands [03/10] mmc-utils: Pack rpmb_frame structure to avoid padding bytes [04/10] mmc-utils: Add byte offset comments to rpmb_frame structure [05/10] mmc-utils: Add SECURE_WP_INFO field in ext_csd register [06/10] mmc-utils: Refactor RPMB key handling into a separate function [07/10] mmc-utils: Add secure write-protect mode enable/disable [08/10] mmc-utils: Enable/Disable write protect [09/10] mmc-utils: Secure Write Protect Mode Read [10/10] mmc-utils: Doc: new secure write protect commands

Message ID

20250407082833.108616-9-avri.altman@sandisk.com

State

New

Headers

IronPort-SDR: 67f37ff8_6yHKQdvOH7D+0hCSL5qEhQ4Gs8v5ugJbtf4zgAnSilL6hSu
 SnE78a0lT0wB1gJhU72vV8CmUW0CxxaqwlezG+g==
WDCIronportException: Internal
From: Avri Altman <avri.altman@sandisk.com>
To: Ulf Hansson <ulf.hansson@linaro.org>,
	linux-mmc@vger.kernel.org
Cc: Avri Altman <avri.altman@wdc.com>
Subject: [PATCH 08/10] mmc-utils: Enable/Disable write protect
Date: Mon,  7 Apr 2025 11:28:31 +0300
Message-Id: <20250407082833.108616-9-avri.altman@sandisk.com>
In-Reply-To: <20250407082833.108616-1-avri.altman@sandisk.com>
References: <20250407082833.108616-1-avri.altman@sandisk.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

mmc-utils: Secure Write Protect Mode Enhancements | expand

Commit Message

Avri Altman April 7, 2025, 8:28 a.m. UTC

From: Avri Altman <avri.altman@wdc.com>

In secure write protected mode, the updatability of USER_WP[171],
BOOT_WP[173], TMP_WRITE_PROTECT[12] and PERM_WRITE_PROTECT[13] are
controlled by SECURE_WP_MASK bit in the SECURE _WP_MODE_CONFIG of the
Authenticated Device Configuration Area.

Setting it, enables updating WP related EXT_CSD and CSD fields, and
clearing it vice versa.

Access to the Authenticated Device Configuration Area is regulated via
Authenticated Device Configuration Write Request.

Signed-off-by: Avri Altman <avri.altman@wdc.com>
---
 mmc.c      | 20 ++++++++++++++++++++
 mmc_cmds.c | 14 ++++++++++++++
 mmc_cmds.h |  2 ++
 3 files changed, 36 insertions(+)

diff --git a/mmc.c b/mmc.c
index 0cffa5b..578b00c 100644
--- a/mmc.c
+++ b/mmc.c
@@ -220,6 +220,26 @@  static struct Command commands[] = {
 		  "    mmc rpmb secure-wp-mode-off /dev/block/mmcblk0 /dev/mmcblk0rpmb -",
 	  NULL
 	},
+	{ do_rpmb_sec_wp_mode_set, 3,
+	  "rpmb secure-wp-disable", "<dev> <rpmb device> <key file>\n"
+		  "Enabling updating WP related EXT_CSD and CSD fields.\n"
+		  "Applicable only if secure wp mode is enabled.\n"
+		  "You can specify '-' instead of key\n"
+		  "Example:\n"
+		  "    echo -n AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH | \\\n"
+		  "    mmc rpmb secure-wp-disable /dev/block/mmcblk0 /dev/mmcblk0rpmb -",
+	  NULL
+	},
+	{ do_rpmb_sec_wp_mode_clear, 3,
+	  "rpmb secure-wp-enable", "<dev> <rpmb device> <key file>\n"
+		  "Disabling updating WP related EXT_CSD and CSD fields.\n"
+		  "Applicable only if secure wp mode is enabled.\n"
+		  "You can specify '-' instead of key\n"
+		  "Example:\n"
+		  "    echo -n AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH | \\\n"
+		  "    mmc rpmb secure-wp-enable /dev/block/mmcblk0 /dev/mmcblk0rpmb -",
+	  NULL
+	},
 	{ do_cache_en, -1,
 	  "cache enable", "<device>\n"
 		"Enable the eMMC cache feature on <device>.\n"
diff --git a/mmc_cmds.c b/mmc_cmds.c
index 07bd9ad..2ef4252 100644
--- a/mmc_cmds.c
+++ b/mmc_cmds.c
@@ -2602,6 +2602,20 @@  int do_rpmb_sec_wp_disable(int nargs, char **argv)
 	return rpmb_auth_write(nargs, argv, 1, 0, usage);
 }
 
+int do_rpmb_sec_wp_mode_set(int nargs, char **argv)
+{
+	char *usage = "Usage: mmc rpmb secure-wp-disable </path/to/mmcblkx> </path/to/mmcblkXrpmb> </path/to/key>\n";
+
+	return rpmb_auth_write(nargs, argv, 2, 1, usage);
+}
+
+int do_rpmb_sec_wp_mode_clear(int nargs, char **argv)
+{
+	char *usage = "Usage: mmc rpmb secure-wp-enable </path/to/mmcblkx> </path/to/mmcblkXrpmb> </path/to/key>\n";
+
+	return rpmb_auth_write(nargs, argv, 2, 0, usage);
+}
+
 int do_rpmb_write_block(int nargs, char **argv)
 {
 	int ret, dev_fd, data_fd;
diff --git a/mmc_cmds.h b/mmc_cmds.h
index 873d9b2..61fe337 100644
--- a/mmc_cmds.h
+++ b/mmc_cmds.h
@@ -41,6 +41,8 @@  int do_rpmb_read_block(int nargs, char **argv);
 int do_rpmb_write_block(int nargs, char **argv);
 int do_rpmb_sec_wp_enable(int nargs, char **argv);
 int do_rpmb_sec_wp_disable(int nargs, char **argv);
+int do_rpmb_sec_wp_mode_set(int nargs, char **argv);
+int do_rpmb_sec_wp_mode_clear(int nargs, char **argv);
 int do_cache_en(int nargs, char **argv);
 int do_cache_dis(int nargs, char **argv);
 int do_ffu(int nargs, char **argv);

[08/10] mmc-utils: Enable/Disable write protect

Commit Message

Patch