cli_client: Add rpmc command support

This commit adds uses the new rpmc command implementation to add them as a new feature to the cli_client. Also adds the necessary documentation for this new feature. Tested on the Winbond W25R128JV as a 'SFDP-capable chip'. This patch was done to add rpmc command support to flashrom. This enables users to write root keys to their flash chips while they flash data on the chip. This might become useful in the future as rpmc support is extended in coreboot. Also adds debug tools to flashrom, which might be useful in implementing coreboots rpmc support. Change-Id: I36c823bbee65f256eb6edabe6f058321c9a0cfa1 Signed-off-by: Matti Finder <matti.finder@gmail.com> Reviewed-on: https://review.coreboot.org/c/flashrom/+/84840 Reviewed-by: Peter Marheine <pmarheine@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
2025-07-01 14:11:15 +02:00 · 2024-10-30 17:58:05 +01:00
parent 52f062f67a
commit b55469123b
4 changed files with 307 additions and 7 deletions
--- a/doc/classic_cli_manpage.rst
+++ b/doc/classic_cli_manpage.rst
@ -19,7 +19,11 @@ SYNOPSIS
 |               [-i <include>[:<file>]]]
 |             [--wp-status] [--wp-list] [--wp-enable|--wp-disable]
 |             [--wp-range <start>,<length>|--wp-region <region>]
-|             [-n] [-N] [-f])]
+|             [-n] [-N] [-f]
+|             [--rpmc-root-key <keyfile>] [--key-data <value>]
+|             [--counter-address <address>]
+|             [--get-rpmc-status] [--write-root-key] [--update-hmac-key]
+|             [--increment-counter <current>] [--get-counter])]
 |         [-V[V[V]]] [-o <logfile>] [--progress] [--sacrifice-ratio <ratio>]


@ -39,7 +43,7 @@ which use various protocols such as LPC, FWH, parallel flash, or SPI.
 OPTIONS
 -------

-You can specify one of ``-h``, ``-R``, ``-L``, ``-E``, ``-r``, ``-w``, ``-v`` or no operation.
+You can specify one of ``-h``, ``-R``, ``-L``, ``-E``, ``-r``, ``-w``, ``-v``, a RPMC command or no operation.
 If no operation is specified, **flashrom** will only probe for flash chips. It is recommended that if you try **flashrom** the
 first time on a system, you run it in probe-only mode and check the output.
 Also you are advised to make a backup of your current ROM contents with ``-r`` before you try to write a new image.
@ -334,6 +338,81 @@ All operations involving any chip access (probe/read/write/...) require the ``-p
 **-R, --version**
        Show version information and exit.

+RPMC commands
+^^^^^^^^^^^^^
+
+This section describes the commands added in JESD260. They are only supported on specific chip models.
+If the chip is detected correctly but you still get ``Error: RPMC commands are not supported on this device``,
+try using ``-c "SFDP-capable chip"`` for automatic feature detection.
+
+**--get-rpmc-status**
+        Read the extended RPMC status by issuing a OP2 command
+
+        Example::
+
+                flashrom -p prog --get-rpmc-status
+
+
+**--write-root-key**
+        Write new root key from **--rpmc-root-key**  file for **--counter-address**.
+
+        Example::
+
+                flashrom -p prog --rpmc-root-key <keyfile> --counter-address <address> --write-root-key
+
+**--update-hmac-key**
+        Update the hmac key register for **--counter-address** with the provided **--key-data**.
+        Requires valid **--rpmc-root-key**.
+
+        Example::
+
+                flashrom -p prog --rpmc-root-key <keyfile> --counter-address <address> --key-data <value> --update-hmac-key
+
+**--increment-counter <current>**
+        Increments the counter at **--counter-address** by one above the **<current>**.
+        Requires previously updated **--key-data** and valid **--rpmc-root-key**.
+
+        Examples::
+
+                flashrom -p prog --rpmc-root-key <keyfile> --counter-address <address> --key-data <value> --increment-counter 12
+                flashrom -p prog --rpmc-root-key <keyfile> --counter-address <address> --key-data <value> -w rom.bin --update-hmac-key --increment-counter 25
+
+**--get-counter**
+        Get the current counter value for **--counter-address**.
+        Requires previously updated **--key-data** and valid **--rpmc-root-key**.
+
+        Examples::
+
+                flashrom -p prog --rpmc-root-key <keyfile> --counter-address <address> --key-data <value> --get-counter
+                flashrom -p prog --rpmc-root-key <keyfile> --counter-address <address> --key-data <value> --update-hmac-key --get-counter
+
+RPMC options
+^^^^^^^^^^^^
+
+**--counter-address <address>**
+        Target the counter at **<address>** for any RPMC operations.
+        Addressing starts at 0.
+        Defaults to 0.
+
+        Example::
+
+                flashrom --counter-address 2
+
+**--rpmc-root-key <keyfile>**
+        Use **<keyfile>** as location of 32-byte root key.
+
+        Example::
+
+                flashrom --rpmc-root-key /home/user/some_key.bin
+
+**--key-data <value>**
+        Hexadecimal **<value>** will be used as 4-byte key data in RPMC operations.
+        Defaults to 0.
+
+        Example::
+
+                flashrom --key-data 12abc
+
 .. _programmer-specific information:

 PROGRAMMER-SPECIFIC INFORMATION
--- a/doc/dev_guide/building_from_source.rst
+++ b/doc/dev_guide/building_from_source.rst
@ -20,10 +20,12 @@ And the following dependencies:
 * libftdi1 [#b2]_
 * libjaylink [#b2]_
 * NI-845x driver & library package [#b3]_
+* libcrypto [#b4]_

 .. [#b1] | optional, for building unit testing
 .. [#b2] | optional, depending on the selected programmer
 .. [#b3] | optional, proprietary and Windows only. (See Windows build instructions)
+.. [#b4] | optional, to enable RPMC commands

 If you are cross compiling, install the dependencies for your target.

@ -56,7 +58,8 @@ Linux

      apt-get install -y \
      gcc meson ninja-build pkg-config python3-sphinx \
-      libcmocka-dev libpci-dev libusb-1.0-0-dev libftdi1-dev libjaylink-dev
+      libcmocka-dev libpci-dev libusb-1.0-0-dev libftdi1-dev libjaylink-dev \
+      libssl-dev

 * ArchLinux / Manjaro

@ -64,7 +67,8 @@ Linux

      pacman -S --noconfirm \
      gcc meson ninja pkg-config python-sphinx cmocka \
-      pciutils libusb libftdi libjaylink
+      pciutils libusb libftdi libjaylink \
+      openssl

 * openSUSE / SUSE

--- a/doc/release_notes/devel.rst
+++ b/doc/release_notes/devel.rst
@ -67,6 +67,16 @@ the entire area with one block.
 The tradeoff is the speed of programming operation VS the longevity of
 the chip. Default is longevity.

+RPMC support added
+==================
+
+Adding support for RPMC commands as specified by JESD260 to the cli_client. Main
+implementation is in rpmc.c. Also adds new parsing capabilities for the sfdp
+page carrying the necessary information. All the features are optional and
+depend on libcrypto.
+It currently uses automatic feature detection through the corresponding
+sfdp page.
+
 Chipset support
 ===============