)]}'
{
  "commit": "3596dc23c54f7c26579558a03214ef8017c8df10",
  "tree": "89ded8c781da45ab288ec31441d5819758bb407c",
  "parents": [
    "7c92857b506f93640474f9809bdb0f23fa45e900"
  ],
  "author": {
    "name": "Andrew Jeffery",
    "email": "andrew@aj.id.au",
    "time": "Mon Aug 14 11:40:35 2023 +0930"
  },
  "committer": {
    "name": "Andrew Jeffery",
    "email": "andrew@aj.id.au",
    "time": "Fri Sep 01 02:46:41 2023 +0000"
  },
  "message": "meta-ibm: u-boot-aspeed-sdk: Leave key retirement unspecified\n\nIBM observed consistent hangs in the `uart_otp` tool when programming\nthe OTP image into the SoC. This was root-caused by Aspeed:\n\n\u003e Message-ID: \u003cTYZPR06MB677027C95FCFABCDA6F81C4D800DA@TYZPR06MB6770.apcprd06.prod.outlook.com\u003e\n\u003e From: Neal Liu \u003cneal_liu@aspeedtech.com\u003e\n\u003e Subject: Server Management technical issue by Rose.Drehmel@us.ibm.com\n\u003e\n\u003e Hi Andrew,\n\u003e\n\u003e It’s okay, I found the problem.\n\u003e\n\u003e The utility timeout is because it programs key retire bits in\n\u003e OTPCFG4[7:0] without enabling secure boot.\n\u003e\n\u003e In the case of secure boot is enabled, the hardware would detect the\n\u003e current boot up key number #id, and it can only retire the number\n\u003e which is smaller than the current boot up key #id.\n\u003e If not, the OTP status will keep busy, and the utility stocks in\n\u003e polling loop.\n\u003e\n\u003e If you still want to disable key #0 without enabling secure boot,\n\u003e OTPCFG0[5] can be another option for you.\n\u003e\n\u003e I also provide a new programmer.bin to fix this infinite loop problem\n\u003e in case user thought BMC is crashed.\n\u003e\n\u003e You can try it with this command:\n\u003e\n\u003e $ uart_otp -s 2600 -p ast2600_otp_programmer.bin /dev/ttyUSBx\n\u003e\n\u003e Thanks\n\u003e\n\u003e Best Regards,\n\u003e\n\u003e -Neal\n\nIn discussion with Chris we determined that we were not intentionally\nattempting to retire the development / low-security key, rather were\njust trying to be complete in the specification of our configuration.\n\nNeal responded to our request of how to avoid programming a key\nretirement in the configuration file:\n\n\u003e Message-ID: \u003cTYZPR06MB67700B238DB429A51E048E328010A@TYZPR06MB6770.apcprd06.prod.outlook.com\u003e\n\u003e From: Neal Liu \u003cneal_liu@aspeedtech.com\u003e\n\u003e Subject: Server Management technical issue by Rose.Drehmel@us.ibm.com\n\u003e\n\u003e Hi Andrew,\n\u003e\n\u003e Just delete line #72 as unspecified value.\n\u003e\n\u003e Thanks\n\u003e\n\u003e Best Regards,\n\u003e\n\u003e -Neal\n\u003e\u003e\n\u003e\u003e From: Andrew Jeffery \u003candrewrj@au1.ibm.com\u003e\n\u003e\u003e To: Neal Liu \u003cneal_liu@aspeedtech.com\u003e\n\u003e\u003e Subject: Re: Server Management technical issue by Rose.Drehmel@us.ibm.com\n\u003e\u003e\n\u003e\u003e Hi Neal,\n\u003e\u003e\n\u003e\u003e I\u0027ve discussed your findings with Chris Engel, who is our platform\n\u003e\u003e security person. We determined that we do not want to mark the low\n\u003e\u003e security key as retired in the OTP as we\u0027re handling that via the\n\u003e\u003e FWSPIMISO strapping pin.\n\u003e\u003e\n\u003e\u003e What change should I make to our OTP configuration so that we don\u0027t\n\u003e\u003e retire key 0 during programming?\n\u003e\u003e\n\u003e\u003e Andrew\n\nLine 72 in this case refers to our OTP configuration file:\n\nhttps://github.com/openbmc/openbmc/blob/2a25492c13e2b768f94b864a51f84e82e4238aef/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/ibm.json#L72\n\nLeave \"Keys Retire ID\" unspecified to avoid leaving the OTP engine busy.\n\nCc: Chris Engel \u003ccjengel@us.ibm.com\u003e\nCc: Rose Drehmel \u003cRose.Drehmel@us.ibm.com\u003e\nCc: Briana Foxworth \u003cbefoxwor@us.ibm.com\u003e\nCc: Nicole Nett \u003cnschwart@us.ibm.com\u003e\nChange-Id: Ib6b75a40f5debd5ba1166f0f69a07114b76d9c34\nSigned-off-by: Andrew Jeffery \u003candrew@aj.id.au\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "59c92a08988688eae58bc756491d2ae9b5128815",
      "old_mode": 33188,
      "old_path": "meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/ibm.json",
      "new_id": "23f7bf992bed5a28fa33e22921884ccd9d8e6a7e",
      "new_mode": 33188,
      "new_path": "meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/ibm.json"
    },
    {
      "type": "modify",
      "old_id": "6c7a258769e0a06c4fd36849cecc74b5e0bddfbc",
      "old_mode": 33188,
      "old_path": "meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/ips.json",
      "new_id": "622c6184ab8566c897a45e88810d2d314746006b",
      "new_mode": 33188,
      "new_path": "meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/ips.json"
    }
  ]
}