From patchwork Thu Sep 17 09:01:57 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gaurav Jain <gaurav.jain@nxp.com>
X-Patchwork-Id: 1366098
X-Patchwork-Delegate: priyanka.jain@nxp.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=pass (p=none dis=none) header.from=nxp.com
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=nxp.com header.i=@nxp.com header.a=rsa-sha256
 header.s=selector2 header.b=cXoCAWw3;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BscHb3x8gz9sSC
	for <incoming@patchwork.ozlabs.org>; Thu, 17 Sep 2020 22:49:47 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id CFDC282402;
	Thu, 17 Sep 2020 14:47:47 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=nxp.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=nxp.com header.i=@nxp.com header.b="cXoCAWw3";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 1E0578235A; Thu, 17 Sep 2020 11:02:39 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,FORGED_SPF_HELO,MSGID_FROM_MTA_HEADER,
 SPF_HELO_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no
 version=3.4.2
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
 (mail-db8eur05on2060e.outbound.protection.outlook.com
 [IPv6:2a01:111:f400:7e1a::60e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 2AECA82322
 for <u-boot@lists.denx.de>; Thu, 17 Sep 2020 11:02:36 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=nxp.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=gaurav.jain@nxp.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ExSRW9yZKgVh1BRuAws5tUq4u493NREJhe35X0x6z14GHSTZRm9WW2YJnNm+Y+V2JVtheCvIAe9WItBuQEY1zASKhh5EFjGRH2VkwGd5IayRpg871YO0y+TAbA5E0inpTbAkO8Cbc4Tq/c2yRrThBHnQwYq1TqeeBaLpgVNOs4DMeUd6PZvqDuiY8zqYiQz4i2PJVL3guZvy/7fYtATR/N6PEsbszmKxSZQOrL3+oh3qUtL+gWpi6qRU79RGvnAX3JPnVneEO3ou2tZYTL+/3Ea/PTMLqhHkkB3fG4TsPCXY1WPftIBJpnSjxPXmqda8fOfdTyQHnal5bJ3mtypQAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=8j8fqSlsNqyEH3uPRNBZzvd27YPEsyYccOH5rHfrh/g=;
 b=SLJTd1E+DbkPB9jPKVFK5x8xGojk/zrW5FWXmzN7lBFu1XVoMRtQ722f2o8Vzst+Ud2TLtAdBC5hLXvvuaA0TI4JXuom/WNzzOd0CB9fBX+LDPAqL0lb/ECQYWrU+W625MZ51m6USYml0GG/cuUtftQCin18BAYuo/bPG4p5Z6cwNpIJXvX0U90PRA19JCQbbo4ay5lFLooBXX/fdyf1S0ZlMM5wCMh8uzPfEXcXglxYH5K3002TGCvei44Z8ZEU6FpKdYw0YzHafi4ikf6a1QlTHhoz8QgsXMPONOuJNWcxU1iCnnTlh7XHa1XWAWiLavIZoNGGfXOZPzDJ/0IJJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass
 header.d=nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=8j8fqSlsNqyEH3uPRNBZzvd27YPEsyYccOH5rHfrh/g=;
 b=cXoCAWw3GGXBykit/aGFyPeroc9EEuETu3kfnrrrwhF5QH71E88mAxZXF+Zfg5sTgImMBo55IZe1qfG4pmGTOFK47BtiTEIfX9OG0gBS3gEsJEOqyyZEPRfAzY0sGOeoqRvsl6ATqXtht2o/j7MCuAtGbaqCj0WY6VhbpmziMoY=
Authentication-Results: lists.denx.de; dkim=none (message not signed)
 header.d=none;lists.denx.de; dmarc=none action=none header.from=nxp.com;
Received: from AM5PR04MB3074.eurprd04.prod.outlook.com (2603:10a6:206:4::16)
 by AM5PR0402MB2706.eurprd04.prod.outlook.com (2603:10a6:203:97::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Thu, 17 Sep
 2020 09:02:35 +0000
Received: from AM5PR04MB3074.eurprd04.prod.outlook.com
 ([fe80::88b4:6184:c533:7311]) by AM5PR04MB3074.eurprd04.prod.outlook.com
 ([fe80::88b4:6184:c533:7311%7]) with mapi id 15.20.3370.019; Thu, 17 Sep 2020
 09:02:35 +0000
From: Gaurav Jain <gaurav.jain@nxp.com>
To: u-boot@lists.denx.de,
	Priyanka Jain <priyanka.jain@nxp.com>
Cc: Ruchika Gupta <ruchika.gupta@nxp.com>
Subject: [PATCH v2 2/2] cmd: optee_rpmb command for read/write of rpmb from
 optee
Date: Thu, 17 Sep 2020 14:31:57 +0530
Message-Id: <20200917090157.29099-3-gaurav.jain@nxp.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200917090157.29099-1-gaurav.jain@nxp.com>
References: <20200917090157.29099-1-gaurav.jain@nxp.com>
X-ClientProxiedBy: SG2PR01CA0144.apcprd01.prod.exchangelabs.com
 (2603:1096:4:8f::24) To AM5PR04MB3074.eurprd04.prod.outlook.com
 (2603:10a6:206:4::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from lsv03326.swis.in-blr01.nxp.com (14.142.151.118) by
 SG2PR01CA0144.apcprd01.prod.exchangelabs.com (2603:1096:4:8f::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.13 via Frontend
 Transport; Thu, 17 Sep 2020 09:02:33 +0000
X-Mailer: git-send-email 2.17.1
X-Originating-IP: [14.142.151.118]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 2896c76a-1ab4-4aca-aa0d-08d85ae86af9
X-MS-TrafficTypeDiagnostic: AM5PR0402MB2706:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <AM5PR0402MB2706731B8181842751755D04E73E0@AM5PR0402MB2706.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:655;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 ghgaLuE11GPh5vtcGpT1AVfZQeujt3u9iqZj5jIggi8lukn4sffeh6BZhwUALlWArplnaVR5tchAXVr4aTL6Q5tiGPI6XcXLGWam6ybLMhCbrEtgnQF34tIXVCvoVYsEjoxnurKxTo1sJ9jW6MX8FNds9Nxg2Pe6I4b82/C0RzIw+MDjR66865iYNynY+ICWgyOZgUoewD3+dJF/UPNNnUOka7xxngqdrc368GcQL7RyiaJNxjQUNsUBZ2iZCMvY/m+MNq0/vzsuZvSrSLgMeqLLBO4pkaXsrhiy+nRA12akHEbkcVN4WdSqf2cpLXv22WjHXGT/zKGPUzDjD421CasjCuIg9anLmFocuL1/ghikrwLyIUwRDrN09T2FlJ3x4mkwCMqh55E5toGp1IiFFDqCenS2Ah7dSYu+o+GBWJo=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:AM5PR04MB3074.eurprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(396003)(366004)(136003)(376002)(39860400002)(346002)(55236004)(6862004)(26005)(4326008)(186003)(83380400001)(44832011)(956004)(86362001)(8676002)(36756003)(8936002)(2616005)(316002)(2906002)(1006002)(7696005)(66476007)(52116002)(6486002)(6636002)(5660300002)(16526019)(478600001)(6666004)(66946007)(66556008)(37006003)(1076003)(110426005);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
 24Y7y1DSwcEQQByyy+pkL80fhTGKCwKfB0RCuZwDp6otM+4E/qmnU47D7GmSUXebSvbkQtRZOpF7H/cUAv48ioGEGlng0kyt6u+Mo+0UgN15dyZoXXtANpzABV1Xf7uxzXcd+hCbBj4/7tWNk4Zgbyr3xVeoY7YdGQCP/j3EHVVjYfdoESehma/GfDYRFrDPJo1/KuTo5taDuycq/i9E5d4ldNLch14t0DizPL4sB8OMXgQ8fWJsbLnEXf8mStPe3xZkTUl83jU+5PmnNlGsAiODM5IJXQRJQ9gnAfGHCapiHcx6s1qqF6yy2QL6L3+tdH1RKnIKF/fBSx8trlIoxQDnYGEn5WIjzLa4hcU4g9S/dFQZfArvyeiUqZXRypucTsXWoLwyEF171I39JDIUV9pQM8qcSLt6SXGOj6jOIaRorscDdCzISnL5uSSz/P5jjpPbWeWfdqqxqLepCSA7AJf3PfvDNih93D0Ont0GHYHOPfv1CY2k6pLiHOb30IJ5FE+wAOfzcLtivTpFYxBxBRYTlZPM4RAJY6BQObgKo1OWqj853EJkxrpxJrAvz4Y6ZXWUQQ9FUYgiaHYi0grYkbX+iJckssEG+o3YzwI2qbRDg2KZK0TO+RjqElRwlL84I0Txwv/Oxw19DpNwwNxjsw==
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2896c76a-1ab4-4aca-aa0d-08d85ae86af9
X-MS-Exchange-CrossTenant-AuthSource: AM5PR04MB3074.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Sep 2020 09:02:34.9952 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 sYRS4K6wWXUgTme4PdfIsqIVSiRMzxe7Rar/n9zfkyaaFI+LLpM4pwW8ohVLeYLHlK5kFQAsD29SBOd5rtI0KQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0402MB2706
X-Mailman-Approved-At: Thu, 17 Sep 2020 14:47:20 +0200
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

From: Ruchika Gupta <ruchika.gupta@nxp.com>

Enable "optee_rpmb" command to write/read named persistent values
created on RPMB by opening session with OPTEE AVB TA.
This provides easy test for establishing a session with OPTEE
TA and storage of persistent data in MMC RPMB.

It includes following subcommands:

optee_rpmb read_pvalue - read persistent values on rpmb via OPTEE AVB TA
optee_rpmb write_pvalue - write persistent values on rpmb via OPTEE AVB TA

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---

Notes:
    modified cmd_tbl_t to struct cmd_tbl as per command.h

 cmd/Kconfig      |   8 ++
 cmd/Makefile     |   1 +
 cmd/optee_rpmb.c | 272 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 281 insertions(+)
 create mode 100644 cmd/optee_rpmb.c

diff --git a/cmd/Kconfig b/cmd/Kconfig
index 0761dbb746..f2b631bce3 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -1162,6 +1162,14 @@ config CMD_CLONE
 	  initial flashing by external block device without network
 	  or usb support.
 
+config CMD_OPTEE_RPMB
+	bool "Enable read/write support on RPMB via OPTEE"
+	depends on SUPPORT_EMMC_RPMB && OPTEE
+	help
+	  Enable the commands for reading, writing persistent named values
+	  in the Replay Protection Memory Block partition in eMMC by
+	  using Persistent Objects in OPTEE
+
 config CMD_MTD
 	bool "mtd"
 	depends on MTD
diff --git a/cmd/Makefile b/cmd/Makefile
index 3a9c9747c9..acb048d7bf 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -96,6 +96,7 @@ obj-$(CONFIG_CMD_MII) += mii.o
 obj-$(CONFIG_CMD_MDIO) += mdio.o
 obj-$(CONFIG_CMD_MISC) += misc.o
 obj-$(CONFIG_CMD_MMC) += mmc.o
+obj-$(CONFIG_CMD_OPTEE_RPMB) += optee_rpmb.o
 obj-$(CONFIG_MP) += mp.o
 obj-$(CONFIG_CMD_MTD) += mtd.o
 obj-$(CONFIG_CMD_MTDPARTS) += mtdparts.o
diff --git a/cmd/optee_rpmb.c b/cmd/optee_rpmb.c
new file mode 100644
index 0000000000..8d9ab70c2c
--- /dev/null
+++ b/cmd/optee_rpmb.c
@@ -0,0 +1,272 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2020 NXP
+ */
+
+#include <command.h>
+#include <common.h>
+#include <env.h>
+#include <errno.h>
+#include <image.h>
+#include <malloc.h>
+#include <mmc.h>
+#include <tee.h>
+#include <tee/optee_ta_avb.h>
+
+static struct udevice *tee;
+static u32 session;
+
+static int avb_ta_open_session(void)
+{
+	const struct tee_optee_ta_uuid uuid = TA_AVB_UUID;
+	struct tee_open_session_arg arg;
+	int rc;
+
+	tee = tee_find_device(tee, NULL, NULL, NULL);
+	if (!tee)
+		return -ENODEV;
+
+	memset(&arg, 0, sizeof(arg));
+	tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
+	rc = tee_open_session(tee, &arg, 0, NULL);
+	if (!rc)
+		session = arg.session;
+
+	return 0;
+}
+
+static int invoke_func(u32 func, ulong num_param, struct tee_param *param)
+{
+	struct tee_invoke_arg arg;
+
+	if (!tee)
+		if (avb_ta_open_session())
+			return -ENODEV;
+
+	memset(&arg, 0, sizeof(arg));
+	arg.func = func;
+	arg.session = session;
+
+	if (tee_invoke_func(tee, &arg, num_param, param))
+		return -EFAULT;
+	switch (arg.ret) {
+	case TEE_SUCCESS:
+		return 0;
+	case TEE_ERROR_OUT_OF_MEMORY:
+	case TEE_ERROR_STORAGE_NO_SPACE:
+		return -ENOSPC;
+	case TEE_ERROR_ITEM_NOT_FOUND:
+		return -EIO;
+	case TEE_ERROR_TARGET_DEAD:
+		/*
+		 * The TA has paniced, close the session to reload the TA
+		 * for the next request.
+		 */
+		tee_close_session(tee, session);
+		tee = NULL;
+		return -EIO;
+	default:
+		return -EIO;
+	}
+}
+
+static int read_persistent_value(const char *name,
+				 size_t buffer_size,
+				 u8 *out_buffer,
+				 size_t *out_num_bytes_read)
+{
+	int rc = 0;
+	struct tee_shm *shm_name;
+	struct tee_shm *shm_buf;
+	struct tee_param param[2];
+	size_t name_size = strlen(name) + 1;
+
+	if (!tee)
+		if (avb_ta_open_session())
+			return -ENODEV;
+
+	rc = tee_shm_alloc(tee, name_size,
+			   TEE_SHM_ALLOC, &shm_name);
+	if (rc)
+		return -ENOMEM;
+
+	rc = tee_shm_alloc(tee, buffer_size,
+			   TEE_SHM_ALLOC, &shm_buf);
+	if (rc) {
+		rc = -ENOMEM;
+		goto free_name;
+	}
+
+	memcpy(shm_name->addr, name, name_size);
+
+	memset(param, 0, sizeof(param));
+	param[0].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT;
+	param[0].u.memref.shm = shm_name;
+	param[0].u.memref.size = name_size;
+	param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INOUT;
+	param[1].u.memref.shm = shm_buf;
+	param[1].u.memref.size = buffer_size;
+
+	rc = invoke_func(TA_AVB_CMD_READ_PERSIST_VALUE,
+			 2, param);
+	if (rc)
+		goto out;
+
+	if (param[1].u.memref.size > buffer_size) {
+		rc = -EINVAL;
+		goto out;
+	}
+
+	*out_num_bytes_read = param[1].u.memref.size;
+
+	memcpy(out_buffer, shm_buf->addr, *out_num_bytes_read);
+
+out:
+	tee_shm_free(shm_buf);
+free_name:
+	tee_shm_free(shm_name);
+
+	return rc;
+}
+
+static int write_persistent_value(const char *name,
+				  size_t value_size,
+				  const u8 *value)
+{
+	int rc = 0;
+	struct tee_shm *shm_name;
+	struct tee_shm *shm_buf;
+	struct tee_param param[2];
+	size_t name_size = strlen(name) + 1;
+
+	if (!tee) {
+		if (avb_ta_open_session())
+			return -ENODEV;
+	}
+	if (!value_size)
+		return -EINVAL;
+
+	rc = tee_shm_alloc(tee, name_size,
+			   TEE_SHM_ALLOC, &shm_name);
+	if (rc)
+		return -ENOMEM;
+
+	rc = tee_shm_alloc(tee, value_size,
+			   TEE_SHM_ALLOC, &shm_buf);
+	if (rc) {
+		rc = -ENOMEM;
+		goto free_name;
+	}
+
+	memcpy(shm_name->addr, name, name_size);
+	memcpy(shm_buf->addr, value, value_size);
+
+	memset(param, 0, sizeof(param));
+	param[0].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT;
+	param[0].u.memref.shm = shm_name;
+	param[0].u.memref.size = name_size;
+	param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT;
+	param[1].u.memref.shm = shm_buf;
+	param[1].u.memref.size = value_size;
+
+	rc = invoke_func(TA_AVB_CMD_WRITE_PERSIST_VALUE,
+			 2, param);
+	if (rc)
+		goto out;
+
+out:
+	tee_shm_free(shm_buf);
+free_name:
+	tee_shm_free(shm_name);
+
+	return rc;
+}
+
+int do_optee_rpmb_read(struct cmd_tbl *cmdtp, int flag, int argc,
+		       char * const argv[])
+{
+	const char *name;
+	size_t bytes;
+	size_t bytes_read;
+	void *buffer;
+	char *endp;
+
+	if (argc != 3)
+		return CMD_RET_USAGE;
+
+	name = argv[1];
+	bytes = simple_strtoul(argv[2], &endp, 10);
+	if (*endp && *endp != '\n')
+		return CMD_RET_USAGE;
+
+	buffer = malloc(bytes);
+	if (!buffer)
+		return CMD_RET_FAILURE;
+
+	if (read_persistent_value(name, bytes, buffer, &bytes_read) == 0) {
+		printf("Read %zu bytes, value = %s\n", bytes_read,
+		       (char *)buffer);
+		free(buffer);
+		return CMD_RET_SUCCESS;
+	}
+
+	printf("Failed to read persistent value\n");
+
+	free(buffer);
+
+	return CMD_RET_FAILURE;
+}
+
+int do_optee_rpmb_write(struct cmd_tbl *cmdtp, int flag, int argc,
+			char * const argv[])
+{
+	const char *name;
+	const char *value;
+
+	if (argc != 3)
+		return CMD_RET_USAGE;
+
+	name = argv[1];
+	value = argv[2];
+
+	if (write_persistent_value(name, strlen(value) + 1,
+				   (const uint8_t *)value) == 0) {
+		printf("Wrote %zu bytes\n", strlen(value) + 1);
+		return CMD_RET_SUCCESS;
+	}
+
+	printf("Failed to write persistent value\n");
+
+	return CMD_RET_FAILURE;
+}
+
+static struct cmd_tbl cmd_optee_rpmb[] = {
+	U_BOOT_CMD_MKENT(read_pvalue, 3, 0, do_optee_rpmb_read, "", ""),
+	U_BOOT_CMD_MKENT(write_pvalue, 3, 0, do_optee_rpmb_write, "", ""),
+};
+
+static int do_optee_rpmb(struct cmd_tbl *cmdtp, int flag, int argc,
+			 char * const argv[])
+{
+	struct cmd_tbl *cp;
+
+	cp = find_cmd_tbl(argv[1], cmd_optee_rpmb, ARRAY_SIZE(cmd_optee_rpmb));
+
+	argc--;
+	argv++;
+
+	if (!cp || argc > cp->maxargs)
+		return CMD_RET_USAGE;
+
+	if (flag == CMD_FLAG_REPEAT)
+		return CMD_RET_FAILURE;
+
+	return cp->cmd(cmdtp, flag, argc, argv);
+}
+
+U_BOOT_CMD(
+	optee_rpmb, 29, 0, do_optee_rpmb,
+	"Provides commands for testing secure storage on RPMB on OPTEE",
+	"read_pvalue <name> <bytes> - read a persistent value <name>\n"
+	"optee_rpmb write_pvalue <name> <value> - write a persistent value <name>\n"
+	);