From 20117d1609597773c582a1361d0addd808b083c7 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Tue, 18 Nov 2025 01:06:44 +0100
Subject: [PATCH] Add read secure boot status.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/rescue.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/rescue.c b/src/rescue.c
index fcc6bae..fdd870c 100644
--- a/src/rescue.c
+++ b/src/rescue.c
@@ -108,6 +108,15 @@ int cmd_read() {
         res_APDU_size += put_uint32_t_be(nfiles, res_APDU + res_APDU_size);
         res_APDU_size += put_uint32_t_be(size, res_APDU + res_APDU_size);
     }
+    else if (p1 == 0x3) { // OTP SECURE BOOT STATUS
+        res_APDU_size = 0;
+        uint8_t bootkey = 0xFF;
+        bool enabled = otp_is_secure_boot_enabled(&bootkey);
+        bool locked = otp_is_secure_boot_locked();
+        res_APDU[res_APDU_size++] = enabled ? 0x1 : 0x0;
+        res_APDU[res_APDU_size++] = locked ? 0x1 : 0x0;
+        res_APDU[res_APDU_size++] = bootkey;
+    }
     return SW_OK();
 }