From 9e7b543959998542635c3869a2db44ee062db00d Mon Sep 17 00:00:00 2001
From: William Vinnicombe <william.vinnicombe@raspberrypi.com>
Date: Fri, 15 Nov 2024 10:30:37 +0000
Subject: [PATCH] Add OTP settings JSON schema

---
 README.md                    |  2 +-
 json/schemas/otp-schema.json | 50 ++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 json/schemas/otp-schema.json

diff --git a/README.md b/README.md
index 96941f1..0e40e9d 100644
--- a/README.md
+++ b/README.md
@@ -940,7 +940,7 @@ These commands will set/get specific rows of OTP. By default, they will write/re
 
 ### load
 
-This command allows loading of a range of OTP rows onto the device. The source can be a binary file, or a JSON file such as the one output by `picotool sign`.
+This command allows loading of a range of OTP rows onto the device. The source can be a binary file, or a JSON file such as the one output by `picotool sign`. The schema for this JSON file is [here](json/schemas/otp-schema.json)
 For example, if you wish to sign a binary and then test secure boot with it, you can run the following set of commands:
 ```text
 $ picotool sign hello_world.elf hello_world.signed.elf private.pem otp.json
diff --git a/json/schemas/otp-schema.json b/json/schemas/otp-schema.json
new file mode 100644
index 0000000..d59bc3a
--- /dev/null
+++ b/json/schemas/otp-schema.json
@@ -0,0 +1,50 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "title": "OTP Settings",
+    "description": "OTP Settings",
+    "type": "object",
+    "properties": {"$schema": {}},
+    "patternProperties": {
+        "^\\d{1,2}:\\d{1,2}$": {
+            "description": "Generic OTP Row",
+            "type": "object",
+            "properties": {
+                "ecc": {
+                    "description": "Protect with ECC",
+                    "type": "boolean"
+                },
+                "value": {
+                    "description": "Value to write",
+                    "type": ["array", "string", "integer"],
+                    "pattern": "^0x[0-9a-fA-F]{1,6}$",
+                    "items": {
+                        "description": "Data Byte",
+                        "type": ["string", "integer"],
+                        "pattern": "^0x[0-9a-fA-F]{1,2}$"
+                    }
+                }
+            },
+            "additionalProperties": false,
+            "required": ["ecc", "value"]
+        },
+        "^[\\d\\w_]+$": {
+            "description": "Defined OTP Row",
+            "type": ["object", "array", "string", "integer"],
+            "pattern": "^0x[0-9a-fA-F]{1,6}$",
+            "items": {
+                "description": "Data Byte",
+                "type": ["string", "integer"],
+                "pattern": "^0x[0-9a-fA-F]{1,2}$"
+            },
+            "patternProperties": {
+                "^[\\d\\w_]+$": {
+                    "description": "OTP Field",
+                    "type": ["string", "integer"],
+                    "pattern": "^0x[0-9a-fA-F]{1,6}$"
+                }
+            },
+            "additionalProperties": false
+        }
+    },
+    "additionalProperties": false
+}