dexter has uploaded this change for review.

View Change

README.md document recently added lock/unlock feature

The ara-m applet now has a method to lock the store data command.
This prevents unauthorized changes to the access rules.

Related: SYS#7245
Change-Id: I5a8db9c823a207842aa894485820d610d311c2e0
---
M README.md
1 file changed, 14 insertions(+), 0 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/aram-applet refs/changes/81/39781/1

diff --git a/README.md b/README.md
index e6fb5f3..816a5d5 100644
--- a/README.md
+++ b/README.md
@@ -46,10 +46,12 @@
 - [x] delete REF-DO
 - [ ] delete REF-AR-DO
 - [x] update refresh tag
+- [x] lock/unlock store data (protect against unauthorized access rule changes)
 
 ### Note
 
 * store data can be accessed via install for personalization or via raw apdu STORE DATA
+* when store data is locked, then store data can only be accessed via install for personalization
 * get data length is coded on **2 bytes** max
 * get specific is **not** compatible with get next
 * rules are not stored as data object but as plain apdu AR-DO
@@ -127,6 +129,18 @@
 gp -acr-delete -app D2760001180002FF49502589C0019B18 -acr-hash 1FA8CC6CE448894C7011E23BCF56DB9BD9097432
 ```
 
+#### lock
+
+```bash
+gp --key-enc $KIC --key-mac $KID --key-dek $KIK --secure-apdu 80e620000f000009a00000015141434c00000000 --secure-apdu 80E2900001A1
+```
+
+#### unlock
+
+```bash
+gp --key-enc $KIC --key-mac $KID --key-dek $KIK --secure-apdu 80e620000f000009a00000015141434c00000000 --secure-apdu 80E2900001A2
+```
+
 ### Raw APDU
 
 #### list rules

To view, visit change 39781. To unsubscribe, or for help writing mail filters, visit settings.