topic Re: LS1043A SRK REVOCATION in Layerscape

LS1043A SRK REVOCATION

mohamed_hamzaou — Wed, 14 Oct 2020 20:12:33 GMT

I'm trying to revoke SRK in an LS1043A BOARD. I have to make this revocation for a list of 1000 boards.

I am confused whether or not I should blow the fuses in the SFP’s OEM Security Policy Register (SFP_OSPR) to revoke the compromised key or just I have to update the key number indicated in the CSF header.

The problem with blowing fuse is that I need to apply 1.8V on TA_PROG_SFP to make SFP writable and this need manual action in my case so the best way is to make it through a simple remote software update.

How can I manage this case?

Re: LS1043A SRK REVOCATION

bpe — Thu, 15 Oct 2020 01:25:07 GMT

I would say, unless the goal is to leave the system in a non-usable state,
you need both to blow a fuse and to update image headers when
revoking a key. The former is required to mark the key as revoked, the latter
have to be done to let the system use a key that remains active to validate boot
images.

Note that NXP LS1043A-RDB is a development system. It is not designed to be used
as a field-deployed, end-user device. Such devices, if remote key revocation
is required, have to have provisions in the design to control the required
power supply lines in software.

Best Regards,
Platon

Re: LS1043A SRK REVOCATION

mohamed_hamzaou — Thu, 15 Oct 2020 08:46:13 GMT

Thanks Platon for your answer but let me ask you some questions.

When you said that LS1043A-RDB is not intended for end user, I think you refer to RDB and I hope this is not the case for all LS1043A based board because I use a SoM called MPX-LS1043A2 (Microsys) based on NXP LS1043A processor.

Also, in the NXP documentation we can found that LS1043A is for industrial use also not only development: "This SoC is a purpose-built solution for small-form-factor networking and industrial applications with BOM optimizations for economic low layer PCB, lower cost power supply and single clock design."

Finally, if I understand your answer, we should have designed the SoM so that the POVDD input (TA-PROG-SFP) changes the power supply state with a software way which will allow us to revoke by simple update. So, are you sure there is no other software way to revoke as the fuses are not powered with a 1.8V input to allow blowing?
Thanks

Re: LS1043A SRK REVOCATION

bpe — Fri, 16 Oct 2020 07:28:21 GMT

As I have already explained, there is no way to revoke am SRK without fuse programming,
which in turn requires switching PROG_SFP on and off. That is a chip-level
requirement. As of the third-party development system you mentioned, consult at
it's documentation and/or manufacturer on what features it supports and in what way.

Best Regards,
Platon