topic Re: P4080 Secure Boot RTIC Access in P-Series

P4080 Secure Boot RTIC Access

tomsaluzzo — Thu, 17 Dec 2015 13:42:14 GMT

We are using revision 3 of the P4080 on our own board and running our own Bootloader (not u-boot).

I am having an issue when enabling secure boot via setting the SB_EN bit in the RCW. I have implemented the documented secure boot procedure, including burning appropriate fuses, and the Freescale ISBC is successfully validating my Bootloader. (No errors in the SCRATCHRW2 register and the SECMON_HPSR is indicating that the security monitor is in the Trusted state).

My Bootloader code is now trying to validate the public key in the CSF file associated with the next image in the chain-of-trust. It is attempting to do this by computing a hash of the public key using the Run-time integrity checker (RTIC) SHA-256 capability. Specifically, the Bootloader sets the RTIC registers as described in the P4080 Rev. 3 Security (SEC 4.0) Reference Manual.

If I run with an RCW that does not enable secure boot and force the Bootloader through this code, the RTIC correctly computes the hash. However, when I run through
the code when I have enabled secure boot in the RCW the code does not work; the code times out waiting for the Hash Done (HD) bit to come on in the RTIC status
register. I do not see any status error bits being set.

Given that the code works when I do an unsecure boot, is there some additional configuration that my Bootloader needs to do before accessing the RTIC when I have performed a successful secure boot and am in the Trusted state?

Re: P4080 Secure Boot RTIC Access

bpe — Fri, 18 Dec 2015 08:56:56 GMT

RTIC uses DMA. There can be a problem with PAMU, which in secure boot mode blocks all peripheral accesses by default. See P4080RM, Section 10.5.3.1.

Besides that, ISBC transfers control to the application with some LAWs and TLBs set, which may improperly interact with your software settings.

Make sure your software is working with the expected address map. Search u-Boot source code for SECURE_BOOT macro to see how it initializes

the system after ISBC - there is some difference to what is done for non-secure boots.

Have a great day,
Platon

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Re: P4080 Secure Boot RTIC Access

tomsaluzzo — Mon, 21 Dec 2015 15:15:42 GMT

It was the PAMU. I updated our bootloader to put it into Bypass and everything worked. Thanks!