• Background:
• Issue Description:
• Root cause:
• Impacted Silicon
• Workarounds:
• Using UUU daemon mode:

Background:

The Watchdog Timer (WDOG) module provides a safety feature to ensure that software is executing as planned and that the CPU is not stuck in an infinite loop or executing unintended code.

The i.MX 7ULP includes a secure WDOG (WDOG2) intended to monitor secure world code running on Cortex-A7. The WDOG2 is enabled by default during HW power on and its timeout is configured to 1024 counts.

Since the ROM code is not refreshing or disabling WDOG2, the user software application must disable it within 1024 counts after reset. The WDOG2 counter clock is set to the Low Power Oscillator clock (1Khz) and a timeout occurs in 1 second.

Issue Description:

In HAB closed devices - (SECURITY_CONFIG = 1011b) the SNVS secure state machine (SSM) is set to Trusted state. In the case that the WDOG2 is not disabled on time an SNVS security violation is triggered transitioning the SNVS SSM to Soft Fail state.

When booting via Serial Download Protocol (SDP) the software image must be loaded by the user before the WDOG2 is timing out in 1 second, which is not practical.

The following UUU timeout error is observed when trying to load an image after WDOG2 timeout:

$ sudo ./uuu signed-uboot-sdp.imx
uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.2.135-0-gacaf035
Success 0    Failure 1                                                                                                                    
1:12     1/ 2 [HID(W):LIBUSB_ERROR_TIMEOUT           ] SDP: boot -f "signed-uboot-sdp.imx"  

Root cause:

The SNVS security violation can be confirmed by parsing the HAB persistent memory region after failure:

- Dump HAB persistent region using JTAG, addresses, and sizes are documented in AN12263.
- Parse the HAB persistent region using the hab_log_parser tool available in the latest CST package available.

The following HAB event is observed when trying to load an image in SNVS Soft Fail state:

------------+----+------+----+-------------------------------------------------
Event       |0xdb|0x002c|0x43| SRCE Field: 33 30 ee 1e
            |    |      |    |             STS = HAB_FAILURE (0x33)
            |    |      |    |             RSN = HAB_ENG_FAIL (0x30)
            |    |      |    |             CTX = HAB_CTX_EXIT (0xEE)
            |    |      |    |             ENG = HAB_ENG_SNVS (0x1e)
            |    |      |    | Evt Data (hex):
            |    |      |    |  00 00 00 00 80 00 b3 40 80 00 20 00 00 00 00 20
            |    |      |    |  00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00
            |    |      |    |  00 00 00 00

Please contact your local NXP representative for more details.

Impacted Silicon

• Impacts all current silicon revisions of i.MX 7ULP

Workarounds: 

As WDOG2 cannot be disabled in ROM or fuses users must load an image prior to WDOG2 timeout. 

In case an SNVS security violation still observed after boot please refer to the following document:

[i.MX7ULP] WDOG2 SNVS security violation in a Closed Security Configuration 

 Using UUU daemon mode:

UUU daemon mode can help to quickly load U-Boot through USB SDP, UUU daemon mode is able to detect USB OTG connection and load the image immediately:

1 - Set boot mode pins to SDP mode.
2 - Run UUU in daemon mode. ($ sudo ./uuu -d signed-uboot-sdp.imx)
3 - Reset target

This issue does not compromise the i.MX security.