After writing CMPA with Secureboot enabled and sealed, I cannot write CFPA anymore.
$ blhost -p /dev/ttyPS1 -- write-memory 0x0009DE00 cfpa.bin
Ping responded in 1 attempt(s)
Inject command 'write-memory'
Preparing to send 512 (0x200) bytes to the target.
Response status = 10001 (0x2711) Command disallowed when security is enabled.
Wrote 0 of 512 bytes.
$ blhost -p /dev/ttyPS1 -- get-property 17
Ping responded in 1 attempt(s)
Inject command 'get-property'
Response status = 0 (0x0) Success.
Response word 1 = 3275539260 (0xc33cc33c)
Security State = SECURE
This is really puzzling because I read AN12283 and UM11126 and nothing indicates that sealing CMPA would seal CFPA too. This behavior also does not make sense to me because it would prevent any software updates. I'm not sure about the content of my cfpa.bin but I would expect a more detailed error code like "kStatus_FLASH_CfpaScratchPageInvalid" in that case.
Is this intended or am I missing some detail?
Solved! Go to Solution.
Hello @HenrikK
I'm sorry for the puzzling for you.
I will take a ticket to request add some description about "seal" function.
"Is this intended or am I missing some detail?"
->> And sorry yes, it is intended.
BR
Alice
Hello @HenrikK
I'm sorry for the puzzling for you.
I will take a ticket to request add some description about "seal" function.
"Is this intended or am I missing some detail?"
->> And sorry yes, it is intended.
BR
Alice