LPC55S69: Secure boot, debug and programming the other fields of CFPA/CMPA

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

LPC55S69: Secure boot, debug and programming the other fields of CFPA/CMPA

ソリューションへジャンプ
3,246件の閲覧回数
trescurieux
Contributor III

Hi

I managed to generate and flash a secure boot 2 capsule, so far so good

But i raised 2 questions :

 

Q1: Other fields  of CMPA/CFPA

---------------------------------------------

There are some parts that are a bit unclear , for example the BOOT_CFG/SPI_CFG/SDIO_CFG fields ?

The SECURE_BOOT_CFG is detailed both in the UM and the secure boot Application note, but i couldnt locate the details of the ones above

Any hint for these would be appreciated.

Q2 Debugging

--------------------

My test App works fine in "plain" mode but crashes pretty quickly in "secure boot" mode. 

TrustZone is NOT enabled, it crashes as soon as FreeRTOS is started. 

By default, debug is not possible with a secure boot firmware. I suppose it's due to the field CC_SOCU_PIN & CC_SOCU_DFLT being both to zero so debug is disabled by default.

Is that the case ?

I tried to enable it (CC_SOCU_PIN=1F 00 00 00 and CC_SOCU_DEFLT=00 00 00 00 in CMPA), but it didnt work and actually sort of bricked the board

 

So the 2nd question :

What is the right way to enable debug over SWD in secure boot mode , when you dont care about securing the debug link ? (that will happen later)

Thank you in advance

Tres

 

 

 

 

ラベル(1)
0 件の賞賛
返信
1 解決策
3,086件の閲覧回数
Alice_Yang
NXP TechSupport
NXP TechSupport

Yes, it can't erase and program, you can also test Attach function to debug.

Alice_Yang_0-1602486268884.png

 

元の投稿で解決策を見る

11 返答(返信)
3,222件の閲覧回数
trescurieux
Contributor III

Hi 

Thank you for your reply,

Q1: It is mentioned in the AN12283 (secure boot) page 8 (it is also mentioned in the LPC55S6x user manual)

They are field No 0 and 1 of CMPA header (offset 0 & 4)

Q2: Unfortunately i cannot get the board to go to ISP mode any longer. I'm afraid i've really bricked it. I bought a few in advance, not a real problem. 

But the question 2 stands : How to enable SWD debug (without authentication) when secure boot is enabled ? So that i can debug why it crashes only when secure boot is enabled ?

 

Thank you in advance

Tres

 

0 件の賞賛
返信
3,211件の閲覧回数
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Tres,

Q1, yes there isn't more description about "SPI_CFG/SDIO_CFG", I think this is a issue in UM, I will 

take a ticket about this, thanks for your sharing.

 

Q2, If  you haven't config the CC_SOCU part, after successful enable secure boot, the debug function can work well. If enable secure boot failed, the debug also can't work. 

0 件の賞賛
返信
3,204件の閲覧回数
trescurieux
Contributor III

Thank you for your reply

This is what i tried

CC_SOCU_PIN= 0x1F 00 00 00

CC_SOCU DEFLT= 00 00 00 00

I though that would enable debug by default on all domains, but it seems that did exactly the opposite.

What would be the value to put in SOCU_PIN & SOCU_DEFAULT to enable all debug by default ?

 

My aim is to do debugging to check why it crashes in secure boot and not in "plain" mode

Thank you in advance

Tres

 

0 件の賞賛
返信
3,179件の閲覧回数
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Tres,

1) "I though that would enable debug by default on all domains,"

-> Yes, do not config "CC_SOCU_PIN/CC_SOCU DEFLT", then every domains can debug.

2) While if enable secure boot failed, no matter how to config , no domains can debug.

About enable secure boot, please strictly fellow up the  

https://www.nxp.com.cn/docs/en/application-note/AN12283.pdf 

 

Regards,

Alice

 

0 件の賞賛
返信
3,150件の閲覧回数
trescurieux
Contributor III

Hi

Thank you for your reply

The secure boot *is* working

The problem is the app is crashing quickly in secure boot mode, and it is  working fine in non secure boot mode

I 'm looking for a way to debug the app in secure boot mode, so that i can check why it crashes and fix it

It's fine if i have to lower the overall security temporarily

Any help would be appreciated

Best Regards

Tres

0 件の賞賛
返信
3,101件の閲覧回数
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello trescurieux,

 

How do you know "The secure boot *is* working" ?

If the secure boot configure well, and program a SB2 file (APP+singed+security), it can work well.

And at this time, also can debug(Do not erase,program, just debug).

 

Regards,

Alice

0 件の賞賛
返信
3,098件の閲覧回数
trescurieux
Contributor III

Hi

Thank you for you reply

Indeed, i will retry and disable erase/program in the debugger, that might be the main issue

Tres

 

0 件の賞賛
返信
3,087件の閲覧回数
Alice_Yang
NXP TechSupport
NXP TechSupport

Yes, it can't erase and program, you can also test Attach function to debug.

Alice_Yang_0-1602486268884.png

 

3,096件の閲覧回数
trescurieux
Contributor III

I know it's working because i have some debug statement in the console

So i know :

* that secure boot is accepting my fw (else it would go to isp mode)

* it's starting to boot (the serial messages)

But it crashes very quickly after that.

My guess is that some things are not initialized properly and the chip configuration is different if you use secure boot or not.

Since it is not re-initialized properly by my app, it crashes

 

(the app is just running freeRTOS and blinking one of the onboard LED)

 

Tres

 

0 件の賞賛
返信
3,072件の閲覧回数
trescurieux
Contributor III

Indeed the "attach to running" method worked

Just need to figure out why it crashes now

Thank you

0 件の賞賛
返信
3,228件の閲覧回数
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello trescurieux,

Q1:  Please tell me  where is "SPI_CFG/SDIO_CFG" you mentioned.

Q2: If you haven't enable"Seal security configuration ", you can try to program a empty file to CMPA

refer to:

Until the CMPA is not sealed (HASH of CMPA written), you can change the configuration. The empty CMPA isattached. Use "blhost -p COMxx write-memory 0x9E400 CMPA_empty.bin". This is not applicable to the LPC55S69 0Asilicon.

 

Regards,

Alice

0 件の賞賛
返信