LS1012A-FRWY doesn't start after programming secure u-boot

settea · ‎07-22-2021

Hi all,

I am working on the FS1012A-FRWY EVB. I am able to build all images. I update u-boot, linux and rootfs, so everything was correct.

I tried the secure u-boot, and I loaded it at u-boot prompt via the following commands:

=>tftp $load_addr firmware_ls1012afrwy_512mb_uboot_qspiboot_secure.img
=>sf probe 0:0
=>sf erase 0 +$filesize && sf write $load_addr 0 $filesize

After the "=>reset" I cannot see nothing on the console, any suggestion?

I'm mainly using the following documentation:

LSDKUG_Rev20.12

Thanks in advance.

yipingwang · ‎07-22-2021

Please refer to the following procedure to execute secure boot.

First you need to write OTPMK to fuse array under u-boot.

Write OTPMK fuse values on shadow registers

mw.l 1e80234 a29a0b2c

mw.l 1e80238 2c8cd201

mw.l 1e8023c 84027ca8

mw.l 1e80240 8e13c7b9

mw.l 1e80244 a0b9d347

mw.l 1e80248 50ef2622

mw.l 1e8024c 98a92efd

mw.l 1e80250 ed53d1c3

Check OTPMK_ZERO and OTPMK_SYNDROME as 0 in SecMon_HP Status Register

md 1e90014

80000900

Check SFP_SVHESR no parity error.

md 1e80024

00000000

Permanently write OTPMK from the mirror registers into the fuse array

mw 1e80020 0x02000000

After program secure boot image on the custom board, you need to reset the target board, connect CodeWarrior CCS to the target board to program SRKH mirror registers in CodeWarrior CCS environment

ccs::config_server 0 10000

ccs::config_chain {ls1043a dap sap2}

display ccs::get_config_chain
#Check Initial SNVS State and Value in SCRATCH Registers
ccs::display_mem <dap position> 0x1e90014 4 0 4
ccs::display_mem <dap position> 0x1ee0200 4 0 4
#Wrie the SRK Hash Value in Mirror Registers
ccs::write_mem <dap position> 0x1e80254 4 0 <SRKH1>
ccs::write_mem <dap position> 0x1e80258 4 0 <SRKH2>
ccs::write_mem <dap position> 0x1e8025c 4 0 <SRKH3>
ccs::write_mem <dap position> 0x1e80260 4 0 <SRKH4>
ccs::write_mem <dap position> 0x1e80264 4 0 <SRKH5>
ccs::write_mem <dap position> 0x1e80268 4 0 <SRKH6>
ccs::write_mem <dap position> 0x1e8026c 4 0 <SRKH7>
ccs::write_mem <dap position> 0x1e80270 4 0 <SRKH8>
#Get the Core Out of Boot Hold-Off
ccs::write_mem <dap position> 0x1ee00e4 4 0 0x00000001

Please refer to "3. Deploy Secure Boot Images to the Target and Write SRKH Mirror Register" section in https://community.nxp.com/t5/Qonverge-Knowledge-Base/Setting-up-Secure-Boot-on-PBL-Based-Platforms-i... for details.

Please refer to "6.1.1.5 Procedure to run secure boot" in LSDK 20.12 user manual.

settea · ‎07-22-2021

I answer to my self:

in the "Layerscape Software Development Kit User Guide, Rev. 20.12, 30 June 2021" at page 55/1348 is reported (3.5 Fixed, Open and closed issues):
| ID | Desccription | Disposition | Opened in | Fixed in |
| QSDK-6529 | On LS1012A RDB and FRWY, RSA verification fails in secure boot. | Fixed | LSDK 20.04 | LSDK 20.12 |

It doesn't seem so!

settea · ‎07-22-2021

Hi Yipingwang,

Thanks for your suggestions.

I stil have some doubts concerning your proposal, you wrote:

"

Please refer to the following procedure to execute secure boot.

First you need to write OTPMK to fuse array under u-boot.

Write OTPMK fuse values on shadow registers

mw.l 1e80234 a29a0b2c

mw.l 1e80238 2c8cd201

mw.l 1e8023c 84027ca8

mw.l 1e80240 8e13c7b9

mw.l 1e80244 a0b9d347

mw.l 1e80248 50ef2622

mw.l 1e8024c 98a92efd

mw.l 1e80250 ed53d1c3"

But i don't have a u-boot prompt "=>"

I am able to have /dev/ttyACM0 on my Linux PC, but no prompt!

I programmed the secure boot in the following way:

=>tftp $load_addr firmware_ls1012afrwy_512mb_uboot_qspiboot_secure.img
=>sf probe 0:0
=>sf erase 0 +$filesize && sf write $load_addr 0 $filesize

so this is not the right procedure, isn't it?

Anyway, I could recover from this situation?

Thanks in advance

yipingwang · ‎07-23-2021

The procedure deploying image is correct.

You could use CodeWarrior CCS to connect to your target board to program OTPMK and SRKH.

Please refer to "a. Blow OTPMK with CCS" in

"3. Deploy Secure Boot Images to the Target and Write SRKH Mirror Register" section in https://community.nxp.com/t5/Qonverge-Knowledge-Base/Setting-up-Secure-Boot-on-PBL-Based-Platforms-i... for details.

settea · ‎07-23-2021

Thanks yipingwang,

Just to be sure: I am building code for LS1012A-FRWY with flex-builder. To have the u-boot images (non secure and secure) I user the following command:

$ flex-builder -m ls1012afrwy # automatically build all firmware, linux, apps components and LSDK rootfs for ls1012afrwy

is this correct?

I only downloaded the code from www.nxp.com and built it, no code or other modification, therefore you proposal solution should work, isn't it?

Thanks

yipingwang · ‎07-26-2021

Please run the following command

$ flex-builder -i mkfw -b qspi -m ls1012afrwy -s

In the console log, you will get "SRK (Public Key) Hash" used to verify secure boot image in flexbuild_lsdk2012/build/images/firmware_ls1012afrwy_512mb_uboot_qspiboot_secure.img

settea · ‎07-26-2021

Thanks,

I am building the executable as you suggested. I one question:
I already loaded the board as mentioned before, the values are the same I have now, is it correct?
Thanks

yipingwang · ‎07-26-2021

Yes

LS1012A-FRWY doesn't start after programming secure u-boot

LS1012A-FRWY doesn't start after programming secure u-boot

QorIQ LS1 Devices