Hi, I'm trying to achieve secure boot on a ls1021atwr board. Right now I'm using the sdcard_ifc u-boot target.
My current RCW are set to non secure boot, and PBI commands copy u-boot's SPL on the OCRAM at address 0x10000000.
(Please, correct me if I'm wrong). If I enable RCW.SB_EN, the PBL will read SCRATCHR1 address, and read a word to see if this is a valid CSF header. If this is the case, it will proceed to secure boot checking. So I guess I need to prepend my CSF header to u-boot's SPL so that my PBI correctly copies CSF+SPL into OCRAM at address 0x10000000. Therefore, SPL is now at address 0x10000a00 and I should patch that in include/configs/ls1021atwr.h
My question is the following: in the CSF script, should I set ENTRY_POINT to 0x10000000 and the PBL will jump to 0x10000000 + size of CSF on its own, or do I have to set ENTRY_POINT to 0x1000a00 ?
Best,
Vincent
There is some confusion in this post. SCRATCHRW1 register (there is no SCRATCHR) is read by ISBC, not PBL. PBL
is required to set this register to the start of CSF. ISBC in turn reads SCRATCHRW1 and SCRATCHRW3 in order to locate CSF, interpret it, locate and validate the ESBC binary. ENTRY_POINT keyword and the corresponding CSF offset 0x1c is the address where the execution transfers if the image validation is successful. Details can be found in the SDK online documentation:
Have a great day,
Platon
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
bpe Thank you for clarifying the distinction between PBL and ISBC. However, I'm a bit confused by the third link in the SDK you linked: then ENTRY_POINT and the IMAGE_1 SRC_ADDR are not the same. So once Validation is correct, the execution will jump to the address stored in ENTRY_POINT (are their some alignment constraint ?), not in the SRC_ADDR of the first image ?
If I understand correctly:
- PBL sets SCRATCHRW1 to the address of the CSF
- ISBC gets the CSF from SCRATCHRW1
- ISBC gets ESBC binary by reading IMAGE_n SRC_ADDR and tries to validate its signature
- if the validation is successful, ISBC transfers the execution to ENTRY_POINT
Am I right ?
Best,
Vincent