LS1043A Security Monitor (SecMon) Sample Code

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LS1043A Security Monitor (SecMon) Sample Code

Jump to solution
2,037 Views
smruthi_ramesh
Contributor II

Hi,

Is there any sample code available to program the Security Monitor (SecMon) that is described in the QorIQ Trust Architecture 2.1 User Guide?

Labels (1)
0 Kudos
Reply
1 Solution
1,972 Views
yipingwang
NXP TechSupport
NXP TechSupport

I check and in uboot we have a reference to change the secmon state. Nothing in Linux. You may use it as reference. Here is the reference.

.../u-boot/board/freescale/common/fsl_validate.c

        if (its == 1)

                set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);

        else

                set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);

View solution in original post

0 Kudos
Reply
5 Replies
1,962 Views
smruthi_ramesh
Contributor II

Okay thank you very much!

0 Kudos
Reply
2,016 Views
yipingwang
NXP TechSupport
NXP TechSupport

Yes, please refer to the latest LSDK User Guide (e.g. LSDKUG_Rev21.08.pdf)
6.1.1.5 Procedure to run secure boot
and
6.1.1.5.2 Prepare board for Secure boot.

You should start reading section 6.1.1 Secure boot for all security related topics that enabled in the LSDK software for reference.

0 Kudos
Reply
2,014 Views
smruthi_ramesh
Contributor II

Thanks I will go through the section for secure boot.

Besides secure boot, there is a Security monitor state machine (SSM) that runs and changes states according to H/W and S/W failures. Is there any sample code available for that?

0 Kudos
Reply
1,973 Views
yipingwang
NXP TechSupport
NXP TechSupport

I check and in uboot we have a reference to change the secmon state. Nothing in Linux. You may use it as reference. Here is the reference.

.../u-boot/board/freescale/common/fsl_validate.c

        if (its == 1)

                set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);

        else

                set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);

0 Kudos
Reply
1,974 Views
yipingwang
NXP TechSupport
NXP TechSupport

There is no sample code for that. The SECMON is a state machine, it change state based on signals from the HW pins/signal.

The state change diagram is in the QORIQTURST21UG, section 7.2 Security Monitor (SecMon) Figure 7-1. Security Monitor Block Diagram

 

If you want to manually change the state, you can touch the SecMon_HP Command Register (HPCOMR), bit 0, SSM State Transition Transition state of the system security monitor. This self-clearing bit is always read as zero. This command results only in the following transitions of the SSM:

Check State   Non-Secure (when Non-Secure Boot and not in Unsecure Configuration )

Check State --> Trusted (when Secure Boot or in Unsecure Configuration ) Trusted State --> Secure Secure State --> Trusted (if not disabled by SSM_ST_DIS bit) Soft Fail --> Non-Secure (if not disabled by SSM_SFNS_DIS bit)

 

OR

 

bit 8, Software Security Violation

When set, the system security monitor treats this bit as a non-fatal security violation. This security violation has no effect on the LP section. This command results only in the following transitions of the

SSM:

Check -> Non-Secure

Trusted -> Soft Fail

Secure -> Soft Fail

0 Kudos
Reply