ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LS1043A Security Monitor (SecMon) Sample Code

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

LS1043A Security Monitor (SecMon) Sample Code

ソリューションへジャンプ
‎01-14-2022 02:15 AM
1,652件の閲覧回数
smruthi_ramesh
Contributor II

Hi,

Is there any sample code available to program the Security Monitor (SecMon) that is described in the QorIQ Trust Architecture 2.1 User Guide?

ラベル(1)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎01-26-2022 06:30 PM
1,587件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

I check and in uboot we have a reference to change the secmon state. Nothing in Linux. You may use it as reference. Here is the reference.

.../u-boot/board/freescale/common/fsl_validate.c

        if (its == 1)

                set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);

        else

                set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);

元の投稿で解決策を見る

0 件の賞賛
返信
5 返答(返信)

ソリューションへジャンプ
‎01-26-2022 09:33 PM
1,577件の閲覧回数
smruthi_ramesh
Contributor II

Okay thank you very much!

0 件の賞賛
返信

ソリューションへジャンプ
‎01-17-2022 11:48 PM
1,631件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

Yes, please refer to the latest LSDK User Guide (e.g. LSDKUG_Rev21.08.pdf)
6.1.1.5 Procedure to run secure boot
and
6.1.1.5.2 Prepare board for Secure boot.

You should start reading section 6.1.1 Secure boot for all security related topics that enabled in the LSDK software for reference.

0 件の賞賛
返信

ソリューションへジャンプ
‎01-17-2022 11:53 PM
1,629件の閲覧回数
smruthi_ramesh
Contributor II

Thanks I will go through the section for secure boot.

Besides secure boot, there is a Security monitor state machine (SSM) that runs and changes states according to H/W and S/W failures. Is there any sample code available for that?

0 件の賞賛
返信

ソリューションへジャンプ
‎01-26-2022 06:30 PM
1,588件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

I check and in uboot we have a reference to change the secmon state. Nothing in Linux. You may use it as reference. Here is the reference.

.../u-boot/board/freescale/common/fsl_validate.c

        if (its == 1)

                set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);

        else

                set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);

0 件の賞賛
返信

ソリューションへジャンプ
‎01-25-2022 09:47 PM
1,589件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

There is no sample code for that. The SECMON is a state machine, it change state based on signals from the HW pins/signal.

The state change diagram is in the QORIQTURST21UG, section 7.2 Security Monitor (SecMon) Figure 7-1. Security Monitor Block Diagram

 

If you want to manually change the state, you can touch the SecMon_HP Command Register (HPCOMR), bit 0, SSM State Transition Transition state of the system security monitor. This self-clearing bit is always read as zero. This command results only in the following transitions of the SSM:

Check State   Non-Secure (when Non-Secure Boot and not in Unsecure Configuration )

Check State --> Trusted (when Secure Boot or in Unsecure Configuration ) Trusted State --> Secure Secure State --> Trusted (if not disabled by SSM_ST_DIS bit) Soft Fail --> Non-Secure (if not disabled by SSM_SFNS_DIS bit)

 

OR

 

bit 8, Software Security Violation

When set, the system security monitor treats this bit as a non-fatal security violation. This security violation has no effect on the LP section. This command results only in the following transitions of the

SSM:

Check -> Non-Secure

Trusted -> Soft Fail

Secure -> Soft Fail

0 件の賞賛
返信