帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LS1043A Security Monitor (SecMon) Sample Code

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

LS1043A Security Monitor (SecMon) Sample Code

跳至解决方案
‎01-14-2022 02:15 AM
2,038 次查看
smruthi_ramesh
Contributor II

Hi,

Is there any sample code available to program the Security Monitor (SecMon) that is described in the QorIQ Trust Architecture 2.1 User Guide?

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎01-26-2022 06:30 PM
1,973 次查看
yipingwang
NXP TechSupport
NXP TechSupport

I check and in uboot we have a reference to change the secmon state. Nothing in Linux. You may use it as reference. Here is the reference.

.../u-boot/board/freescale/common/fsl_validate.c

        if (its == 1)

                set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);

        else

                set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);

在原帖中查看解决方案

0 项奖励
回复
5 回复数

跳至解决方案
‎01-26-2022 09:33 PM
1,963 次查看
smruthi_ramesh
Contributor II

Okay thank you very much!

0 项奖励
回复

跳至解决方案
‎01-17-2022 11:48 PM
2,017 次查看
yipingwang
NXP TechSupport
NXP TechSupport

Yes, please refer to the latest LSDK User Guide (e.g. LSDKUG_Rev21.08.pdf)
6.1.1.5 Procedure to run secure boot
and
6.1.1.5.2 Prepare board for Secure boot.

You should start reading section 6.1.1 Secure boot for all security related topics that enabled in the LSDK software for reference.

0 项奖励
回复

跳至解决方案
‎01-17-2022 11:53 PM
2,015 次查看
smruthi_ramesh
Contributor II

Thanks I will go through the section for secure boot.

Besides secure boot, there is a Security monitor state machine (SSM) that runs and changes states according to H/W and S/W failures. Is there any sample code available for that?

0 项奖励
回复

跳至解决方案
‎01-26-2022 06:30 PM
1,974 次查看
yipingwang
NXP TechSupport
NXP TechSupport

I check and in uboot we have a reference to change the secmon state. Nothing in Linux. You may use it as reference. Here is the reference.

.../u-boot/board/freescale/common/fsl_validate.c

        if (its == 1)

                set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);

        else

                set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);

0 项奖励
回复

跳至解决方案
‎01-25-2022 09:47 PM
1,975 次查看
yipingwang
NXP TechSupport
NXP TechSupport

There is no sample code for that. The SECMON is a state machine, it change state based on signals from the HW pins/signal.

The state change diagram is in the QORIQTURST21UG, section 7.2 Security Monitor (SecMon) Figure 7-1. Security Monitor Block Diagram

 

If you want to manually change the state, you can touch the SecMon_HP Command Register (HPCOMR), bit 0, SSM State Transition Transition state of the system security monitor. This self-clearing bit is always read as zero. This command results only in the following transitions of the SSM:

Check State   Non-Secure (when Non-Secure Boot and not in Unsecure Configuration )

Check State --> Trusted (when Secure Boot or in Unsecure Configuration ) Trusted State --> Secure Secure State --> Trusted (if not disabled by SSM_ST_DIS bit) Soft Fail --> Non-Secure (if not disabled by SSM_SFNS_DIS bit)

 

OR

 

bit 8, Software Security Violation

When set, the system security monitor treats this bit as a non-fatal security violation. This security violation has no effect on the LP section. This command results only in the following transitions of the

SSM:

Check -> Non-Secure

Trusted -> Soft Fail

Secure -> Soft Fail

0 项奖励
回复