LS1046AFRWY OTPMK: How is it used?

scottwelsh · ‎04-24-2023

I am wondering how the OTPMK is used during the secure boot process. For instance, when is the OTPMK read during the secure boot process? Obviously, the OTPMK has to be read by something during the secure boot process in order to begin trusted secure boot and ensure that the LS1046AFRWY is being booted in a trusted environment.

Also, what reads the OTPMK?

Thank you

stadium_aquino · ‎04-24-2023

It's not used at all AFAIK. It just has to be programmed.

scottwelsh · ‎04-25-2023

Here are my questions again:

When is the OTPMK read during the secure boot process?

Also, what reads the OTPMK?

I'm just trying to understand what the OTPMK is for. The manuals just state to provision the OTPMK but don't discuss what part of the secure boot reads it and why the OTPMK exists in the first place.

stadium_aquino · ‎04-25-2023

The OTPMK is a secret which can't be read out directly. It (along with the ZMK) can only be used in other crypto functions. It has no role in secure boot. If you're interested in learning about this, NXP has it under NDA in a "Trust Architecture user guide." You can also find this info in version 1 of the LS1046ARM and there are a few copies floating around the internet...

scottwelsh · ‎04-27-2023

Thank you. My company does have an NDA with NXP so I'll look at the Trust Architecture User Guide.

SebastianG · ‎04-27-2023

Hope this post finds you well,

In order to provide the requested information, please create a new ticket using the technical support web located in the following link:

https://support.nxp.com/s/

Also, we will really appreciate that when you create the technical support ticket please share with us your NDA number of file

Best Regards,

Sebastian Grieve

scottwelsh · ‎04-28-2023

Thank you, Sebastian. I had to dig in my notes to find my access to the QorIQ documents and was able to find what I was looking for.