I am in the development phase of my application and want to utilize the secure boot process for booting at least up to U-Boot.
I will enable the SB_EN bit in the RCW and rebuild the bl2_emmc.pbl but after I've done that, what else do I need to do in order to boot using the secure boot architecture?
Do I use the code signing tool for the BL2, BL31 and BL33 images when building them and then flash those images onto my board?
Once I've code-signed each image and flashed the images onto the board, what else do I need to do?
The document, LSDKUG_Rev20.12.pdf, alludes to the steps involved but doesn't quite provide the exact "recipe" for successfully booting utilizing the secure boot process when in the development phase.
Thank you
Hello. I have 2 more questions.
That is, what is the spelled out name for the POVDD? I am unable to find the "definition" in the QorIQ or LSDKUG documents.
Also, after writing to the SRKH and OTPMK registers, are they really blown forever? Or....are they "blown" forever ONLY after performing a write of 0x02000000 to the SFP_INGR (address 0x1e80020)?
Thank you
Hi,
To program SFP fuses, the user is required to supply 1.8 V to the TA_PROG_SFP pin per
Power sequencing. TA_PROG_SFP should only be powered for the duration of the fuse
programming cycle, with a per device limit of six fuse programming cycles. All other
times, TA_PROG_SFP should be connected to GND.
There is a mechanism for every board, but I spotted that is not mentioned how does the FRWY-LS1046A enables it, but in the FRWY-LS1046ARM is stated that is controlled with a GPIO.
Connects to the 1x2 PROG_SFP header (J74). The GPIO_FUSE_PROG signal controls the power supply to the TA_PROG_SFP pin of the processor:
• When GPIO_FUSE_PROG is low, power to TA_PROG_SFP pin is 1.8 V (fuse programming enable)
• When GPIO_FUSE_PROG is high, power to TA_PROG_SFP pin is 0 V (fuse programming disable) (default value)
(GPIO 3_24)
A jumper needs to be allocated in J74, GPIO has to clear its value, there is a status led labeled fuse PGR, do you see it in your board?
For the fuses, yes it is permanent, let me ask to a colleague to look for the not permanent option, but blowing SRKH and OTPMK is permanent.
Thank you
Thank you for your response but I am still unsure as to when the fuses are actually blown thus rendering the processor as permanently booting in secure mode.
Please read:
1) What is the spelled out name for the POVDD? I am unable to find the "definition" in the QorIQ or LSDKUG documents.
2) After writing to the SRKH (0x1e80254, 0x1e80258,0x1e8025c,0x1e80260,0x1e80264,0x1e80268,0x1e8026c,0x1e80270) and OTPMK (0x1e80234, 0x1e80238,0x1e8023c,0x1e80240,0x1e80244,0x1e80248,0x1e8024c,0x1e80250) registers, are they really blown forever? Or....are they "blown" forever ONLY after performing a write of 0x02000000 to the SFP_INGR (address 0x1e80020)?
3) Regarding generating the digital signature, it is not clear to me which CST command and options needs to be used in order to automatically generate the digital signature and append the digital signature to the CSF header + image + public keys.
Can the digital signature hash be calculated over the CSF header + image + public key(s) and then appended to these in 1 tool step? Is the correct tool the uni_sign or the gen_sign tool? Please provide an example. I don't need to use the -img_hash option if I am reading the document referenced correctly but please correct me if I am wrong.
Hi,
Excuse me for not being so clear. POVDD's acronym isn't defined and it's an internal voltage signal used in the fuse blowing process, that internal signal is connected to the pin I mentioned, TA_PROG_SFP, that pin in your board is connected to a mechanism controlled by a GPIO and a jumper.
Fuses are blown permanently, both Once Time Programmable Master Key and Super Root Key H, you need to blow (PERMANENTLY) OTPMK and not SRKH during development if and only if you have a JTAG device.
This question was answered in the other comment that had it.
Thank you
Hello. I have another question. That is, I am reading the LSDKUG_Rev21.08.pdf and regarding signature generation it is not clear to me which tool and option(s) need to be used in order to automatically generate and append the RSA signature to the CSF header + image + public keys after they are hashed.
Can the RSA signature hash be calculated over the CSF header + image + public key(s) and then appended to these in 1 tool step? Is the correct tool the uni_sign or the gen_sign tool? Please provide an example. I don't need to use the -img_hash option if I am reading the document referenced correctly but please correct me if I am wrong.
Thank you
Hi,
This is an update from the internal team:
Please refer customer to the LSDK User Guide. e.g. https://docs.nxp.com/bundle/GUID-487B2E69-BB19-42CB-AC38-7EF18C0FE3AE/page/GUID-5D752E12-E63B-48B4-8...
The "-s" option enable secure boot with the image it build.
bld -m ls1046ardb -b sd -s
Customer can review the build log and see how flex-builder compile, sign, and generate the CSF header and how it appended to the individual images.
e.g.
...
#----------------------------------------------------#
#------- -------- -------- -------#
#------- CST (Code Signing Tool) Version 2.0 -------#
#------- -------- -------- -------#
#----------------------------------------------------#
==========================================================
This tool includes software developed by OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
This product includes cryptographic software written by
Eric Young (eay@cryptsoft.com)
==========================================================
Input File is input_files/uni_sign/lx2160/input_bootscript_secure
-----------------------------------------------
- Dumping the Header Fields
-----------------------------------------------
- SRK Information
- SRK Offset : 200
- Number of Keys : 1
- Key Select : 1
- Key List :
- Key1 srk.pub(200)
- UID Information
- UID Flags = 00
- FSL UID = 00000000_00000000
- OEM UID0 = 00000000
- OEM UID1 = 00000000
- OEM UID2 = 00000000
- OEM UID3 = 00000000
- OEM UID4 = 00000000
- FLAGS Information
- MISC Flags = 00
- Image Information
- bootscript (Size = 000003d4 src=00000000_80000000)
- RSA Signature Information
- RSA Offset : 800
- RSA Size : 100
-----------------------------------------------
Image Hash:
43353f77a8b8d60c37adab0be858daf1b107aa802b2fa4bc372f1a072a2c38d4
...
Thank you
Thank you Joseph. That does help.
I've got a general question. That is, what is the OTPMK used for? I don't see a description in the LSDKUG_Rev21.08.pdf that describes why the OTPMK exists and what it is used for during the secure boot process.
Thank you
Hi,
I can describe it as OEM 256-bit programmed by the OEM. Ensures that validated code executes on the device, also give access to device secrets, which are unavailable to non-authentic code.
Stands for One-Time Programmable Master Key, when you program it, it can't be read back.
As you can see, by its name, it's told that it is one time programmable, and the key is widely used in the secure boot signing process and validation process.
Regards
Thank you for the response. However, I still don't understand HOW the OTPMK is used during the secure boot process. For instance, when is the OTPMK read during the secure boot process? Obviously, the OTPMK has to be read by something during the secure boot process in order to ensure that the LS1046AFRWY is being booted in a trusted environment.
Also, what reads the OTPMK?
Thank you
Hi,
Please excuse the brief explanation that I gave to you but the use of OTPMK is a private topic.
I would really appreciate if you open a new technical case off community to answer it, thanks
Regards
I've got another question. That is, from the LSDKUG_Rev21.08 pdf, in the CSF header for both the ISBC and ESBC boot phases of the LS1046A processor, the definition for the RSA Signature offset doesn't make sense. The offset in the CSF header where the RSA Signature offset exists is 0x0c, which is a set offset into the header. However, what "offset" value does the RSA Signature offset itself represent? Is the RSA Signature offset an offset into the image where a private key exists?
Hi,
Yes, RSA offset and RSA length are RSA data used to locate the RSA.
This is needed because RSAs and CSF headers are not stacked up, instead, in the different stacks (i.e. BL2, BL31) the stack has different codes between these two.
Thank you
Hi, general steps are as following.
Update to LSDK21.08,
Set default switches to LS1043 and configure UART_SEL as preferred
Create a new project in CodeWarrior 4NET, import the RCW, set SB_EN and the changes that you need.
Rebuild the project, look for PBI.bin.
Generate keys.
Then blow the fuses as the manual states. Enable POVDD, read hpsr, write to OTPMK and SRKH.
Thank you
Hello,
Thank you for your response. However, I was hoping for more EXACT details. Please provide exact details as to the secure boot process as it relates to the development phase. Does NXP have documentation that describes step by step on how to boot securely using the "SB_EN" development strategy?
Further, if the fuses are "blown" as you mention in your post is that a permanent step? At some time I will need to NOT boot securely during my development stage and will set the SB_EN back to 0 in the RCW.
Please provide details.
Thank you
The presentation attached is the board preparation for secure boot and is the most approached detailed sequence, covers both HW and SW preparation.
And it is not possible, to enable secure boot you need as you said, do a not-reversible steps and you would not be able to do normal boot again.
Thank you!