LS1046ARDB RTIC sample code/ steps for configuration

cancel
Showing results for 
Search instead for 
Did you mean: 

LS1046ARDB RTIC sample code/ steps for configuration

Jump to solution
586 Views
Faizanbaig
Contributor III

Hi ,

I am trying to configure RTIC(Run time integrity Checker) on LS1046ARDB board. I did not find any sample C code or steps for its configuration . I need help with steps for RTIC initialization/configuration.

Could anyone help me in doing so?

Thanks,

Faizanbaig Inamdar

Labels (1)
Tags (3)
0 Kudos
1 Solution
506 Views
yipingwang
NXP TechSupport
NXP TechSupport

Yes, customer can check the RTIC status AND the stored hash register.

From the Trust Architecture User Guide.

#####

8.4.1.2 RTIC Hash Registers

Four sets of Hash Registers store the hash values against which the

continuous run-time hashes are compared. These registers can be initially loaded by the RTIC itself, or by software.

At boot time, the RTIC can be used to accelerate software-image verification. The steps below automatically loads the Hash Registers.

. Selecting the hash algorithm (SHA-256 or SHA-512)

. Defining the memory blocks via the RTIC Memory Block Address and Length

registers

. Selecting the correct endianness

. Writing to the RTIC Command Register to initiate a one time hash

If many systems will have the same memory blocks (addresses, lengths, and

binary content), hashing can be done off-line. Trusted software can load the

previously generated hash values into the Hash Registers directly. Note that the

authenticity of the software performing the loading (and the memory blocks hashed) must be first validated

via secure boot digital signature checking. The value of the RTIC's hash

isn't to prove authenticity, it is to detect change vs the binary values authenticated

during secure boot.

 

8.4.1.3 RTIC command, control, and status registers

The command and control registers are used to:

. Select the hashing algorithm (SHA-256 or SHA-512)

. Select endianess

. "Throttle" the RTIC

. user determines how aggressively the RTIC performs its scanning to avoid

consuming excessive memory bandwidth

. Set the RTIC time out interval

. The RTIC must complete all configured hash comparisons before timer

expiration, else a security violation is triggered

. Specify which memory blocks to hash (one time and continuously)

. Enable/Disable/Clear interrupts

. Initiate one time or continuous hashing (putting the RTIC into runtime

mode)

A status register in the RTIC indicates the current state of the controller,

which includes:

. Interrupt status

. Processing status

. Error status

#####

 

The more information and detail of the RTIC registers, please refers to the

Trust Architecture User Guide.

View solution in original post

0 Kudos
6 Replies
580 Views
yipingwang
NXP TechSupport
NXP TechSupport

The RTIC is documented in the LS1046ASECRM.pdf, which can be download from

the nxp.com. Please refers to

Chapter 12 Trust Architecture modules

12.1 Run-time integrity checker

(RTIC)......................................................................

.......................................................651

12.1.1 RTIC modes of

operation...................................................................

........................................................651

12.1.2 RTIC initialization and

operation...................................................................

........................................... 651

12.1.3 RTIC use of the Throttle

Register....................................................................

..........................................652

12.1.4 RTIC use of command, configuration, and status

registers...................................................................

.... 652

12.1.5 Initializing

RTIC........................................................................

................................................................ 653

12.1.6 RTIC Memory Block Address/Length

Registers...................................................................

....................653

 

There are no C level source code samples for it. To run a demo, customer can

touch the registers to enable it. Here are the sample procedures in uboot

with registers level configuration.

#####

Run time integrity checker (RTIC) is a hardware feature that checks the

integrity of the operating environment. You can use RTIC to monitor binary

images, set it up as a static data area, or administrative database that are

constant in nature. As soon as RTIC detects any modification in the memory

regions it monitors, you can either send an interpretation to the host for

post processing, or change the security state of the SoC to lockout

cryptographic key(s) access to protect sensitive date.

 

Below is a register level prototype to enable RTIC to monitor a pre-defined

memory region.

=> mw.l a0000000 11112222 100  <-# init RAM address

=> md 0x1760000 4        <-display RTIC status

01760000: 00000000 00000400 00000000 00000000    ................

=> mw.l 0x176001c 0xff000000     <- # set RTIC Throttle (RTHR)

=> mw.l 0x176002c 0xffff0000       <- # set RTIC Watchdog Timer (RWDOG)

=> mw.l 0x1760104 000000a0       <- # set RTIC monitor address (RMAA)

=> mw.l 0x176010c 00010000        <- # set RTIC monitor length (RMAL)

=> mw.l 0x1760014 10010000       <- Enable and unlock run time memory (RCTL)

=> mw.l 0x176000c 02000000        <- Hash block A once (RMAL)

=> mw.l 0x176000c 04000000        <- Enable Run Time Check (RMAL)

=> md 0x1760000; md 0x1760000 <- display RTIC Status (RSTA)

01760000: 00000000 01000004 00000000 00000000    ................

01760000: 00000000 01000a04 00000000 00000000    ................

01 = RTIC Busy, 02 = Hash Once Operation Completed. 04=sec violation

00 = no address error for all four blocks

0a = RTD, RTIC is in Run Time mode, All blocks hashed (ABH)

04 = run time state, 02 Single Hash State, 06 = Error State

When the RTIC monitored memory region is modified, the SECMON changes the

state to non-secure and locks out black key access for further cryptographic

operations.

=> md 0x1760000; echo; md 01e90000;

01760000: 00000000 01000004 00000000 00000000    ................

01760010: 00000000 10110000 00000000 ff000000    ................

 

01e90000: 00000000 00000000 00000000 00000000    ................

01e90010: 00000000 00ad0080 00000000 00000000    ................  <-

Trusted state, OTPMK programmed

=> mw.l a0000000 01234567                  <- modify any area monitored

by RTIC block A

=> md 0x1760000; echo; md 01e90000;                <- take few cycles for RTIC

to update state!

01760000: 00000000 14000206 00000000 00000000    ................

01760010: 00000000 10100000 00000000 ff000000    ................

 

01e90000: 00000000 00000000 00000000 00000000    ................

01e90010: 00000000 00a30088 01000000 00000000    ................ <- HPSR:

SSM = Soft fail.OTPMK=0

Recall for the SecMon_HP Status register (HPSR), 0x88 means both OPTMK and

ZMK, and 0x03 means that the security monitor is in a soft fail state.

#####

0 Kudos
554 Views
Faizanbaig
Contributor III

Thanks for the response.
Section 12.1.2 of LS1046ASECRM.pdf talks about signed code hash value, what does this mean? Do we need to manually hash required memory region(Say 0x40110000 , Size: 0x10) , then sign it and then load into RTIC hash register or is there other way ? How does RTIC do the comparison?

Any suggestions would be appreciated.

Thanks in advance

0 Kudos
541 Views
yipingwang
NXP TechSupport
NXP TechSupport

12.1.2 RTIC initialization and operation and section (or 12.1 Run-time

integrity checker (RTIC)) is just an overview what can one do with it.

 

RTIC is part of Trust Architecture modules and registers level of details

are in the Trust Arcitecture User Guide section 8.4 RTIC initialization and

operation, which is a NDA document that customer needs to request access to.

One cannot take full advantages of RTIC unless Secure Boot is enabled. That

is why the detail is documented in the QorIQ Trust Architecture User Guide.

 

As described in Table 12-1. RTIC modes of operation, customer needs to

execute the "One-time hash mode" once, then the RTIC module will

periodically run the "Continuous hash mode" to compare the result with

"One-time hash mode". If it match, no violation. If the hash does not match,

that means the memory block is modified and alert will send to the Secure

Boot Monitor Satate machine to take appropriate actions. The "the signed

code hash value" is refers to the "One-time hash mode".

0 Kudos
518 Views
Faizanbaig
Contributor III

Thank You.

One more help needed Is there a way of checking stored hash value  after enabling Secure boot ? I have configured  RTIC by following above steps  as mentioned  by you, I am not able to see any hash value in the hash registers. It shows all zeros. 

Any help would be appreciated.

 

0 Kudos
507 Views
yipingwang
NXP TechSupport
NXP TechSupport

Yes, customer can check the RTIC status AND the stored hash register.

From the Trust Architecture User Guide.

#####

8.4.1.2 RTIC Hash Registers

Four sets of Hash Registers store the hash values against which the

continuous run-time hashes are compared. These registers can be initially loaded by the RTIC itself, or by software.

At boot time, the RTIC can be used to accelerate software-image verification. The steps below automatically loads the Hash Registers.

. Selecting the hash algorithm (SHA-256 or SHA-512)

. Defining the memory blocks via the RTIC Memory Block Address and Length

registers

. Selecting the correct endianness

. Writing to the RTIC Command Register to initiate a one time hash

If many systems will have the same memory blocks (addresses, lengths, and

binary content), hashing can be done off-line. Trusted software can load the

previously generated hash values into the Hash Registers directly. Note that the

authenticity of the software performing the loading (and the memory blocks hashed) must be first validated

via secure boot digital signature checking. The value of the RTIC's hash

isn't to prove authenticity, it is to detect change vs the binary values authenticated

during secure boot.

 

8.4.1.3 RTIC command, control, and status registers

The command and control registers are used to:

. Select the hashing algorithm (SHA-256 or SHA-512)

. Select endianess

. "Throttle" the RTIC

. user determines how aggressively the RTIC performs its scanning to avoid

consuming excessive memory bandwidth

. Set the RTIC time out interval

. The RTIC must complete all configured hash comparisons before timer

expiration, else a security violation is triggered

. Specify which memory blocks to hash (one time and continuously)

. Enable/Disable/Clear interrupts

. Initiate one time or continuous hashing (putting the RTIC into runtime

mode)

A status register in the RTIC indicates the current state of the controller,

which includes:

. Interrupt status

. Processing status

. Error status

#####

 

The more information and detail of the RTIC registers, please refers to the

Trust Architecture User Guide.

0 Kudos
489 Views
Faizanbaig
Contributor III

 

=> mw.l 0x176001c 0xff000000     <- # set RTIC Throttle (RTHR)

=> mw.l 0x176002c 0xffff0000       <- # set RTIC Watchdog Timer (RWDOG)

=> mw.l 0x1760104 000000a0       <- # set RTIC monitor address (RMAA)

=> mw.l 0x176010c 00010000        <- # set RTIC monitor length (RMAL)

=> mw.l 0x1760014 10010000       <- Enable and unlock run time memory (RCTL)

=> mw.l 0x176000c 02000000        <- Hash block A once (RMAL)

=> mw.l 0x176000c 04000000        <- Enable Run Time Check (RMAL)

=> md 0x1760000; md 0x1760000 <- display RTIC Status (RSTA)

I followed above steps and referred Trust 2.1 Document as well, But The status register and Hash registers are still showing a zero value.

Are there Any additional steps that need to be followed because the Trust2.1 document is not very descriptive .

Thanks.

0 Kudos