FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LS1046ARDB - Security Fuse Processor Endianess

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LS1046ARDB - Security Fuse Processor Endianess

‎10-21-2019 11:58 PM
1,753 Views
rashmitharamesh
Contributor III

Hi,

Question 1:

As per LS1046ARM_Reference_Manual, Pg 147

1E8_0000 - 1E8_FFFF -------> Security fuse processor (SFP) ----> Big-endian  (byte swapping required)

But as per yipingwang‌ in  https://community.nxp.com/thread/515242

SRKH Register is Little Endian on Layerscape Platform.

Kindly clarify how should the write operations to SRKH Mirror registers be addressed.

And what is the endian-ness of OTPMK Mirror Registers?

Question 2:

If my CST Output SRK Hash is as below

SRKHR_0 = 0x1AB45D78 

SRKHR_1 = 0x47264925 

. . ..

SRKHR_7 = 0x923DF25B

And my debugger is Lauterbach, should the write instructions over the AXI bus be as follows?

B::Data.Set EZAXI:0x01E80254 %BE %Long 0x1AB45D78
B::Data.Set EZAXI:0x01E80258 %BE %Long 0x47264925 

...

B::Data.Set EZAXI:0x01E80270 %BE %Long 0x923DF25B 

Question 3:   What is the endian-ness of OTPMK Mirror Registers?

If my CST Output OTPMK Hash is as below

OTPMK0 = 0x1AB45D78 

OTPMK1 = 0x47264925 

. . ..

OTPMK7 = 0x923DF25B

And my debugger is Lauterbach, should the write instructions over the AXI bus be as follows?

B::Data.Set EZAXI:0x01E80234 %BE %Long 0x1AB45D78
B::Data.Set EZAXI:0x01E80238 %BE %Long 0x47264925 

...

B::Data.Set EZAXI:0x01E80250 %BE %Long 0x923DF25B 

Thanks & Regards,

Rashmitha

chitra.amzarewale@utas.utc.com

shivesh.sood@collins.com

Labels (1)
Labels
0 Kudos
Reply
5 Replies

‎10-22-2019 11:43 PM
1,452 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please refer to the following example in CCS:

Generated by CCS tool:

OTPMK[255:0] is:
1a4721b1d5371cf735e6975844932d9ce2f460b7aa7816a774e2aba90adca9a2
NAME | BITS | VALUE
_________|______________|____________
OTPMKR 0 | 255-224 | 1a4721b1
OTPMKR 1 | 223-192 | d5371cf7
OTPMKR 2 | 191-160 | 35e69758
OTPMKR 3 | 159-128 | 44932d9c
OTPMKR 4 | 127- 96 | e2f460b7
OTPMKR 5 | 95- 64 | aa7816a7
OTPMKR 6 | 63- 32 | 74e2aba9
OTPMKR 7 | 31- 0 | 0adca9a2

% config cc cwtap:10.81.116.21
% ccs::config_server 0 10000
% ccs::config_chain {ls1043a dap sap2}
% display ccs::get_config_chain

...

Chain Position 32: DAP
Chain Position 33: SAP2

Write OTPMK to mirror registers.
ccs::write_mem 32 0x1e80234 4 0 0x1a4721b1
ccs::write_mem 32 0x1e80238 4 0 0xd5371cf7

ccs::write_mem 32 0x1e8023c 4 0 0x35e69758
ccs::write_mem 32 0x1e80240 4 0 0x44932d9c
ccs::write_mem 32 0x1e80244 4 0 0xe2f460b7
ccs::write_mem 32 0x1e80248 4 0 0xaa7816a7
ccs::write_mem 32 0x1e8024c 4 0 0x74e2aba9
ccs::write_mem 32 0x1e80250 4 0 0x0adca9a2

Generated by CCS tool:

SRK (Public Key) Hash:
83bba1f03e1ce1d336490b5e4b1071f6c8021c72976408e5084e988ce4c1d93a
SFP SRKHR0 = 83bba1f0
SFP SRKHR1 = 3e1ce1d3
SFP SRKHR2 = 36490b5e
SFP SRKHR3 = 4b1071f6
SFP SRKHR4 = c8021c72
SFP SRKHR5 = 976408e5
SFP SRKHR6 = 084e988c
SFP SRKHR7 = e4c1d93a

ccs::write_mem 32 0x1e80254 4 0 0x83bba1f0
ccs::write_mem 32 0x1e80258 4 0 0x3e1ce1d3
ccs::write_mem 32 0x1e8025c 4 0 0x36490b5e
ccs::write_mem 32 0x1e80260 4 0 0x4b1071f6
ccs::write_mem 32 0x1e80264 4 0 0xc8021c72
ccs::write_mem 32 0x1e80268 4 0 0x976408e5
ccs::write_mem 32 0x1e8026c 4 0 0x084e988c
ccs::write_mem 32 0x1e80270 4 0 0xe4c1d93a
Release core 0 from boot hold off mode.
ccs::write_mem 32 0x1ee00e4 4 0 0x00000001

0 Kudos
Reply

‎10-23-2019 12:53 AM
1,452 Views
rashmitharamesh
Contributor III

Thanks yipingwang

Question 1. Could you provide the link for CCS Commands manual?

I am trying to translate CCS commands to Lauterbach commands 

ccs::write_mem 32 0x1ee00e4 4 0 0x00000001  ===>What does 4 0 indicate in these commands?

==========================================================================================

Question 2. What is the endian-ness of OTPMK Mirror Registers? (I know SRKH is LE)

===========================================================================================

In AN5227, all the commands in 3.2. Programming One Time Programmable Master Key (OTPMK) explicitly use -s (indicating Little endian) 

Whereas in 3.3. Programming Super Root Key Hash (SRKH) there is a note which says

Write SRKH fuse values into mirror registers. These values must be swapped before writing the
SRKH mirror registers. Because the Debugger Shell write operation is done via core, and the
core access is little-endian; therefore, using the -s option is no longer required.

Question 3. Why is there a difference regarding usage of -s option while writing to SRKH and OTPMK?

===========================================================================================

Write SRKH fuse values into mirror registers. These values must be swapped before writing the
SRKH mirror registers. Because the Debugger Shell write operation is done via core, and the
core access is little-endian; therefore, using the -s option is no longer required.

I do not see any values swap happening in commands. 

Value written in < ccs::write_mem 32 0x1e80254 4 0 0x83bba1f0 > is same as the generated hash string.

Question 4. Where should the values be swapped?

===========================================================================================

  

Thanks

Rashmitha

0 Kudos
Reply

‎10-24-2019 02:53 AM
1,452 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Rashmitha Ramesh Nair,

CCS command ccs::write_mem args is explained as the following.

"ccs::write_mem chain_pos address size space data_list"

OTPMK and SRKH generated by CCS tool can be used directly, no need to do swapping.

You could refer to section "3. Deploy Secure Boot Images to the Target and Write SRKH Mirror Register" in https://community.nxp.com/docs/DOC-332248 

Thanks,

Yiping

0 Kudos
Reply

‎10-24-2019 07:14 PM
1,452 Views
rashmitharamesh
Contributor III

Hi yipingwang

Thank you for the CCS command explanation that was helpful.

I am not generating OTPMK and SRKH using CCS Tool . I am generating them using Code Signing Tool(CST) in QorIQ SDK with ./gen_keys and ./gen_otpmk_drbg commands.

==> Question: Can the keys generated using Code Signing Tool(CST) be used directly without swapping?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

==>Request you to answer Question 2 and 3 in my previous reply.

Question 2. What is the endian-ness of OTPMK Mirror Registers? (I know SRKH is LE)

Question 3. Why is there a difference regarding usage of -s option while writing to SRKH and OTPMK?

------------------------------------------------------------------------------------------------------------------------------------------------------------

==>Since my debugger is Lauterbach, I am unable to follow  

Setting up Secure Boot on PBL Based Platforms in Prototype Stage completely.

I have found an NXP Trace32 Manual (https://www.nxp.com/docs/en/user-guide/LAUTERBACHTRACE32UG.pdf ).

Question: Is there any other document by NXP w.r.t. Lauterbach Trace32 for Secure Boot on PBL Based platforms Prototype stage?

------------------------------------------------------------------------------------------------------------------------------------------------------------

Regards,

Rashmitha

0 Kudos
Reply

‎10-29-2019 02:56 AM
1,452 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Rashmitha,

You could use keys generated using Code Signing Tool(CST) directly without swapping, please use chain_pos as 32 to write mirror registers, no need consider about endian-ness.

Thanks,

Yiping

0 Kudos
Reply