Request for Clarification on OTP and Secure Boot Configuration for LS1046A

gkrishna

Hi,

We are currently implementing secure boot with the new TFA bootflow and U-Boot 2025 on our custom LS1046A platform. While working on hashing the OTP and SRKH keys, we encountered an issue related to the OTP status registers.

After writing the OTP keys (not yet fused), we observed the following:

OTP Status Register (0x1E90014): Value reads as 0x88002B00 initially, and after writing the OTP values (not fused yet), it changes to 0x80002B00.
The PE error is not shown, but the SYNDROME bit remains set (1) instead of zero.
According to one of the reference documents, the expected value should be 0x80000900, where the middle bits should be zero. However, we never get this expected value after writing the OTP keys.
Secret Value Hashing Register (0x1E80024): Shows 0x00000000, which seems correct.
Scratch Register for OTPMK (0x1EE0204): Also shows 0x00000000, which appears proper.

Our main concern is whether the value 0x80002B00 in the SecMon HP Status Register (0x1E90014) is valid and safe to proceed with fusing. We already lost one board during this process, so we would like to confirm before proceeding further.

Could you please confirm if this value is acceptable for fusing, and share any official documentation or guidance that clearly explains the expected values and behavior of the SecMon status and SYNDROME bits during OTP programming?

Thank you very much for your support.

regards,

Gopi Krishna M

LFGP

dear @gkrishna,
If you will need documentation about Security, you need to open a new private case, not in the community area please.

View solution in original post

gkrishna

Thank You, Everything working fine now.

gkrishna

Thanks Kenil and LFGP, Its not about documents, Its all about Sec_mon register(0x1E90014)) status, After writing OTP, without fuse that register shows 0x80002900, and then in another device it shows 0x80002B00, but in one of the document everywhere it shows these three digit should be 0 like 0x80000900, But I didn't see that in any devices even after writing those keys, so what I am asking what those bits refers, I dont see that in any of the document. Please provide the link that will be helpful, All other registers showing proper values only this Sec Mon status registers showing irregular values. Please clarify me.

Thanks,

Gopi krishna M

LFGP

dear @gkrishna,
If you will need documentation about Security, you need to open a new private case, not in the community area please.

kenli

I have experience with secure boot on LX2 and would like to share some insights. Although LS1046A uses the TA2.1 IP, the flow should be similar:

The OTPMK must be fused into the fuse array and must satisfy the Hamming-code check. Details are in the LSDK UG or LLDP UG.“Blowing of OTPMK is essential to run secure boot for both Production and Development
phases.”
SRKH can be left in the mirror registers—no need to blow fuses for early secure-boot verification.
When you finally program OTPMK/SRKH, pay attention to the endianness difference between U-Boot and JTAG/ccs; this is critical.
Register offset 0x1E8_0024 shows whether OTPMK is valid.
If OTPMK fails, the error is reported at 0x1E90018.
The minimum Hamming weight for OTPMK is 0xF. Generate candidates with gen_otpmk_drbg so you know exactly what was written. OTPMK cannot be read back, but keeping a record of the value and fuse offset is vital—fuses can be incrementally repaired if a write goes wrong.

Best regards

LFGP

dear @kenli

thanks for your help

gkrishna

Hi To make it simple,

The fresh board should show

md 1e90014
88 000 900

but my fresh board always shows

md 1e90014
88 002 B00

please explain this, this should not show like this as per the document, what shall I do.. Please give some insight, whether this is a valid value?

Thanks

kenli

The document uses LX2160 as an example—refer to it as needed. The attachment provides a complete guide flow for LX2160.

For specific bit meanings, please submit a ticket or contact sales.

Do you have a completely unfused development board? Compare it with an OTPMK-fused board. If you can provide detailed log files, I can help analyze them.

Best regards