Steps to perform Secure boot in ls1021a a based design ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Steps to perform Secure boot in ls1021a a based design ?

1,943 Views
dhruvalkumarpat
Contributor III

Hi all , 

I am working on ls1021aiot based design. Its working completely ok and doing what it was designed for. We want to add secure boot feature to our design. As I have no prior experience with secure boot , I would greatly appreciate any pointer to such as where to start with or related document. Have already refereed  to ls1021a reference manual but it seems failrly complex and didn't extract much info from it.  If you have any steps or document which I can refer to please make it available .

Thanks 

Dhruval 

Labels (1)
0 Kudos
Reply
4 Replies

1,392 Views
dhruvalkumarpat
Contributor III

Sorry opening this discussion again. Actually the project for secure boot was on hold for some time and now I am back on it. I have a few few doubts that I thing you guys can help me with. 

1> We have our u-boot , RCW and environment stored in  QSPI based flash. We have eMMC chip on board which is of 4 GB and we have 3 partition on it. Each partition has the same rootfs and custom software in it (update and redundancy purpose). We have our uImage and device tree file stored in emmc while u-boot and rcw stored in QSPI based flash. How to verify uimage nad device tree as they are in separate storage?

2>  Is there a specific input_files for CST tools generated by yocto, specifically for QSPI based development  ? 

0 Kudos
Reply

1,392 Views
addiyi
NXP Employee
NXP Employee

Take a look on this document https://community.nxp.com/docs/DOC-329649 , it could help you.

Adrian

0 Kudos
Reply

1,392 Views
dhruvalkumarpat
Contributor III

While doing a secure boot I came across following errors.

Hit any key to stop autoboot: 0
ERROR :: 800 :: RSA verification failed
## Executing script at 40001000
Bad data crc
Core is entering spin loop.

So I believe that my system is passing the ISBC phase and ESBC phase. But its not able to verify bootscript and hence failed. I am doing following thing into a boot script.


 setenv bdev mmcblk0
setenv bpart 1
setenv baudrate 115200
setenv othbootargs mtdoops.mtddev=MTDoops
setenv loadaddr 80008000
setenv fdtaddr 82800000
setenv bootfile uImage
setenv fdtfile cromwell.dtb
setenv bootargs root=/dev/${bdev}p$bpart rootdelay=5 rw console=$consoledev,$baudrate $othbootargs;
ext2load mmc 0:$bpart $loadaddr /boot/$bootfile
ext2load mmc 0:$bpart $fdtaddr /boot/$fdtfile
esbc_validate 0x40150000
esbc_validate 0x40170000
bootm $loadaddr - $fdtaddr

What could cause this error. I will appreciate any pointer or help .

Thanks in Advance !!!

0 Kudos
Reply

1,392 Views
bpe
NXP Employee
NXP Employee

Refer to this online document:

https://freescale.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK/GUID-65A50152-786D-4579-BA20-A...

and to your chip Reference Manual, Chapter 9

Regards,

Platon

0 Kudos
Reply