TA_PROG_SFP and Key SRKH revocation on LS1046A

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TA_PROG_SFP and Key SRKH revocation on LS1046A

Jump to solution
323 Views
alg1
Contributor I

Hi,

I am using the LS1046A.

I understand how to write the SRKH keys by entering secure fuse programming mode (setting TA_PROG_SFP to 1.8V).

What about the fuse revocation key? When I want to revoke one of the SRKH keys, do I also need to set TA_PROG_SFP to 1.8V in order to blow the fuse corresponding to the key I want to revoke?

I want to add secure boot in my product but the GPIO allowing to enable the TA_PROG_SFP to 1.8V is not designed. I want to be sure it's mandatory to revoke key (impossible to set TA_PROG_SFP to 1.8V manually).

 

Thanks in advance,

 

Alex

0 Kudos
Reply
1 Solution
273 Views
Oswalag
NXP TechSupport
NXP TechSupport

Hello,

-> What about the fuse revocation key? When I want to revoke one of the SRKH keys, do I also need to set TA_PROG_SFP to 1.8V in order to blow the fuse corresponding to the key I want to revoke?

A: it is correct

-> I want to add secure boot in my product but the GPIO allowing to enable the TA_PROG_SFP to 1.8V is not designed. I want to be sure it's mandatory to revoke key (impossible to set TA_PROG_SFP to 1.8V manually).

The best option is to implement an internal board GPIO to allow them to set / clear this signal in order to guarantee the timing for TA_PROG_SFP around reset and power on/off, on the other hand TA_PROG_SFP, aka POVDD, is implemented with a jumper in some of our development platform, e.g. LS1046, LS1043, LS1021, etc. So there is no problem using a jumper.

 

 

Oswalag_0-1718127694288.png

 

View solution in original post

0 Kudos
Reply
1 Reply
274 Views
Oswalag
NXP TechSupport
NXP TechSupport

Hello,

-> What about the fuse revocation key? When I want to revoke one of the SRKH keys, do I also need to set TA_PROG_SFP to 1.8V in order to blow the fuse corresponding to the key I want to revoke?

A: it is correct

-> I want to add secure boot in my product but the GPIO allowing to enable the TA_PROG_SFP to 1.8V is not designed. I want to be sure it's mandatory to revoke key (impossible to set TA_PROG_SFP to 1.8V manually).

The best option is to implement an internal board GPIO to allow them to set / clear this signal in order to guarantee the timing for TA_PROG_SFP around reset and power on/off, on the other hand TA_PROG_SFP, aka POVDD, is implemented with a jumper in some of our development platform, e.g. LS1046, LS1043, LS1021, etc. So there is no problem using a jumper.

 

 

Oswalag_0-1718127694288.png

 

0 Kudos
Reply