- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- QorIQ Processing Platforms
- :
- Layerscape
- :
- Testing SecureBoot without blowing fueses on LS1028a
Testing SecureBoot without blowing fueses on LS1028a
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Testing SecureBoot without blowing fueses on LS1028a
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I've got a question regarding on how to test SecureBoot procedure on LS1028A without CodeWarrior and debugger and also without blowning fuses (except for the OTPMK).
Suppose I would like to do the following:
- boot the board
- stop in u-boot
- write OTPMK and fuse it
- write SRKHR mirror registers from u-boot
- set SB_EN in RCW
- reset the board
Is it possible to do a reset (how?) that would allow to retain the values of SRKHR mirror registers without blowing them into fueses persistently, so that the whole SecureBoot procedure will be executed?
I do not have access to CodeWarrior nor to debugger yet, but I need to somehow test te procedure.
yipingwang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is impossible to write SRKHR mirror registers from u-boot to do secure boot, because after reset SRKHR mirror registers will become to 0.
You have to use CodeWarrior CCS to stop cores to write SRKHR mirror registers then release cores. No need license to use CodeWarrior CCS.
Please refer to the attached procedure to fuse OTPMK and write SRKHR mirror registers through CCS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @yipingwang
I have similar situation to the one presented in this post.
We also want to test Secure Boot process without fusing registers, but wanted to take a step further and also set OTPMK in registers using CodeWarrior.
Is it possible? What we tested for now is
1. Boot from SD card on ls1028ardb without SB_EN=1 in RCW
2. While U-Boot is booted, replace SD card so now there is an RCW image with SB_EN=1 set
3. Run the tcl script based on the documentation shared by you but also with writing OTPMK to correct registers.
After reset nothing happens on UART plus JTAG is not able to put the processor into RSP state.
This got me thinking that OTPMK needs to be fused even to start the Secure Boot process. Is that correct? What exactly happens when SB_EN=1 in RCW but OTMPK is not fused? Is it possible to use JTAG in that situation to get information from any register? E.g. to check errors listed in 6.1.1.3.2.2 ISBC validation error codes in LSDK documentation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One additional info - I'm testing it on LS1028ARDB board.
