帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Unable to read from register CPSR. Target is in reset

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

Unable to read from register CPSR. Target is in reset

跳至解决方案
‎06-07-2016 07:43 AM
4,124 次查看
brandensherrell
Contributor III

My goal is to enable Secure Boot without permanently flashing the SRKH registers. From other questions I have posted to this community and documentation I have found, I am led to believe this is possible by using a JTAG debugger and a few configuration tweaks. Most notably, setting BOOT_HO=1 in the RCW allegedly allows for register tweaks prior to executing the validation code (ISBC, etc).

Currently I have all components flashed to the device, including a RCW with BOOT_HO=1. As expected, when powered all four cores are held in reset. At this time I would expect to be able to access the core's registers and write the temporary SRKH value to the mirror registers. However, I am unable to access any memory of the device in this state.

I am not using the CodeWarrior TAP at the moment. I am using an ARM DSTREAM and the DS5 IDE. Are there related configuration parameters necessary to access CPU registers while in reset? Please forgive me if this is an obvious question; I have done little JTAG debugging leading up to this. I know this setup works as I can set BOOT_HO=1 and access registers by interrupting the CPU -- it's just when the cores are in reset that I am having trouble.

The feedback from DS5 that I am getting is ​`Unable to read from register CPSR. Target is in reset`.

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎06-10-2016 08:30 AM
3,625 次查看
brandensherrell
Contributor III

As suggested, I reached out to the DS5 community for help. As it turns out, the DS5 IDE will instruct the debugger to perform read/write accesses through the core. This will obviously not work when the core is in reset. The trick is to change the namespace (they call them prefixes) the debugger uses to access the registers by explicitly using an alternative route using debug hardware. In the case of the LS1043A we have an AHB (see AMBA) path for direct access.

In DS5 you can instruct the debugger to use the AHB hardware by prefixing the access with the appropriate namespace.

mem set <prefix>:<address> <bits> <value>

mem set AHB_0:0x80000000 32 0xFEEBDAED

在原帖中查看解决方案

0 项奖励
回复
5 回复数

跳至解决方案
‎06-14-2016 09:39 AM
3,624 次查看
r8070z
NXP Employee
NXP Employee

Thank you for information.

0 项奖励
回复

跳至解决方案
‎06-10-2016 08:30 AM
3,626 次查看
brandensherrell
Contributor III

As suggested, I reached out to the DS5 community for help. As it turns out, the DS5 IDE will instruct the debugger to perform read/write accesses through the core. This will obviously not work when the core is in reset. The trick is to change the namespace (they call them prefixes) the debugger uses to access the registers by explicitly using an alternative route using debug hardware. In the case of the LS1043A we have an AHB (see AMBA) path for direct access.

In DS5 you can instruct the debugger to use the AHB hardware by prefixing the access with the appropriate namespace.

mem set <prefix>:<address> <bits> <value>

mem set AHB_0:0x80000000 32 0xFEEBDAED

0 项奖励
回复

跳至解决方案
‎06-09-2016 06:39 AM
3,624 次查看
r8070z
NXP Employee
NXP Employee

Have a great day,

However you can permanently write the key hash and continue to test your software. While you do not set the ITS you can test the software without secret boot while boot enable (SB_EN) bit in the RCW is not set. Then you can sign it and test secret boot with signed code by setting the SB_EN.

  Actually the real secure boot requires permanent information to be fused in the SoC. But even that time while you are keeping the private key and OTPMK value in secret place you can change the software. Just optionally encode it by using your OTPMK value and sign with your private key again.

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

跳至解决方案
‎06-09-2016 05:49 AM
3,624 次查看
r8070z
NXP Employee
NXP Employee

Have a great day,
 

I believe you should ask the ARM DSTREAM and DS5 IDE for support.

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

跳至解决方案
‎06-09-2016 08:10 AM
3,624 次查看
brandensherrell
Contributor III

I have since reached out to the DS5 community. What exactly is being done by CW and CW TAP to enable this read/write access for core registers? If I know what was being done in the CW toolchain then I may be able to mimic it with the DS5/DSTREAM.

0 项奖励
回复