- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- Home
- :
- QorIQ Processing Platforms
- :
- Layerscape
- :
- Unable to read from register CPSR. Target is in reset
Unable to read from register CPSR. Target is in reset
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My goal is to enable Secure Boot without permanently flashing the SRKH registers. From other questions I have posted to this community and documentation I have found, I am led to believe this is possible by using a JTAG debugger and a few configuration tweaks. Most notably, setting BOOT_HO=1 in the RCW allegedly allows for register tweaks prior to executing the validation code (ISBC, etc).
Currently I have all components flashed to the device, including a RCW with BOOT_HO=1. As expected, when powered all four cores are held in reset. At this time I would expect to be able to access the core's registers and write the temporary SRKH value to the mirror registers. However, I am unable to access any memory of the device in this state.
I am not using the CodeWarrior TAP at the moment. I am using an ARM DSTREAM and the DS5 IDE. Are there related configuration parameters necessary to access CPU registers while in reset? Please forgive me if this is an obvious question; I have done little JTAG debugging leading up to this. I know this setup works as I can set BOOT_HO=1 and access registers by interrupting the CPU -- it's just when the cores are in reset that I am having trouble.
The feedback from DS5 that I am getting is `Unable to read from register CPSR. Target is in reset`.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As suggested, I reached out to the DS5 community for help. As it turns out, the DS5 IDE will instruct the debugger to perform read/write accesses through the core. This will obviously not work when the core is in reset. The trick is to change the namespace (they call them prefixes) the debugger uses to access the registers by explicitly using an alternative route using debug hardware. In the case of the LS1043A we have an AHB (see AMBA) path for direct access.
In DS5 you can instruct the debugger to use the AHB hardware by prefixing the access with the appropriate namespace.
mem set <prefix>:<address> <bits> <value>
mem set AHB_0:0x80000000 32 0xFEEBDAED
r8070z
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As suggested, I reached out to the DS5 community for help. As it turns out, the DS5 IDE will instruct the debugger to perform read/write accesses through the core. This will obviously not work when the core is in reset. The trick is to change the namespace (they call them prefixes) the debugger uses to access the registers by explicitly using an alternative route using debug hardware. In the case of the LS1043A we have an AHB (see AMBA) path for direct access.
In DS5 you can instruct the debugger to use the AHB hardware by prefixing the access with the appropriate namespace.
mem set <prefix>:<address> <bits> <value>
mem set AHB_0:0x80000000 32 0xFEEBDAED
r8070z
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a great day,
However you can permanently write the key hash and continue to test your software. While you do not set the ITS you can test the software without secret boot while boot enable (SB_EN) bit in the RCW is not set. Then you can sign it and test secret boot with signed code by setting the SB_EN.
Actually the real secure boot requires permanent information to be fused in the SoC. But even that time while you are keeping the private key and OTPMK value in secret place you can change the software. Just optionally encode it by using your OTPMK value and sign with your private key again.
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
r8070z
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a great day,
I believe you should ask the ARM DSTREAM and DS5 IDE for support.
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have since reached out to the DS5 community. What exactly is being done by CW and CW TAP to enable this read/write access for core registers? If I know what was being done in the CW toolchain then I may be able to mimic it with the DS5/DSTREAM.
