How to confirm secure boot in development mode?

lorv · ‎04-25-2023

I have managed to create a sigend and an ecrypted and signed image with the Secure Provisioning Tool v6 for my RT685-EVK. Since I am still developing, I use the tool in development mode.

In the Build Image tab I got an error and some warnings for the OTP configuration. The tool was able to resolve the error with the Fix button. For the warings I could use the Fix button as well and it corrected the values. The warnings remain however, since the values are only in the shadow registers and not in the actual OTP. Also when I read back the OTP configuration from the target it still says that secure boot is disabled in the BOOT_CFG[0] register. I assmue this is also because the values were written to the shadow register instead of the actual OTP, but the OTP gets read back.

How can I be sure, that the image was actually authenticated without burning the fuses?
Is there a way to read back the shadow registers in addition to the OTP?

marek-trmac · ‎04-25-2023

Hi David,

the warning on the screenshot says, that the CRC does not match in value read from processor. This is just information the value read from processor is invalid. You can ignore it.
Note: this feature will be improved in next version and warning will be displayed in the column "Current value" to emphasize where the problem is.

The OTP configuration reads always the fuse value (using blhost). It does not show the shadow registers.

> I have followed the workflow in 6.5.3.2 and it seem to be working.
I believe this means the image is properly signed.

> I reset the board with SW3 Reset Button, I think the register should not be cleared by this.
Correct.

Regards,
Marek

View solution in original post

lorv · ‎04-25-2023

Hi Marek,

THe OTP configuration show warning for the DEBUG_CFG register. See the screenshot below:

It shows them for invalid CRC, but as I said with the Fix button the values change. But the warnings don't dissapear.

I have followed the workflow in 6.5.3.2 and it seem to be working.
What do you mean by hard reset? I reset the board with SW3 Reset Button, I think the register should not be cleared by this.

marek-trmac · ‎04-25-2023

Hi David,

the warning on the screenshot says, that the CRC does not match in value read from processor. This is just information the value read from processor is invalid. You can ignore it.
Note: this feature will be improved in next version and warning will be displayed in the column "Current value" to emphasize where the problem is.

The OTP configuration reads always the fuse value (using blhost). It does not show the shadow registers.

> I have followed the workflow in 6.5.3.2 and it seem to be working.
I believe this means the image is properly signed.

> I reset the board with SW3 Reset Button, I think the register should not be cleared by this.
Correct.

Regards,
Marek

lorv · ‎04-25-2023

Thanks for your help!

marek-trmac · ‎04-25-2023

Hi David,

about warnings for the fuses, can you provide more information? What fuse value shows a warning? What value is there after fix and what read value is there when the warning is displayed again? In User Guide, the validation and problem resolution is described in chapter "5.2.3.10 Validation and problem resolution" (tool v6), and this might help you too.

The shadow registers are designed to test the fuse values and the processor should behave same as if the fuses are burnt. If you follow the workflow in chapter 6.5.3.2, the image should be validated during booting. You can try to write different image into the flash (signed with different keys) and check, whether it boots or not.
Of course, if you do hard reset or power down your board, the shadow registers are cleared.

Hope this helps

Regards,
Marek