• Background
• 1. Generating a PKI tree, and include a subordinate SGK key
• 2. Generating an SRK Table and SRK Hash
• 3. Retrieve the chip information
• 4. Update the configuration files and generate message
• 5. Signing the message
• 6. Change lifecycle to PFR by the first method
• 6.1 Regenerate flash.bin with message_signed.bin
• 6.2 Regenerate flash-signed.bin
• 7. Change lifecycle to PFR by the second method
• 7.1 Add command in uboot-imx
• 7.2 Boot the board and input command

Background

• The chip fuse has been programmed and closed(Security configuration enabled) following the process described in mx8_mx8x_secure_boot.txt in  mx8_mx8x_secure_boot.txt\guides\ahab\imx\doc - uboot-imx - i.MX U-Boot 
• There are two ways to change the lifecycle to Partial Field Return (PFR) by the method of a signed message. One is to generate flash.bin with message_signed.bin, another is to write a new command in uboot, then manually add message-signed.bin in uboot. The latter can change the message content more conveniently.

Please note that these details/scripts are currently for NXP Internal reference. Please don’t share with customers.

Based on the above, the steps for partial field return are like below:

 1. Generating a PKI tree, and include a subordinate SGK key

2. Generating an SRK Table and SRK Hash

$ cd ../crts/
$ ../linux64/bin/srktool -a -s sha384 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -f 1 -c SRK1_sha384_secp384r1_v3_ca_crt.pem,SRK2_sha384_secp384r1_v3_ca_crt.pem,SRK3_sha384_secp384r1_v3_ca_crt.pem,SRK4_sha384_secp384r1_v3_ca_crt.pem

    The SRK_1_2_3_4_table.bin and SRK_1_2_3_4_fuse.bin files can be used in further steps.

3. Retrieve the chip information

On the iMX8/8X device, boot the device and on the SCU terminal type and run the command “seco info”. The following output will be seen on the SCU terminal. Save this info as it is needed later on.

4. Update the configuration files and generate message

Modify the message_header.json

{"container": {"message": {"permission": "0x10", "cert version": "0", "UID": "0C13380E82895B2C", "flags": "0", "monotonic counter": "0x0"}, "header": {"fuse version": "0", "SW version": "0", "version": "0"}}}

Modify the message_content.json, from below chart, to change to partial return , the lifecycle needs to change to 0x20

{"Id": "0xa0", "lifecycle": "0x20", "nb words": "1"}

Then generate the message by the following command-line.

$python gen-msg-json.py message_header.json message_content.json -o message.bin

5. Signing the message

Like below, modify the permission to Fuse1: SCU Version. Life Cycle, that is 0x10.

[Header]
Target = AHAB
Version = 1.0

[Install SRK]
# SRK table generated by srktool

File = "../crts/SRK_1_2_3_4_table.bin"
# Public key certificate in PEM format

Source = "../crts/SRK1_sha384_secp384r1_v3_usr_crt.pem"
# Index of the public key certificate within the SRK table (0 .. 3)

Source index = 0

# Type of SRK set (NXP or OEM)
Source set = OEM

# bitmask of the revoked SRKs
Revocations = 0x0
 
# ******* OPTIONAL COMMAND *****
[Install Certificate]

# Public key certificate in PEM format
File = "../crts/SGK1_1_sha384_secp384r1_v3_usr_crt.pem"

# bitmask of the permissions
Permissions = 0x10

# ******************************
[Authenticate Data]
# Binary to be signed generated by mkimage
File = "message.bin"
# Offsets = Container header  Signature block (printed out by mkimage)
Offsets   = 0x0             0x48

And run the command: ../linux64/bin/cst -i message.csf -o message_signed.bin and can get message_signed.bin

6. Change lifecycle to PFR by the first method

The first method is to regenerate signed flash.bin with message_signed.bin.

6.1 Regenerate flash.bin with message_signed.bin

$cp the message_signed.bin to imx-mkimage/iMX8QX/

Go to the imx_mkimage repo and edit the rule flash_msg_block in ./iMX8QX/scripts/misc.mak.

-./$(MKIMG) -soc QX -rev B0 -append mx8qx-ahab-container.img -c -scfw scfw_tcm.bin -msg_blk test_block.bin field 0x83000000 -out flash.bin
+./$(MKIMG) -soc QX -rev B0 -append mx8qx-ahab-container.img -c -scfw scfw_tcm.bin -msg_blk message_signed.bin field 0x83000000 -out flash.bin

Then run:

$ make SOC=iMX8QX flash_msg_block

It will generate a new flash.bin, because the board is on OEM close state, so you need to regenerate flash-signed.bin again.

6.2 Regenerate flash-signed.bin

Create the csf_boot_image_csf.csf ,like below:

[Header]
Target = AHAB
Version = 1.0

[Install SRK]
# SRK table generated by srktool
File = "../crts/SRK_1_2_3_4_table.bin"
# Public key certificate in PEM format
Source = "../crts/SRK1_sha384_secp384r1_v3_usr_crt.pem"
# Index of the public key certificate within the SRK table (0 .. 3)
Source index = 0
# Type of SRK set (NXP or OEM)
Source set = OEM
# bitmask of the revoked SRKs
Revocations = 0x0
# ******* OPTIONAL COMMAND *****
#[Install Certificate]
#Public key certificate in PEM format
#File = "../crts/SGK1_1_sha384_secp384r1_v3_usr_crt.pem"
#bitmask of the permissions
#Permissions = 0x10
# ******************************

[Authenticate Data]
# Binary to be signed generated by mkimage
File = "flash.bin"
# Offsets = Container header  Signature block (printed out by mkimage)
Offsets   = 0x400             0x590

And run the command: ../linux64/bin/cst -i csf_boot_image_csf.csf -o flash_signed.bin and can get flash_signed.bin

Finally, flash-signed.bin will generate, and dd to sd card. The lifecycle will expect to become 0x100.

7. Change lifecycle to PFR by the second method

The second method is to write a new command in uboot, then add message-signed.bin in uboot manually by the command.

7.1  Add command in uboot-imx

$ git am 0002-add_ahab_return_lifecycle_disable_cache.patch
$ source 
$ unset LDFLAGS
$ make -j8

Regenerate the u-boot.bin.

$ cp u-boot.bin  
$ cd imx-mkimage/
$ make SOC=iMX8QX flash
$ cp iMX8QX/flash.bin 

The has the csf description file for flash-signed.bin

$ cd 
$ ../linux64/bin/cst -i csf_boot_image.txt -o flash-signed.bin
$ sudo dd if=flash-signed.bin of=/dev/sdX bs=1k seek=32 ; sync

Then generate the flash-signed.bin used this new u-boot.bin.Copy message-signed.bin generated in the fifth step to sdcard.

7.2 Boot the board and input command

Power up the board, and stop the uboot.

$ fatload mmc 1:1 0x80280000 message_signed.bin
$ ahab_status
$ ahab_return_lifecycle 0x80280000
$ ahab_status

Note that the address is consistent with the address that you input in the first step.

Then you can input $seco info in SCU serial port, and see the lifecycle will expect to become 0x100.

Hi @Tia_Lan 

Can you provide the Lauterbach script to dump SECO log to Ankit?

Best Regards,

Frank

Hi @frank_zhang 

It is not possible as customer performs return LC to OEM Field Return from Linux kernel sysfs driver and then power cycles device.

Below are the logs customer observed when they checked ahab_status after performing return LC to OEM Field Return

# dd if=signed_msg_512.bin of=/sys/kernel/seco/field_return bs=816

[ 548.708086] imx_scu_call_rpc(...) failed with error -13!
[ 548.708097] imx_sc_seco_return_lifecycle(...) failed with error -13

1+0 records in
0+0 records out
0 bytes (0B) copied, 0.066212 seconds, 0B/s

# cat /sys/kernel/seco/ahab_status

Lifecycle: 0x0080, OEM closed

UID_H: 0x1A10B00E
UID_L: 0x8292379B
Monotonic counter: 0x0000

SECO event[0] = 0x00A0AB29
CMD = AHAB_FIELD_RETURN_REQ (0xA0)
IND = Unknown Indicator (0xAB)

Found 1 SECO events

SECO events found - authenticity check failed!

-Ankit.

Hi Ankit,

Can customer run ahab_dump in uboot after they see error? We can see SECO log.

Best Regards,

Frank

Hi @frank_zhang 

Customer did "signed message way".

They prepared and signed "Return Lifecycle Update" message using their CST tool.

On Target, through Linux console, feed "signed message" to their sysfs driver. And sysfs driver invoke SCU API : sc_seco_return_lifecycle (having  SECO_FUNC_RETURN_LIFECYCLE) function.

They have not used signed image way(thus signed message is part of the boot image).

-Ankit.

Hi Ankit,

Did they use signed message way or signed image way(thus signed message is part of the boot image)?

Best Regards,

Frank

Hi @frank_zhang 

Yes, I am doing well. Hope everything OK from your side too.

Customer has performed below steps:

1. Step-1: On "i.MX8QXP B0" device having OEM Open (NXP Closed) state, first tested returning the LC to OEM Field Return execution using "signed Return Lifecycle Update message" and received the SECO event 0x00A0FA29 (AHAB_BAD_KEY_HASH_IND). This confirm that signed message is ready to use on "OEM Closed" device.
2. Step-2: Burned the OEM SRK Hash fuses.
3. Step-3: Flashed and booted using signed images; confirmed that no SECO events occurred during the boot process. This confirm device is in secure boot.
4. Step-4: Advanced the LC to "OEM Closed" using their sysfs driver.
5. Step-5: Power-cycle the board and attempted to return the LC to OEM Field Return; received SECO event 0x00A0AB29. This event indicates that the "FUSE is write/read locked".
6. Step-6: Power-cycle the board and it was in OEM Field Return state.

Do you see any issues with the above steps or have any suggestions?

Please note that, we just received an update from customer that they did all the above mentiond steps on another board & seen ""FUSE is write/read locked"" error. And "Despite this, after performing power-cycle on the board, the LC successfully changed to "OEM Field Return"

-Ankit.

Hi Ankit,

Long time no see. Hope you are doing good.

I don't think it is expected. But you say the LC is changed. Somethings you might can help me check.

Find all LC related fuses(I remember it is not only one), and see if customer program any bits on the same words before.

I will check with STEC in next Wendsday call. please give me a reminder on Wendsday.

Best Regards,

Frank

Hi @frank_zhang ,

We received a customer query regarding the return lifecycle transition to "OEM Field Return" from "OEM Closed" for "i.MX8QXP" device.
The customer has implemented a sysfs driver in Linux kernel to invoke SECO APIs. Using this driver, they are able to transition the lifecycle from "NXP Closed (OEM Open)" to "OEM Closed" successfully.

However, when they attempt to return the lifecycle state to "OEM Field Return", they encounter an issue and wanted some clarification.

After invoking SECO API (SC_SECO_FUNC_RETURN_LIFECYCLE), they receive the following SECO event: SECO event[0] = 0x00A0AB29. This event indicates that the "FUSE is write/read locked".
Despite this, after performing power-cycle on the board, the lifecycle appears to be successfully changed to "OEM Field Return".
Is this behavior expected?