Hello ,we are working on a P4080ds secure boot project . According to the Document of SDK 2.0, we have generate keys and some header , but we don't know how to modify the uboot souce code for supporting secure boot ,and we don't know how to set the hardware to supporting secure boot ,and we don't know where are the header and the bin file should be load ? It seems the imx6 have the detailed documents for this , do you have a detailed documents for P4080 & T2080 ?
Where can find the SFP clock frequency for T2080QDS?
Hi Yiping,
It seems the value have not be set to fuse array
=> mm 0xfe0e821c
fe0e821c: 00000000 ? 88888888
fe0e8220: ffffffff ? 77777777
fe0e8224: ffffffff ? 66666666
fe0e8228: ffffffff ? 55555555
fe0e822c: ffffffff ? 44444444
fe0e8230: ffffffff ? 33333333
fe0e8234: ffffffff ? 22222222
fe0e8238: ffffffff ? 11111111
fe0e823c: 00000000 ? e814394d
fe0e8240: 00000000 ? eb4b3c5e
fe0e8244: 00000000 ? a74d8688
fe0e8248: 00000000 ? 0c92fa19
fe0e824c: 00000000 ? 58173dfa
fe0e8250: 00000000 ? 67a8f87b
fe0e8254: 00000000 ? 89750515
fe0e8258: 00000000 ? 34487261
fe0e825c: 00000000 ? => <INTERRUPT>
=> mm 0xfe0e8020
fe0e8020: 00000000 ? 00000002
fe0e8024: 00000000 ? => <INTERRUPT>
=> mm 0xfe0e8020
fe0e8020: 00000000 ? 00000001
fe0e8024: 00000000 ? => <INTERRUPT>
=> md 0xfe0e821c
fe0e821c: 00000000 00000000 00000000 00000000 ................
fe0e822c: 00000000 00000000 00000000 00000000 ................
fe0e823c: 00000000 00000000 00000000 00000000 ................
fe0e824c: 00000000 00000000 00000000 00000000 ................
fe0e825c: 00000000 00000000 00000000 00000000 ................
fe0e826c: 00000000 00000000 00000000 b0c4e314 ................
fe0e827c: 00000000 00000000 00000000 00000000 ................
fe0e828c: 00000000 00000000 00000000 00000000 ................
fe0e829c: 00000000 00000000 00000000 00000000 ................
fe0e82ac: 00000000 00000000 00000000 00000000 ................
fe0e82bc: 00000000 00000000 00000000 00000000 ................
fe0e82cc: 00000000 00000000 00000000 00000000 ................
fe0e82dc: 00000000 00000000 00000000 00000000 ................
fe0e82ec: 00000000 00000000 00000000 00000000 ................
fe0e82fc: 00000000 00000000 00000000 00000000 ................
fe0e830c: 00000000 00000000 00000000 00000000 ................
=>
Please check whether SFP_SFPCR[PPW] makes sense on your target board.
16–31 PPW
Program pulse width. PPW determines the length of the program strobe used by the fusebox. The reset
value is a safe default for programming under typical conditions (at top frequency bin)
The optimal value for PPW is calculated as the SFP module input clock frequency (in MHz) * 12 where the
SFP module input clock is platform clock/4.
Thanks,
Yiping
Hi Yiping,
When I set the J27, it works. But I have another problem.
I burned all images, and reboot this board, no print on UART console. I followed steps on SDK 2.0>Boot Loaders>U-Boot>Secure Boot>Troubleshooting, the status register of sec mon block is 8000AD00, and Sec Mon in Trusted State is 0xd. The address 0xfe0e0204 is 00000000.
I am sure the entry point field in the ESBC header is 0xcffffffc,and u-boot is right. Because I rebuild the u-boot use commands: bitbake u-boot -c cleansstate, bitbake u-boot -c patch, bitbake u-boot.
How can I troubleshooting next?
Thanks,
Yan.
Hi Yiping,
Is any feedback?
Hi Yiping,
Here is my csf header about T2080QDS , please help to check ,currently , the uboot verified OK, but the u-boot cannot boot up , no print in uboot console . we find it failed in init_law of uboot , could you please give me some guides ?
the status register of sec mon block is 8000AD00,
The address of 0xfe0e0204 is 00000000.
Uboot
=>tftp 1000000 u-boot.bin
=>protect off 0xEBF40000 +c0000
=>erase 0xEBF40000 +c0000
=>cp.b 1000000 0xEBF40000 c0000
=>protect on 0xEBF40000 +c0000
cmp.b 1000000 0xEBF40000 c0000
u-boot_header
=>tftp 1000000 hdr_uboot.out
=>protect off ECB00000 +700
=>erase ECB00000 +700
=>cp.b 1000000 ECB00000 700
=>protect on ECB00000 +700
fman
=>tftp 1000000 fsl_fman_ucode_t2080_r1.1_106_4_18.bin
=>protect off EBF00000 +7f5c
=>erase 0xEBF00000 +7f5c
=>cp.b 1000000 0xEBF00000 7f5c
=>protect on 0xEBF00000 +7f5c
rcw
=>tftp 1000000 rcw_66_15_1800MHz_sb.bin
=>protect off 0xEC000000 +b0
=>erase 0xEC000000 +b0
=>cp.b 1000000 0xEC000000 b0
=>protect on 0xEC000000 +b0
[root@localhost t1_t2_t4]# vi input_uboot_nor_secure
/* Copyright (c) 2013 Freescale Semiconductor, Inc.
* All rights reserved.
*/
---------------------------------------------------
# Specify the platform. [Mandatory]
# Choose Platform - 1010/1040/2041/3041/4080/5020/5040/9131/9132/9164/4240/C290
PLATFORM=4240
# ESBC Flag. Specify ESBC=0 to sign u-boot and ESBC=1 to sign ESBC images.(default is 0)
ESBC=0
---------------------------------------------------
# Entry Point/Image start address field in the header.[Mandatory]
# (default=ADDRESS of first file specified in images)
ENTRY_POINT=cffffffc
---------------------------------------------------
# Specify the file name of the keys seperated by comma.
# The number of files and key select should lie between 1 and 4 for 1040 and C290.
# For rest of the platforms only one key is required and key select should not be provided.
# USAGE (for 4080/5020/5040/3041/2041/1010/913x): PRI_KEY = <key1.pri>
# USAGE (for 1040/C290/9164/4240): PRI_KEY = <key1.pri>, <key2.pri>, <key3.pri>, <key4.pri>
# PRI_KEY (Default private key :srk.pri) - [Optional]
PRI_KEY=srk.pri
# PUB_KEY (Default public key :srk.pub) - [Optional]
PUB_KEY=srk.pub
# Please provide KEY_SELECT(between 1 to 4) (Required for 1040/C290/9164/4240 only) - [Optional]
KEY_SELECT=
---------------------------------------------------
# Specify SG table address, only for (2041/3041/4080/5020/5040) with ESBC=0 - [Optional]
SG_TABLE_ADDR=
---------------------------------------------------
# Specify the target where image will be loaded. (Default is NOR_16B) - [Optional]
# Only required for Non-PBL Devices (1010/1040/9131/9132i/C290)
# Select from - NOR_8B/NOR_16B/NAND_8B_512/NAND_8B_2K/NAND_8B_4K/NAND_16B_512/NAND_16B_2K/NAND_16B_4K/SD/MMC/SPI
IMAGE_TARGET=
---------------------------------------------------
# Specify IMAGE, Max 8 images are possible. DST_ADDR is required only for Non-PBL Platform. [Mandatory]
# USAGE : IMAGE_NO = {IMAGE_NAME, SRC_ADDR, DST_ADDR}
IMAGE_1={u-boot.bin,cff40000,ffffffff}
IMAGE_2={,,}
IMAGE_3={,,}
IMAGE_4={,,}
IMAGE_5={,,}
IMAGE_6={,,}
IMAGE_7={,,}
IMAGE_8={,,}
---------------------------------------------------
# Specify OEM AND FSL ID to be populated in header. [Optional]
# e.g FSL_UID=11111111
FSL_UID=
OEM_UID=
---------------------------------------------------
# Specify the file names of csf header and sg table. (Default :hdr.out) [Optional]
OUTPUT_HDR_FILENAME=hdr_uboot.out
# Specify the file names of hash file and sign file.
HASH_FILENAME=img_hash.out
INPUT_SIGN_FILENAME=sign.out
# Specify the signature size.It is mandatory when neither public key nor private key is specified.
# Signature size would be [0x80 for 1k key, 0x100 for 2k key, and 0x200 for 4k key].
SIGN_SIZE=0x100
---------------------------------------------------
# Specify the output file name of sg table. (Default :sg_table.out). [Optional]
# Please note that OUTPUT SG BIN is only required for 2041/3041/4080/5020/5040 when ESBC flag is not set.
Hello Li Yan,
Please use "SIGN_SIZE=" at the last section.
Thanks,
Yiping
Hi Yiping,
It doesn't work too.
Yan.
Hi Yan,
We're seeing the same issue as you, that the ISBC verifies uBoot and shows it entered Trusted State SECMON_HPSR=8000AD00 where the "D" is Trusted, although uBoot does not boot and there is no printout of uboot console. We have the same PBI commands and input_uboot_nor_secure script as posted above for generating the header and placement of RCW, header and uboot in NOR flash. I am quite certain the default ENTRY_POINT=cffffffc and SRC_ADDR=cff4000 (or cfb4000 if alternate bank) are correct as well, because I can intentionally generate an ISBC error code otherwise. And, there are no additional ISBC/ESBC error codes reported in the DCFG_CCSR_SCRATCHRW2 to go by either. Please keep us posted of your progress and I will do the same. Thank you.
Hi Yiping,
I met an other issue . When I do the secure boot for p4080, after the board up ,the interface cannot receive of send packets , after I use the non-secure boot u-boot and rcw ,it is OK, So could you please tell me why ? And my board is P4080DS r2 ,and my SDK is 2.0 . If my SDK is not suitable ,please tell me which one is OK, thank you.
Best Regards
Hi Yan, although I may be mistaken, I recall on the P3041/T1040 that secure boot did not provide for ethernet (using FMAN) and thus that TFTP would not work for its default configuration, but perhaps uboot could be customized to do so.
Hi Yiping,
Could you please give me a link for QCVS , I am not sure which one is suitable for P4080, and do you have a estimate version ?
By the way , where can we find a default P4080 PBL image which have enable the secure boot , we can have a try first .
About the OTPMKR[0:7] , I can use the "mm" command to modify it , but after I write it , use "md" command to display ,it shows zero , It seems write failed .the same problem exsits in LS1021.
> mm fe0e805c
> fe0e805c: 00000000 ? ef0f928b
> fe0e8060: 00000000 ? 52255d2b
...
About the CCSR SRKHR[0:7],I can use the "mm" command to modify it , and after write ,use "md" command , I can see the value has been wrote correctly .But after I reboot the board ,The value was changed to 0.
Could you please tell me If I miss some steps , or there is bug in P4080 ?
thank you very much.
Hi Yiping,
Is any feedback ?
Please download QCVS for PowerPC from CodeWarriorNetworked Applications : QCVS|NXP .
Please refer to the attached RCW file.
Please note that in the designing stage, please only write value to SRKHR and OTPMKR mirror registers without writing the permanent registers to blow the fuse array.
Would you please provide your detailed log to do deployment? I will check it for you.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Thank you very much , Now I have a question about T2080.
we try to use u-boot to write the OTPMKR and the SRKHR into the flash.but after reboot the device ,the value cannot be saved . I think maybe we after or before use "mm" comand to write register ,we should set the write protect register , do you have a guider to writer OTPMKR and the SRKHR ,we want write it into flash and don't need modify. I know in P4080 board ,after "mm" command ,also need write
=> mm fe0e8020
fe0e8020: 00000000 ? 00000002
and In T2080, which register should be set to fuse the OTPMKR and SRKHR.
Thank you very much.
Hi Yiping ,
Is any feedback , after write the OTPMKR and the SRKHR ,I set the SFP_INGR to 2 to write them to fuse array ,but It seems failed too , the value was cleared after board reset . Is any write protect bit was not be set or clear? could you please guild me ? Thank you very much .
=> mm fe0e8020
fe0e8020: 00000000 ? 00000002
Hello Li Yan,
No protection for register SFP_INGR, please check whether the register SFP_FSWPR is set.
In the designing stage, it is not recommended to program the shadow registers values to the fuse array, because after this operation, OTPMK and SRKH keys cannot be changed any more.
After reset these mirror registers would be cleared, so we use CCS to connect to the target board to write mirror registers before executing u-boot, the procedure is as the following.
1. Configure RCW to enable boot hold off bit. The purpose is to wait for CCS connecting to the target board to write mirror registers.
2. Deploy image to bank4 at bank0, and switch to bank4.
3. Use CCS to connect to the target and write mirror registers and open CCS console to use the following commands to write mirror registes.
% config cc cwtap
% ccs::config_chain p4080
% ccs::get_config_chain
% ccs::write_mem 0 <address> 4 0 <value>
4. Configure registers DCFG_CCSR_BRR to release the core to boot from hold off mode.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi Yiping,
P4080 board has finished , we are work on T2080QDS board.
I have check the SFP_FSWPR register, It is zero . Now we want to write it to fuse array and don't want to change it .
=> md fe0e8204
fe0e8204: 00000000 00000000 00000000 00000000 ................
fe0e8214: 00000000 00000000 00000000 00000000 ................
fe0e8224: 00000000 00000000 00000000 00000000 .......
below is my step , could you please tell me if I miss some operation?
Set SW9[8]= 1 (POVDD enabled)
=> mm 0xfe0e821c
fe0e821c: 00000000 ? 88888888
fe0e8220: ffffffff ?77777777
fe0e8224: ffffffff ?66666666
fe0e8228: ffffffff ?55555555
fe0e822c: ffffffff ?44444444
fe0e8230: ffffffff ?33333333
fe0e8234: ffffffff ? 22222222
fe0e8238: ffffffff ? 11111111
fe0e823c: 00000000 ? e814394d
fe0e8240: 00000000 ? eb4b3c5e
fe0e8244: 00000000 ? a74d8688
fe0e8248: 00000000 ? 0c92fa19
fe0e824c: 00000000 ? 58173dfa
fe0e8250: 00000000 ? 67a8f87b
fe0e8254: 00000000 ? 89750515
fe0e8258: 00000000 ? 34487261
fe0e825c: 00000000 ? 99999999
=> mm
0xfe0e8270 (UID)
fe0e821c: 00000000 ?00000001
=>mm 0xfe0e8020
0xfe0e8020: 00000000 ? 00000002
3.
power off the board
4.Disable POVDD and power on the board
SetSW9[8] = 0 (POVDD enabled)
5.Display the OTPMK and SRKH
=> md fe0e821c
fe0e821c: 00000000 00000000 00000000 00000000 ................
fe0e822c: 00000000 00000000 00000000 00000000 ................
fe0e823c: 00000000 00000000 00000000 00000000 ................
fe0e824c: 00000000 00000000 00000000 00000000 ................
fe0e825c: 00000000 00000000 00000000 00000000 ................
Hello Li Yan,
If you feel everything is OK, you also need to configure Intent to secure (ITS) bit to configure the board used as secure boot.
Please refer to SFP_OSPR[ITS]
In addition, please try write OTPMK shadow registers and program to the fuse array, then write SRKH shadow registers and program to the fuse array.
Thanks,
Yiping
Hello Yiping ,
It seems the OTPMK and SRKH cannot be program to the fuse array, when I reboot the board , the OTPMK and SRKH changed to zero , It have confused us one week .Did we miss some steps ? Could you please help to check it ? thank you.
we try to set ITS , but after board reset ,It disapper too .
=> mw 0xfe0e8200 00000004
=> mw 0xfe0e8020 00000002
after board reset , the value changed to zero , and the write protect is OK.
=> md 0xfe0e8200
fe0e8200: 00000000 00000000 00000000 00000000