How to start the P4080DS/T2080 secure boot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to start the P4080DS/T2080 secure boot

9,916 Views
liyan
Contributor I

Hello ,we are working on a P4080ds secure boot project . According to the Document of SDK 2.0, we have generate keys and some header , but we don't know how to modify the uboot  souce code for supporting secure boot ,and we don't know how to set the hardware to supporting secure boot ,and we don't know where are the header and the bin file  should be load ? It seems the imx6 have the detailed documents for this , do you have a detailed documents for P4080 & T2080 ?

Labels (1)
0 Kudos
32 Replies

5,716 Views
liyan
Contributor I

Where can find the SFP clock frequency for T2080QDS?

0 Kudos

5,716 Views
liyan
Contributor I

Hi Yiping,

     It seems the value have not be set to fuse array

=> mm 0xfe0e821c

fe0e821c: 00000000 ? 88888888

fe0e8220: ffffffff ? 77777777

fe0e8224: ffffffff ? 66666666

fe0e8228: ffffffff ? 55555555

fe0e822c: ffffffff ? 44444444

fe0e8230: ffffffff ? 33333333

fe0e8234: ffffffff ? 22222222

fe0e8238: ffffffff ? 11111111

fe0e823c: 00000000 ? e814394d

fe0e8240: 00000000 ? eb4b3c5e

fe0e8244: 00000000 ? a74d8688

fe0e8248: 00000000 ? 0c92fa19

fe0e824c: 00000000 ? 58173dfa

fe0e8250: 00000000 ? 67a8f87b

fe0e8254: 00000000 ? 89750515

fe0e8258: 00000000 ? 34487261

fe0e825c: 00000000 ? => <INTERRUPT>

=> mm 0xfe0e8020

fe0e8020: 00000000 ? 00000002

fe0e8024: 00000000 ? => <INTERRUPT>

=> mm 0xfe0e8020

fe0e8020: 00000000 ? 00000001

fe0e8024: 00000000 ? => <INTERRUPT>

=> md 0xfe0e821c

fe0e821c: 00000000 00000000 00000000 00000000    ................

fe0e822c: 00000000 00000000 00000000 00000000    ................

fe0e823c: 00000000 00000000 00000000 00000000    ................

fe0e824c: 00000000 00000000 00000000 00000000    ................

fe0e825c: 00000000 00000000 00000000 00000000    ................

fe0e826c: 00000000 00000000 00000000 b0c4e314    ................

fe0e827c: 00000000 00000000 00000000 00000000    ................

fe0e828c: 00000000 00000000 00000000 00000000    ................

fe0e829c: 00000000 00000000 00000000 00000000    ................

fe0e82ac: 00000000 00000000 00000000 00000000    ................

fe0e82bc: 00000000 00000000 00000000 00000000    ................

fe0e82cc: 00000000 00000000 00000000 00000000    ................

fe0e82dc: 00000000 00000000 00000000 00000000    ................

fe0e82ec: 00000000 00000000 00000000 00000000    ................

fe0e82fc: 00000000 00000000 00000000 00000000    ................

fe0e830c: 00000000 00000000 00000000 00000000    ................

=>

0 Kudos

5,716 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please check whether SFP_SFPCR[PPW] makes sense on your target board.

16–31 PPW

Program pulse width. PPW determines the length of the program strobe used by the fusebox. The reset

value is a safe default for programming under typical conditions (at top frequency bin)

The optimal value for PPW is calculated as the SFP module input clock frequency (in MHz) * 12 where the

SFP module input clock is platform clock/4.

Thanks,

Yiping

0 Kudos

5,716 Views
liyan
Contributor I

Hi Yiping,

When I set the J27, it works. But I have another problem.

I burned all images, and reboot this board, no print on UART console. I followed steps on SDK 2.0>Boot Loaders>U-Boot>Secure Boot>Troubleshooting, the status register of sec mon block is 8000AD00, and Sec Mon in Trusted State is 0xd. The address 0xfe0e0204 is 00000000.

I am sure the entry point field in the ESBC header is 0xcffffffc,and u-boot is right. Because I rebuild the u-boot use  commands: bitbake u-boot -c cleansstate, bitbake u-boot -c patch, bitbake u-boot.

How can I troubleshooting next?

Thanks,

Yan.

0 Kudos

5,716 Views
liyan
Contributor I

Hi Yiping,

Is any feedback?

0 Kudos

5,716 Views
liyan
Contributor I

Hi Yiping,

    Here is my csf header about T2080QDS , please help to check ,currently , the uboot verified OK, but the u-boot cannot boot up , no print in uboot console . we find it failed in init_law of uboot , could you please give me some guides ?

the status register of sec mon block is 8000AD00,

The address of 0xfe0e0204 is 00000000.

Uboot
=>tftp 1000000 u-boot.bin
=>protect off 0xEBF40000 +c0000
=>erase 0xEBF40000 +c0000
=>cp.b 1000000 0xEBF40000 c0000
=>protect on 0xEBF40000 +c0000
cmp.b 1000000 0xEBF40000 c0000

u-boot_header
=>tftp 1000000 hdr_uboot.out
=>protect off ECB00000 +700
=>erase ECB00000 +700
=>cp.b 1000000 ECB00000 700
=>protect on ECB00000 +700

fman
=>tftp 1000000 fsl_fman_ucode_t2080_r1.1_106_4_18.bin
=>protect off EBF00000 +7f5c
=>erase 0xEBF00000 +7f5c
=>cp.b 1000000 0xEBF00000 7f5c
=>protect on 0xEBF00000 +7f5c

rcw
=>tftp 1000000 rcw_66_15_1800MHz_sb.bin
=>protect off 0xEC000000 +b0
=>erase 0xEC000000 +b0
=>cp.b 1000000 0xEC000000 b0
=>protect on 0xEC000000 +b0

[root@localhost t1_t2_t4]# vi input_uboot_nor_secure
/* Copyright (c) 2013 Freescale Semiconductor, Inc.
* All rights reserved.
*/

---------------------------------------------------
# Specify the platform. [Mandatory]
# Choose Platform - 1010/1040/2041/3041/4080/5020/5040/9131/9132/9164/4240/C290
PLATFORM=4240
# ESBC Flag. Specify ESBC=0 to sign u-boot and ESBC=1 to sign ESBC images.(default is 0)
ESBC=0
---------------------------------------------------
# Entry Point/Image start address field in the header.[Mandatory]
# (default=ADDRESS of first file specified in images)
ENTRY_POINT=cffffffc
---------------------------------------------------
# Specify the file name of the keys seperated by comma.
# The number of files and key select should lie between 1 and 4 for 1040 and C290.
# For rest of the platforms only one key is required and key select should not be provided.

# USAGE (for 4080/5020/5040/3041/2041/1010/913x): PRI_KEY = <key1.pri>
# USAGE (for 1040/C290/9164/4240): PRI_KEY = <key1.pri>, <key2.pri>, <key3.pri>, <key4.pri>

# PRI_KEY (Default private key :srk.pri) - [Optional]
PRI_KEY=srk.pri
# PUB_KEY (Default public key :srk.pub) - [Optional]
PUB_KEY=srk.pub
# Please provide KEY_SELECT(between 1 to 4) (Required for 1040/C290/9164/4240 only) - [Optional]
KEY_SELECT=
---------------------------------------------------
# Specify SG table address, only for (2041/3041/4080/5020/5040) with ESBC=0 - [Optional]
SG_TABLE_ADDR=
---------------------------------------------------
# Specify the target where image will be loaded. (Default is NOR_16B) - [Optional]
# Only required for Non-PBL Devices (1010/1040/9131/9132i/C290)
# Select from - NOR_8B/NOR_16B/NAND_8B_512/NAND_8B_2K/NAND_8B_4K/NAND_16B_512/NAND_16B_2K/NAND_16B_4K/SD/MMC/SPI
IMAGE_TARGET=
---------------------------------------------------
# Specify IMAGE, Max 8 images are possible. DST_ADDR is required only for Non-PBL Platform. [Mandatory]
# USAGE : IMAGE_NO = {IMAGE_NAME, SRC_ADDR, DST_ADDR}
IMAGE_1={u-boot.bin,cff40000,ffffffff}
IMAGE_2={,,}
IMAGE_3={,,}
IMAGE_4={,,}
IMAGE_5={,,}
IMAGE_6={,,}
IMAGE_7={,,}
IMAGE_8={,,}
---------------------------------------------------
# Specify OEM AND FSL ID to be populated in header. [Optional]
# e.g FSL_UID=11111111
FSL_UID=
OEM_UID=
---------------------------------------------------
# Specify the file names of csf header and sg table. (Default :hdr.out) [Optional]
OUTPUT_HDR_FILENAME=hdr_uboot.out

# Specify the file names of hash file and sign file.
HASH_FILENAME=img_hash.out
INPUT_SIGN_FILENAME=sign.out

# Specify the signature size.It is mandatory when neither public key nor private key is specified.
# Signature size would be [0x80 for 1k key, 0x100 for 2k key, and 0x200 for 4k key].
SIGN_SIZE=0x100
---------------------------------------------------
# Specify the output file name of sg table. (Default :sg_table.out). [Optional]
# Please note that OUTPUT SG BIN is only required for 2041/3041/4080/5020/5040 when ESBC flag is not set.

0 Kudos

5,716 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Li Yan,

Please use "SIGN_SIZE=" at the last section.

Thanks,

Yiping

0 Kudos

5,716 Views
liyan
Contributor I

Hi Yiping,

It doesn't work too.

Yan.

0 Kudos

5,716 Views
marcboillot
Contributor I

Hi Yan,

We're seeing the same issue as you, that the ISBC verifies uBoot and shows it entered Trusted State SECMON_HPSR=8000AD00 where the "D" is Trusted, although uBoot does not boot and there is no printout of uboot console. We have the same PBI commands and input_uboot_nor_secure script as posted above for generating the header and placement of RCW, header and uboot in NOR flash. I am quite certain the default  ENTRY_POINT=cffffffc and SRC_ADDR=cff4000 (or cfb4000 if alternate bank) are correct as well, because I can intentionally generate an ISBC error code otherwise. And, there are no additional ISBC/ESBC error codes reported in the DCFG_CCSR_SCRATCHRW2 to go by either. Please keep us posted of your progress and I will do the same. Thank you.

0 Kudos

5,716 Views
liyan
Contributor I

Hi Yiping,

       I met an other issue . When I do the secure boot for p4080, after the board up ,the interface cannot receive of send packets , after I use the non-secure boot u-boot and rcw ,it is OK, So could you please tell me why ? And my board is P4080DS r2 ,and my SDK is 2.0 . If my SDK is not suitable ,please tell me which one is OK, thank you.

Best Regards

0 Kudos

5,716 Views
marcboillot
Contributor I

Hi Yan, although I may be mistaken, I recall on the P3041/T1040 that secure boot did not provide for ethernet (using FMAN) and thus that TFTP would not work for its default configuration, but perhaps uboot could be customized to do so.

0 Kudos

5,723 Views
liyan
Contributor I

Hi Yiping,

       Could you please give me a link for QCVS , I am not sure which one is suitable for P4080, and do you have a estimate version ?

      By the way , where can we find a default P4080 PBL image which have enable the secure boot , we can have a try first .

       About the OTPMKR[0:7] , I can use the "mm" command to modify it , but after I write it , use "md" command to display ,it shows zero , It seems write failed .the same problem exsits in LS1021.

> mm fe0e805c

> fe0e805c: 00000000 ? ef0f928b

> fe0e8060: 00000000 ? 52255d2b

...

    About the CCSR SRKHR[0:7],I can use the "mm" command to modify it , and after write ,use "md" command , I can see the value has been wrote correctly .But after I reboot the board ,The value was changed to 0.

   Could you please tell me If I miss some steps , or there is bug in P4080 ?

thank you very much.

0 Kudos

5,723 Views
liyan
Contributor I

Hi Yiping,

  Is any feedback ?

0 Kudos

5,723 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please download QCVS for PowerPC from CodeWarriorNetworked Applications : QCVS|NXP .

Please refer to the attached RCW file.

Please note that in the designing stage, please only write value to SRKHR and OTPMKR mirror registers without writing the permanent registers to blow the fuse array.

Would you please provide your detailed log to do deployment? I will check it for you.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

5,723 Views
liyan
Contributor I

Thank you very much , Now I have a question about T2080.

we try to use u-boot to write the OTPMKR and the SRKHR into the flash.but after reboot the device ,the value cannot be saved . I think maybe  we after or before use "mm" comand to write register ,we should set the write protect register , do you have a guider to writer OTPMKR and the  SRKHR ,we want write it into flash and don't need modify. I know in P4080 board ,after "mm" command ,also need write

=> mm fe0e8020

fe0e8020: 00000000 ? 00000002

and In T2080, which register should be set to fuse the OTPMKR and SRKHR.

Thank you very much.

0 Kudos

5,723 Views
liyan
Contributor I

Hi Yiping ,

      Is any feedback , after write the OTPMKR and the SRKHR ,I set the SFP_INGR to 2 to write them to fuse array ,but It seems failed too , the value was cleared after board reset . Is any write protect bit was not be set or clear? could you please guild me ? Thank you very much .

=> mm fe0e8020

fe0e8020: 00000000 ? 00000002

0 Kudos

5,723 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Li Yan,

No protection for register SFP_INGR, please check whether the register SFP_FSWPR is set.

In the designing stage, it is not recommended to program the shadow registers values to the fuse array, because after this operation, OTPMK and SRKH keys cannot be changed any more.

After reset these mirror registers would be cleared, so we use CCS to connect to the target board to write mirror registers before executing u-boot, the procedure is as the following.

1. Configure RCW to enable boot hold off bit. The purpose is to wait for CCS connecting to the target board to write mirror registers.

2. Deploy image to bank4 at bank0, and switch to bank4.

3. Use CCS to connect to the target and write mirror registers and open CCS console to use the following commands to write mirror registes.

% config cc cwtap

% ccs::config_chain p4080

% ccs::get_config_chain

% ccs::write_mem  0  <address>  4  0  <value>

4. Configure registers DCFG_CCSR_BRR to release the core to boot from hold off mode.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

5,723 Views
liyan
Contributor I

Hi Yiping,

    P4080 board has finished , we are work on T2080QDS board.    

     I have check the SFP_FSWPR register, It is zero . Now we want to write it to fuse array and don't want to change it .

=> md fe0e8204

fe0e8204: 00000000 00000000 00000000 00000000    ................

fe0e8214: 00000000 00000000 00000000 00000000    ................

fe0e8224: 00000000 00000000 00000000 00000000    .......

below is my step , could you please tell me if I miss some operation?

  1. Enable POVDD = 1.8V.


      Set
SW9[8]= 1 (POVDD enabled)

  1. 2.  Write the OTPMK and SRKH

=> mm 0xfe0e821c

  fe0e821c: 00000000 ? 88888888

  fe0e8220: ffffffff ?77777777

  fe0e8224: ffffffff ?66666666

  fe0e8228: ffffffff ?55555555

  fe0e822c: ffffffff ?44444444

fe0e8230: ffffffff ?33333333

fe0e8234: ffffffff ? 22222222

fe0e8238: ffffffff ? 11111111

fe0e823c: 00000000 ? e814394d

fe0e8240: 00000000 ? eb4b3c5e

fe0e8244: 00000000 ? a74d8688

fe0e8248: 00000000 ? 0c92fa19

fe0e824c: 00000000 ? 58173dfa

fe0e8250: 00000000 ? 67a8f87b

fe0e8254: 00000000 ? 89750515

fe0e8258: 00000000 ? 34487261

fe0e825c: 00000000 ? 99999999

=> mm
0xfe0e8270       (UID)

  fe0e821c: 00000000 ?00000001

=>mm  0xfe0e8020

0xfe0e8020: 00000000 ? 00000002

3.
   power off the board

4.Disable  POVDD and power on the board

        SetSW9[8] = 0 (POVDD enabled)

5.Display the  OTPMK and SRKH

  => md fe0e821c

fe0e821c: 00000000 00000000 00000000 00000000    ................

fe0e822c: 00000000 00000000 00000000 00000000    ................

fe0e823c: 00000000 00000000 00000000 00000000    ................

fe0e824c: 00000000 00000000 00000000 00000000    ................

fe0e825c: 00000000 00000000 00000000 00000000    ................

0 Kudos

5,723 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Li Yan,

If you feel everything is OK, you also need to configure Intent to secure (ITS) bit to configure the board used as secure boot.

Please refer to SFP_OSPR[ITS]

In addition, please try write OTPMK shadow registers and program to the fuse array, then write SRKH shadow registers and program to the fuse array.

Thanks,

Yiping

0 Kudos

5,723 Views
liyan
Contributor I

Hello Yiping ,
       It seems the OTPMK and SRKH cannot be program to the fuse array, when I reboot the board , the OTPMK and SRKH changed to zero , It have  confused us  one week .Did we miss some steps ? Could you please help to check it ? thank you.

       we try to set ITS , but after board reset ,It disapper too .

 

=> mw 0xfe0e8200 00000004

=> mw 0xfe0e8020 00000002

after board reset , the value changed to zero , and the write protect is OK.

=> md 0xfe0e8200

fe0e8200: 00000000 00000000 00000000 00000000

0 Kudos