- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- QorIQプロセッシングプラットフォーム
- :
- QorIQ
- :
- Re: BSC9131RDB: is it possible to enable secure boot on this board without actually blowing the fuses?
BSC9131RDB: is it possible to enable secure boot on this board without actually blowing the fuses?
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
I was looking in to prototyping the secure boot on this board, however could not find any way to enable secure boot on this board without blowing the fuses? There is this document Secure boot for Non-PBL Platform which describes the prototyping procedure for 9132QDS board, do we have someway to prototype secure boot on 9131 as well.
解決済! 解決策の投稿を見る。
yipingwang
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello Ravindra Khati,
BSC9131RDB secure boot is not enabled by default in SDK u-boot source, you need to modify the u-boot source code according to BSC9132QDS.
Please refer to the attached patch to modify your u-boot source code.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi Yiping,
is it mandatory to blow OTPMK as well before trying a signed ESBC image? at least till ESBC validation and boot up I don't think OTPMK will be used.
and if we fuse the ITS bit only and for SRK hash we just fill the shadow registers with CCS, would that work?
Regards,
Ravindra Khati
yipingwang
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello Ravindra Khati,
Both OTPMK and SRK has are required to be programmed into fused if ITS or SB_EN is set, otherwise ISBS will refuse to pass control to ESBC.
Check the status register of sec mon block (location CCSRBAR + 0xe6014). Refer to the details of the register from the Reference Manual. Bits OTPMK_ZERO, OTMPK_SYNDROME and PE should be 0 otherwise there is some error in the OTPMK fuse blown by you.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
HI Yiping,
Thanks, for the patch. One more query on this there could be several reasons for ISBC to not able to validate the ESBC image, How do you suggest to debug such issues if we land up in such problem.
In other platforms I guess there are registers which could tell the error code for why ISBC failed the validation but could not find any such register in bsc9131.
Regards,
Ravindra Khati
yipingwang
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello Ravindra Khati,
9131RDB board doesn't have DIP-Switch for CFG_SB_DIS, for 9131RDB it is only possible to do so by blowing the fuse. Once fuse is blown, it can't be booted as non secure.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi Yiping,
Thanks for your reply, As per the Secure boot for Non-PBL Platform document there is separate secure u-boot(NAND_SECBOOT) build in case of BSC9132QDS, However for BSC9131RDB I can not see any such u-boot build target for secure boot in freescale's latest SDK. Does this mean a normal u-boot NAND build can be used in case of secure boot or is there any modification required in u-boot as well for secure boot?
Regards,
Ravindra Khati
yipingwang
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello Ravindra Khati,
BSC9131RDB secure boot is not enabled by default in SDK u-boot source, you need to modify the u-boot source code according to BSC9132QDS.
Please refer to the attached patch to modify your u-boot source code.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
