Hi,
I'm working on LS1021AIOT rev 2 board. I'm trying to enable secure boot feature in our board. I did the following steps.
1. Enabled SB_EN bit on rcw, and byte swapped the obtained pbl. (Make SCRATCHRW1=0x40090000 ie csf hearder location on NOR Flash).
2. Generated public and private keys.
3. generated CSF header and key hash for u-boot. (using uni_sign utility in cst directory).
4. Placed jumpers on j14, j19, & j20.
5. Generated OTPMK0 - OTPMK7, and written to OTPMK registers of ls1 (0x01e80234).
6. Programmed SRKH register in big endian mode with value obtained from hash key (0x01e0254).
7. Write content of mirror register to fuse array by programming SFP_INGR register (0x01e80020).
8. Check the status of fuse array programming by reading the status of SFP_INGR register. the value obtained was 0x0, programmed successfully.
9. Switch of the board and removed jumpers j19, & j20 and booted board from SD card.
10. Flashed the byte swapped rcw (SB_EN=1) to NOR addr 0x0, u-boot to addr 0x10000 and CSF header for u-boot to addr 0x90000.
11. Reboot the board
But now we are not getting any console prints on booting from QSPI NOR with secure boot enabled, also unable to boot from SD card in non secured mode (in rcw SB_EN = 0 for SD card).
The RCW in QSPI NOR is detected by the board, as the red LED(D6) indicator has turned off. But while booting from SD card, the rcw is not detecting as the red LED(D6) is blinking, but it is possible to boot another LS1021aiot board using the same SD card (in Non secure mode).
Is that a chip errata of ls1021aiot silicon revision 2?
Can anybody help me in solving these issue?
Thanking you in advance,
Pranav
解決済! 解決策の投稿を見る。
Hi Adrian
Is this SFP_OSPR (0x01e8_0200 :OEM Security Policy Register) is a fuse register, I didn’t get any information regarding whether it is fuse register or not from the data sheet.what is the significance of ITS(intent to secure) bit in this register, is it going into 0 value on restarting the board or it is also fuse register bit.
I think Yiping's response form https://community.freescale.com/message/616758?et=watches.email.outcome#616758 will help you.
Adrian
Please refer to this doc.
Adrian
Thank You Adrian,
Is it possible to clear the registers SRKH, OTPMK using codewarriorTAP?
Once you permanently fuse the shadow registers, you can't clear them even a CodeWarrior TAP is used.
Adrian
We have enabled secure boot, but normal booting is also not happening while boot from sd card.
For booting in normal mode, make sure SB_EN=0 in RCW or/and ITS it is also 0.
Adrian