LS1043ARDB Secure Boot U-Boot Doesn't Output

cancel
Showing results for 
Search instead for 
Did you mean: 

LS1043ARDB Secure Boot U-Boot Doesn't Output

Jump to solution
184 Views
aismail102
Contributor II

Issue

After creating a secure boot image and writing to a SD card, U-Boot doesn't print anything to the console. I do observe D3 on the LS1043ARDB is not lit, so I know the board successfully processed the RCW.

Current State

I created a the stock firmware image with Yocto using instructions described in section 5.4 in https://www.nxp.com/docs/en/user-guide/LSDKYOCTOUG.pdf. I wrote the firmware_ls1043ardb_uboot_sdboot_secure.img image to an sdcard with the following command:

sudo dd if=firmware_ls1043ardb_uboot_sdboot_secure.img of=/dev/sdX bs=512 seek=8 & conv=fsync

I enabled J13 on the LS1043ARDB as prescribed in https://docs.nxp.com/bundle/GUID-51EEFEDB-ABD5-40C0-BEBD-6527B3494D57/page/GUID-27FC40AD-3321-4A82-B....

I now need to write the OTPMK and SRKH via U-boot, however, I am unable to since I see nothing on the mini-usb uart connection. Am I missing something that will allow U-Boot to come up and I can write the fuse values?

0 Kudos
1 Solution
144 Views
yipingwang
NXP TechSupport
NXP TechSupport

No need CodeWarrior license, if you only use CCS console.

You could install CodeWarrior for ARMv8 and get CCS in folder Freescale\CW4NET_v2020.06\Common\CCS.

View solution in original post

0 Kudos
3 Replies
180 Views
yipingwang
NXP TechSupport
NXP TechSupport

You could refer to document "https://community.nxp.com/t5/Qonverge-Knowledge-Base/Setting-up-Secure-Boot-on-PBL-Based-Platforms-i... for the procedure of secure boot during prototype stage.

First blow OTPMK keys to fuse array from CCS(or in u-boot), then setup u-boot in Bank0, deploy secure boot images to Bank4, switch to Bank4, use CCS to connect to the target board to write SRKH.

1. Platforms LS1021, LS1043, LS1046
a. After copying images to flash, select the boot source by changing the switch settings, then boot the board.
b. In platforms LS1021, LS1043, LS1046 flexbuild generated rcw for secure boot has the boot core put in holdoff by
setting BOOT_HO = 1 and enabled secure boot by SB_EN=1 (auto set when build with '-s' option in flexbuild).
After booting the board, core would get stuck at its first instruction. This is done to allow the user to write SRKH in the register. When using pre-built images, use the SRK hash present in srk_hash.txt from github. If SRKH fuse is already blown, then set BOOT_HO = 0 in rcw file in flexbuild, else write the SRK hash value (displayed while signing images) in SFP mirror registers and then release the core out of Boot Hold off by writing to Boot Release Register
in DCFG using the below commands:
ccs::config_server 0 10000
ccs::config_chain {<platform> dap sap2}
display ccs::get_config_chain
#Check Initial SNVS State and Value in SCRATCH Registers
ccs::display_mem <dap position> 0x1e90014 4 0 4
ccs::display_mem <dap position> 0x1ee0200 4 0 4
#Wrie the SRK Hash Value in Mirror Registers
ccs::write_mem <dap position> 0x1e80254 4 0 <SRKH1>
ccs::write_mem <dap position> 0x1e80258 4 0 <SRKH2>
ccs::write_mem <dap position> 0x1e8025c 4 0 <SRKH3>
ccs::write_mem <dap position> 0x1e80260 4 0 <SRKH4>
ccs::write_mem <dap position> 0x1e80264 4 0 <SRKH5>
ccs::write_mem <dap position> 0x1e80268 4 0 <SRKH6>
ccs::write_mem <dap position> 0x1e8026c 4 0 <SRKH7>
ccs::write_mem <dap position> 0x1e80270 4 0 <SRKH8>
#Get the Core Out of Boot Hold-Off
ccs::write_mem <dap position> 0x1ee00e4 4 0 0x00000001

0 Kudos
170 Views
aismail102
Contributor II

Thanks for the providing the reference, it has provided a lot more context. Still, I am confused about how to write the OTPMK keys to fuse array in u-boot. I do not want to use CCS. I don't have a license for Code Warrior, but I want to be able to write these mirror registers. Is there a way to get CCS without Code Warrior? Or is there a procedure for writing the shadow SRMKs and OTPMK with U-Boot?

0 Kudos
145 Views
yipingwang
NXP TechSupport
NXP TechSupport

No need CodeWarrior license, if you only use CCS console.

You could install CodeWarrior for ARMv8 and get CCS in folder Freescale\CW4NET_v2020.06\Common\CCS.

View solution in original post

0 Kudos