I've been looking through the LSDK 19.09 documentation, and I wanted to double-check my understanding of how to enable secure boot for development purposes, without permanently blowing any fuses.
My target platform is LS1088ARDB_PB, and I would like to include both secure boot and OP-TEE and boot from SD card. In build_lsdk.cfg, I've set CONFIG_APP_OPTEE=y and CONFIG_APP_SECURE_OBJ=y.
Looking at section 6.4.2.1 and 6.4.3 of the LSDK, I see that there's a Fuse Provisioning Utility that takes input_fuse_file if CONFIG_FUSE_PROVISIONING=y in build_lsdk.cfg. In input_file_file, I followed the comments and set OTPMK_FLAGS=1111, as I do not want to blow the OTPMK fuse. After that, I built the LSDK bootpartition, firmware, and rootfs using the automatic builder:
flex-builder -i clean
flex-builder -m ls1088ardb_pb
After that, I'm not sure about the rest of section 6.4.5:
- How I put J10 to enable PWR_PROG_SFP? Does that refer to shorting jumper J10 on the board itself?
- Do I need to put J10 f I am looking not to permanently blow fuses at this time?
- Will following the instructions in 6.4.5.2, 6.4.5.3, and 6.4.6 be sufficient if I've set OTPMK_FLAGS=1111?
- Are there any other steps I'm missing, or pitfalls I should watch out for? I saw that there's Minimal Fuse Provisioning that involves some other fuses, and there's another section in LSDK1909 about programming SRKH mirror registers for running secure boot. (6.1.3.2)
