We have received new batch of LS1020 (ls1020 axe7hnb qyx1848 1nk taiw kqaluyu) and they were causing some problem for our u-boot software (and manufacturing) because security wise (SECMON) they do not seem to react in the same way as previous batchs (ls1020 axehnb qty1813 1nk taiw jkakuyu, LS1020 AXE7HNB QVW 1828 JMAKUYF).
We have fix the problem for our manufacturing by reverting back to original uboot code to determine "ITS" state (i.e OSPR register) instead of using the SYS_SECURE_BOOT bit in the SecMon HP Status Register (LS1021 reference manual rev1).
We have noticed that the new chip boots in the "check" state while the old one is in the "non-secure" state. We believe that the difference in state may have affected the state of SYS_SECURE_BOOT.
Are there changes or fixes to SECMON or the chip that could explain the problems we are having? Are there conditions or inputs to SECMON or the chip that could explain the problems? Are we fielding ls1020 IC that would have security issues or weaknesses in the future? Do you have release notes on the various LS1020 production batches?
Notes
1- The SECMON version listed in the 2 version register are the same in all versions of the chip.
2- All LS1020 batches were used in the same board manufacturing batch so only the CPU has changed not the surrounding circuits.
3- Our boards are on the LS1021 IOT.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
The next questions are related to our original use of the chip.
In the LS1021 reference manual rev1, the SecMon HP Status Register has a bit SYS_SECURE_BOOT and the manual states the following: In a chip in the field, SYS_SECURE_BOOT will normally reset to 1. It will reset to 0 only in a test chip.
Can you clarify what is a chip in the field and a test chip?
How can I find out which one I am using (field/test)? Can the setting be changed?
Is there a SecMon state where the value will be overridden or modified?
The bit description indicated: sys_secure_boot input signal to SecMon. Where is the signal coming from? Is possible to have more information.
New case was created for your problem.
Have a great day,
Pavel Chubakov
Looks like the case number that was open for this is now closed. Asked for it to be reopened but after 24h nothing has happenned.
Can we reopen the related case?
Please wait answer.
Have a great day,
Pavel Chubakov
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------