I am attempting to secure boot a P5020 and so far my attempts have not been successful.
I am reading in the SDK documentation, it sounds like a HASH has to be program in the SFP fuse. It also looks like the fuse can only be programed two times. Is there anyway to perform secure boot without programing the fuse?
I am very new to all of this, any help is appreciated.
Hello Ana Lim,
Please use secure RCW provided in SDK 1.9.
I uploaded QorIQ Linux SDK 2.0 user manual https://drive.google.com/open?id=1-goeJsMtBB1X7X9Bfo9NV42YhAs_iuOM , please refer to the section "10.3.1.14 Appendix P3/P4/P5/T1_T2_T4 Secure Boot demo".
Please refer to the following CCS command for P5020
# Connect to CCS and configure Config Chain
#Check Initial SNVS State and Value in SCRATCH Registers
ccs::display_mem 0 0xfe314014 4 0 1
ccs::display_mem 0 0xfe0e0200 4 0 4
#Wrie the SRK Hash Value in Mirror Registers
ccs::write_mem 0 0xfe0e807c 4 0 <SRKH1>
ccs::write_mem 0 0xfe0e8080 4 0 <SRKH2>
ccs::write_mem 0 0xfe0e8084 4 0 <SRKH3>
ccs::write_mem 0 0xfe0e8088 4 0 <SRKH4>
ccs::write_mem 0 0xfe0e808c 4 0 <SRKH5>
ccs::write_mem 0 0xfe0e8090 4 0 <SRKH6>
ccs::write_mem 0 0xfe0e8094 4 0 <SRKH7>
ccs::write_mem 0 0xfe0e8098 4 0 <SRKH8>
#Get the Core Out of Boot Hold-Off
ccs::write_mem 0 0xfe0e00e4 4 0 0x00000001
The ccs commands above only write hash to the SRKH. Do I need to burn the OTPMK since those registers seems to be write protected?
I am seeing the SCRATCHRW2=0x00010000 and SECMON_HPSR=0x812d0b00.
Where can I find information about these registers for different boards? I am interested in P4080DS and P5040 boards. What is the address and which bits represent them? I am not able to find them in SDK 2.0 documentation and TRM for the boards. Greatly appreciate your help in this regard. Thank you!
I am seeing a mention of running the OTPMK Hamming algorithm on the OTPMK hash. Is that necessary?
Can the OTPMK hash be obtained the same way as the SRKHR?
I am suing the provide uni_sign tool to get the SRKHR hash, can it be used for the OTPMK hash?
Also, is the OTPMK hash need to be byte swapped? From the Setting up Secure boot document, the way that OTPMK hash is listed is a bit different from the SRKHR (which has no mention of bit order).
Blow OTPMK to fuse array is necessary to enable secure boot.
Generate OTPMK key with CST command gen_otpmk_drbg, please refer to the following.
./gen_otpmk_drbg <bit_order> [string]
<bit_order> : (1 or 2) OTPMK Bit Ordering Scheme in SFP
1 : BSC913x, P1010, P3, P4, P5, C29x
2 : T1, T2, T4, B4, LSx
<string> : 32 byte string
No need to do swapping for the generate OTPMK key.
Thanks for your answer. I am reviewing the document above and have some questions.
In the document the PBI commands are as follow, but it is a bit different than the rcw that i am using (from SDK 1.9).
|Setting up Secure Boot on PBL Based Platforms in Prototype Stage||RCW from SDK1.9 for p5020|
#LAW for ESBC
# LAW for CPC/SRAM
# Scratch Registers
# CPC SRAM
# CPC Configuration
#LAW for ESBC
# Scratch Registers
In the rcw_15g_sben_2000mhz.bin, there is not commands to write the CPC/SRAM. Are they not needed on p5020?
Also, in the "Setting up Secure Boot on PBL Based Platforms in Prototype Stage", there is a section to write the keys hash in ccs. However, the QorIQ P5020 Reference Manual 220.127.116.11, said that those register are blocked during secure boot.
I did try to write to the 0xe_805c and confirmed that the write did not go successfully.
Did I miss something?