FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Running secure boot (Chain of Trust with Confidentiality) on LS1012A

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Running secure boot (Chain of Trust with Confidentiality) on LS1012A

‎06-04-2019 07:06 AM
630 Views
brianpaterson
Contributor III

I see in the documentation the details on setting up the secure boot, encrypting the various components and setting them into NAND, Flash, QSPI or wherever.

I also see the options of blowing the fuses or running RCW with SB_EN=0, or both. 

However, what I don't see is how to re-flash the unit when the firmware changes - and it always changes. 

Clearly blowing the fuses will brick the unit, so we need the internal switches to be set. 

Question - with this device located on a hardwire Ethernet network, is there a way to reflash the unit once it's in secure boot mode? We can make the assumption that the connection to actually do the flashing is secure, but I don't see how to reset the switches to allow booting to the non-secure mode and from there reloading the encrypted packages. 

Many thanks!

Brian

0 Kudos
Reply
1 Reply

‎06-05-2019 09:57 AM
503 Views
r8070z
NXP Employee
NXP Employee


Have a great day,

I did not get what are “internal switches” and why these switches should be set. Please correct me if I wrong. I assume you need to overwrite boot flash connected to the LS1012A which can support secure boot only (ITS bit is set). It is possible because the fuses just keep hash of public keys (and OTPMK). You just need to have corresponding private key and public key itself (if OTPMK is needed for firmware you also should have it). New firmware must be signed in the same way as previous. The internal secure boot code (ISBC) checks public key and use it to check signed boot code. See Figure 29-5. “Code signing and signature validation” in the LS1012A Reference Manual, Rev. 1. Details you can find in the section 29.7.2 “ISBC phase” of the reference manual. So if your secure firmware can load new firmware, possibly check it and write it to the boot flash you can reflash the unit. This procedure may fail and corrupt boot code. However the ISBC support alternate image -  if the new code cannot be successfully validated, the ISBC will write an error code to the chip's DCFG_CCSR_SCRATCHRW2 register then read DCFG_CCSR_SCRATCHRW3 for a pointer to an alternate or back-up image (also signed properly).

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply