I'm working on secure boot for T2080QDS.I walked the steps,but I failed.All files come from SDK, and signed header by cst.
Steps like that:
set SW#6[OFF,OFF,OFF,OFF]
1.download u-boot,the file come from sdk2.0
=>tftp 1000000 u-boot-secure-boot-2016.01+fslgit-r0.bin
=>erase 0xEBF40000 +c0000
=>cp.b 1000000 0xEBF40000 c0000
2.download rcw,the file come from sdk2.0
=>tftp 1000000 rcw_66_15_1800MHz_sb.bin
=>erase 0xEC000000 +b0
=>cp.b 1000000 0xEC000000 b0
3.download uboot_header,the file come from uni_sign
=>tftp 1000000 hdr_uboot.out
=>erase ECB00000 +700
=>cp.b 1000000 ECB00000 700
4.write SRK Hash Value,the value come from uni_sign,the hign bit set low address.
mm 0xfe0e823c
fe0e823c: 00000000 ? e814394d
fe0e8240: 00000000 ? eb4b3c5e
fe0e8244: 00000000 ? a74d8688
fe0e8248: 00000000 ? 0c92fa19
fe0e824c: 00000000 ? 58173dfa
fe0e8250: 00000000 ? 67a8f87b
fe0e8254: 00000000 ? 89750515
fe0e8258: 00000000 ? 34487261
5.write OTPMKR, the value come from gen_otpmk_drbg,the hign bit set low address.
mm 0xfe0e821c
fe0e821c: 00000000 ? e814394d
fe0e8220: FFFFFFFF? eb4b3c5e
fe0e8224: FFFFFFFF? a74d8688
fe0e8228: FFFFFFFF? 0c92fa19
fe0e822c: FFFFFFFF? 58173dfa
fe0e8230: FFFFFFFF ? 67a8f87b
fe0e8234: FFFFFFFF? 89750515
fe0e8238: FFFFFFFF? 34487261
6.write FSL_UID and OEM_UID
mm 0xfe0e825c
fe0e825c: 00000000 ? 99999999
mm 0xfe0e8270
fe0e8270: 00000000 ? 00000001
shutdown device,and set SW#6[OFF,ON,OFF,OFF],boot this device,no message output.
Error code at address 0xfe314014 is 8800AB00
SECMON_HPSR field descriptions
Field | Description |
---|---|
0 ZMK_ZERO | Zeroizable Master Key is Equal to Zero. When set, this bit triggers “bad key” violation if theZMKis selected for use NOTE: The reset value of this bit depends on the value in the LPZMKR. 0 The ZMK is not zero 1 The ZMK is zero |
1–3 - | This field is reserved. Reserved |
4 OTPMK_ZERO | One Time Programmable Master Key = 0 Error 0 The OTPMK is not zero 1 The OTPMK is zero |
5–6 - | This field is reserved. Reserved |
7 PE | OTPMK Parity Error. This bit is set to '1' for any odd number of errors in the OTPMK, including errors in the error detection bits themselves. If any of the OTPMK_SYNDROME bits are set, and the OTRMK Parity Error = 0, then the OTPMK has 2 or more errors and the failing bit position cannot be determined. |
8–15 OTPMK_ SYNDROME | This value indicates the error location in case of a single-bit error in the OTPMK. For example, syndrome word 10010110 indicates that key bit 150 has an error. |
16–19 - | This field is reserved. Reserved |
20–23 SSM_ST | Security monitor state. This field contains the encoded state of the security monitor's internal state machine. The encoding of the possible states are: 0000 Init 1001 Check 1011 Non-Secure 1101 Trusted 1111 Secure 0011 Soft Fail 0001 Hard Fail |
24–31 - | This field is reserved. Reserved |
Looks like security monitor state is "1011 Non-Secure".
Error code at address 0xfe0e0200 is 00000101
0x101 | ERROR_STATE_NOT_CHECK | SEC_MON State Machine not in CHECK state at start of ISBC. Some Security violation could have occurred. |
The RCW that I used comes from SDK, and it truly enable secure boot.
When I rebooted the device,All "mm" values was gone.
Please give me some advice,Or point some error.
Thank you very much.
Yi.
input_uboot_nor_secure like that:
/* Copyright (c) 2013 Freescale Semiconductor, Inc.
* All rights reserved.
*/
---------------------------------------------------
# Specify the platform. [Mandatory]
# Choose Platform - 1010/1040/2041/3041/4080/5020/5040/9131/9132/9164/4240/C290
PLATFORM=4240
# ESBC Flag. Specify ESBC=0 to sign u-boot and ESBC=1 to sign ESBC images.(default is 0)
ESBC=0
---------------------------------------------------
# Entry Point/Image start address field in the header.[Mandatory]
# (default=ADDRESS of first file specified in images)
ENTRY_POINT=cffffffc
---------------------------------------------------
# Specify the file name of the keys seperated by comma.
# The number of files and key select should lie between 1 and 4 for 1040 and C290.
# For rest of the platforms only one key is required and key select should not be provided.
# USAGE (for 4080/5020/5040/3041/2041/1010/913x): PRI_KEY = <key1.pri>
# USAGE (for 1040/C290/9164/4240): PRI_KEY = <key1.pri>, <key2.pri>, <key3.pri>, <key4.pri>
# PRI_KEY (Default private key :srk.pri) - [Optional]
PRI_KEY=srk.pri
# PUB_KEY (Default public key :srk.pub) - [Optional]
PUB_KEY=srk.pub
# Please provide KEY_SELECT(between 1 to 4) (Required for 1040/C290/9164/4240 only) - [Optional]
KEY_SELECT=
---------------------------------------------------
# Specify SG table address, only for (2041/3041/4080/5020/5040) with ESBC=0 - [Optional]
SG_TABLE_ADDR=
---------------------------------------------------
# Specify the target where image will be loaded. (Default is NOR_16B) - [Optional]
# Only required for Non-PBL Devices (1010/1040/9131/9132i/C290)
# Select from - NOR_8B/NOR_16B/NAND_8B_512/NAND_8B_2K/NAND_8B_4K/NAND_16B_512/NAND_16B_2K/NAND_16B_4K/SD/MMC/SPI
IMAGE_TARGET=
---------------------------------------------------
# Specify IMAGE, Max 8 images are possible. DST_ADDR is required only for Non-PBL Platform. [Mandatory]
# USAGE : IMAGE_NO = {IMAGE_NAME, SRC_ADDR, DST_ADDR}
IMAGE_1={u-boot.bin,cff40000,ffffffff}
IMAGE_2={,,}
IMAGE_3={,,}
IMAGE_4={,,}
IMAGE_5={,,}
IMAGE_6={,,}
IMAGE_7={,,}
IMAGE_8={,,}
---------------------------------------------------
# Specify OEM AND FSL ID to be populated in header. [Optional]
# e.g FSL_UID=11111111
FSL_UID=
OEM_UID=
---------------------------------------------------
# Specify the file names of csf header and sg table. (Default :hdr.out) [Optional]
OUTPUT_HDR_FILENAME=hdr_uboot.out
# Specify the file names of hash file and sign file.
HASH_FILENAME=img_hash.out
INPUT_SIGN_FILENAME=sign.out
# Specify the signature size.It is mandatory when neither public key nor private key is specified.
# Signature size would be [0x80 for 1k key, 0x100 for 2k key, and 0x200 for 4k key].
SIGN_SIZE=0x100
---------------------------------------------------
# Specify the output file name of sg table. (Default :sg_table.out). [Optional]
# Please note that OUTPUT SG BIN is only required for 2041/3041/4080/5020/5040 when ESBC flag is not set.
OUTPUT_SG_BIN=
---------------------------------------------------
# Following fields are Required for 4240/9164/1040/C290 only
# Specify House keeping Area
# Required for 4240/9164/1040/C290 only when ESBC flag is not set. [Mandatory]
HK_AREA_POINTER=bff00000
HK_AREA_SIZE=00010000
---------------------------------------------------
# Following field Required for 4240/9164/1040/C290 only
# Specify Secondary Image Flag. (0 or 1) - [Optional]
# (Default is 0)
SEC_IMAGE=
---------------------------------------------------
Look at the following page from Community:
https://community.nxp.com/thread/399971
This page contains command sequence for secure boot. Compare recommended command sequence and your command sequence.
Have a great day,
Pavel Chubakov
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
This is not correct answer.I know the process.
I set the J27,it works.but I have another problem.
I burned all images, and reboot this board, no print on UART console. I followed steps on SDK 2.0>Boot Loaders>U-Boot>Secure Boot>Troubleshooting, the status register of sec mon block is 8000AD00, and Sec Mon in Trusted State is 0xd. The address 0xfe0e0204 is 00000000.
I am sure the entry point field in the ESBC header is 0xcffffffc,and u-boot is right. Because I rebuild the u-boot use commands: bitbake u-boot -c cleansstate, bitbake u-boot -c patch, bitbake u-boot.
I don't kwon what to do next.