Secure boot failed on t2080qds

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure boot failed on t2080qds

2,469 Views
yi_li
Contributor II

I'm working on secure boot for T2080QDS.I walked the steps,but I failed.All files come from SDK, and signed header by cst.

Steps like that:

set SW#6[OFF,OFF,OFF,OFF]

1.download u-boot,the file come from sdk2.0

=>tftp 1000000 u-boot-secure-boot-2016.01+fslgit-r0.bin

=>erase 0xEBF40000 +c0000

=>cp.b 1000000 0xEBF40000 c0000

2.download rcw,the file come from sdk2.0

=>tftp 1000000 rcw_66_15_1800MHz_sb.bin

=>erase 0xEC000000 +b0

=>cp.b 1000000 0xEC000000 b0

3.download uboot_header,the file come from uni_sign

=>tftp 1000000 hdr_uboot.out

=>erase ECB00000 +700

=>cp.b 1000000 ECB00000 700

4.write SRK Hash Value,the value come from uni_sign,the hign bit set low address.

mm 0xfe0e823c

fe0e823c: 00000000 ? e814394d

fe0e8240: 00000000 ? eb4b3c5e

fe0e8244: 00000000 ? a74d8688

fe0e8248: 00000000 ? 0c92fa19

fe0e824c: 00000000 ? 58173dfa

fe0e8250: 00000000 ? 67a8f87b

fe0e8254: 00000000 ? 89750515

fe0e8258: 00000000 ? 34487261

5.write OTPMKR, the value come from gen_otpmk_drbg,the hign bit set low address.

mm 0xfe0e821c

fe0e821c: 00000000 ? e814394d

fe0e8220: FFFFFFFF? eb4b3c5e

fe0e8224: FFFFFFFF? a74d8688

fe0e8228: FFFFFFFF? 0c92fa19

fe0e822c: FFFFFFFF? 58173dfa

fe0e8230: FFFFFFFF ? 67a8f87b

fe0e8234: FFFFFFFF? 89750515

fe0e8238: FFFFFFFF? 34487261

6.write FSL_UID and OEM_UID

mm 0xfe0e825c

fe0e825c: 00000000 ? 99999999

mm 0xfe0e8270

fe0e8270: 00000000 ? 00000001

 

shutdown device,and set SW#6[OFF,ON,OFF,OFF],boot this device,no message output.

error code at address 0xfe314014 is 8800AB00

SECMON_HPSR field descriptions

FieldDescription

0

ZMK_ZERO

Zeroizable Master Key is Equal to Zero. When set, this bit triggers “bad key” violation if theZMKis selected

for use

NOTE: The reset value of this bit depends on the value in the LPZMKR.

0 The ZMK is not zero

1 The ZMK is zero

1–3

-

This field is reserved.

Reserved

4

OTPMK_ZERO

One Time Programmable Master Key = 0 Error

0 The OTPMK is not zero

1 The OTPMK is zero

5–6

-

This field is reserved.

Reserved

7

PE

OTPMK Parity Error. This bit is set to '1' for any odd number of errors in the OTPMK, including errors in

the error detection bits themselves. If any of the OTPMK_SYNDROME bits are set, and the OTRMK Parity

Error = 0, then the OTPMK has 2 or more errors and the failing bit position cannot be determined.

8–15

OTPMK_

SYNDROME

This value indicates the error location in case of a single-bit error in the OTPMK. For example, syndrome

word 10010110 indicates that key bit 150 has an error.

16–19

-

This field is reserved.

Reserved

20–23

SSM_ST

Security monitor state. This field contains the encoded state of the security monitor's internal state

machine. The encoding of the possible states are:

0000 Init

1001 Check

1011 Non-Secure

1101 Trusted

1111 Secure

0011 Soft Fail

0001 Hard Fail

24–31

-

This field is reserved.

Reserved

Looks like security monitor state is "1011 Non-Secure".

error code at address 0xfe0e0200 is 00000101

0x101ERROR_STATE_NOT_CHECKSEC_MON State Machine not in CHECK state at start of ISBC. Some Security violation could have occurred.

 

The RCW that I used  comes from SDK, and it truly enable secure boot.

When I rebooted the device,All "mm" values was gone.

 

Please give me some advice,Or point some error.

 

Thank you very much.

Yi.

 

 

input_uboot_nor_secure like that:

 

/* Copyright (c) 2013 Freescale Semiconductor, Inc.

* All rights reserved.

*/

---------------------------------------------------

# Specify the platform. [Mandatory]

# Choose Platform - 1010/1040/2041/3041/4080/5020/5040/9131/9132/9164/4240/C290

PLATFORM=4240

# ESBC Flag. Specify ESBC=0 to sign u-boot and ESBC=1 to sign ESBC images.(default is 0)

ESBC=0

---------------------------------------------------

# Entry Point/Image start address field in the header.[Mandatory]

# (default=ADDRESS of first file specified in images)

ENTRY_POINT=cffffffc

---------------------------------------------------

# Specify the file name of the keys seperated by comma.

# The number of files and key select should lie between 1 and 4 for 1040 and C290.

# For rest of the platforms only one key is required and key select should not be provided.

# USAGE (for 4080/5020/5040/3041/2041/1010/913x): PRI_KEY = <key1.pri>

# USAGE (for 1040/C290/9164/4240): PRI_KEY = <key1.pri>, <key2.pri>, <key3.pri>, <key4.pri>

# PRI_KEY (Default private key :srk.pri) - [Optional]

PRI_KEY=srk.pri

# PUB_KEY (Default public key :srk.pub) - [Optional]

PUB_KEY=srk.pub

# Please provide KEY_SELECT(between 1 to 4) (Required for 1040/C290/9164/4240 only) - [Optional]

KEY_SELECT=

---------------------------------------------------

# Specify SG table address, only for (2041/3041/4080/5020/5040) with ESBC=0 - [Optional]

SG_TABLE_ADDR=

---------------------------------------------------

# Specify the target where image will be loaded. (Default is NOR_16B) - [Optional]

# Only required for Non-PBL Devices (1010/1040/9131/9132i/C290)

# Select from - NOR_8B/NOR_16B/NAND_8B_512/NAND_8B_2K/NAND_8B_4K/NAND_16B_512/NAND_16B_2K/NAND_16B_4K/SD/MMC/SPI

IMAGE_TARGET=

---------------------------------------------------

# Specify IMAGE, Max 8 images are possible. DST_ADDR is required only for Non-PBL Platform. [Mandatory]

# USAGE : IMAGE_NO = {IMAGE_NAME, SRC_ADDR, DST_ADDR}

IMAGE_1={u-boot.bin,cff40000,ffffffff}

IMAGE_2={,,}

IMAGE_3={,,}

IMAGE_4={,,}

IMAGE_5={,,}

IMAGE_6={,,}

IMAGE_7={,,}

IMAGE_8={,,}

---------------------------------------------------

# Specify OEM AND FSL ID to be populated in header. [Optional]

# e.g FSL_UID=11111111

FSL_UID=

OEM_UID=

---------------------------------------------------

# Specify the file names of csf header and sg table. (Default :hdr.out) [Optional]

OUTPUT_HDR_FILENAME=hdr_uboot.out

# Specify the file names of hash file and sign file.

HASH_FILENAME=img_hash.out

INPUT_SIGN_FILENAME=sign.out

# Specify the signature size.It is mandatory when neither public key nor private key is specified.

# Signature size would be [0x80 for 1k key, 0x100 for 2k key, and 0x200 for 4k key].

SIGN_SIZE=0x100

---------------------------------------------------

# Specify the output file name of sg table. (Default :sg_table.out). [Optional]

# Please note that OUTPUT SG BIN is only required for 2041/3041/4080/5020/5040 when ESBC flag is not set.

OUTPUT_SG_BIN=

---------------------------------------------------

# Following fields are Required for 4240/9164/1040/C290 only

# Specify House keeping Area

# Required for 4240/9164/1040/C290 only when ESBC flag is not set. [Mandatory]

HK_AREA_POINTER=bff00000

HK_AREA_SIZE=00010000

---------------------------------------------------

# Following field Required for 4240/9164/1040/C290 only

# Specify Secondary Image Flag. (0 or 1) - [Optional]

# (Default is 0)

SEC_IMAGE=

---------------------------------------------------

Original Attachment has been moved to: uboot_secure_boot.zip

Labels (1)
0 Kudos
13 Replies

1,685 Views
lawrence_d_lamb
Contributor I

I didn't see that this problem was resolved. I am experiencing the same symptoms on my T2080QDS and using the U-Boot (u-boot-secure-boot-2016.01+fslgit-r0.bin) and RCW (rcw_66_15_1800MHz_sb.bin) from QorIQ Linux SDK v2.0-1703 yocto project. I'm using the same input file mentioned in this thread to sign and generate the CSF. The files are programmed to the altbank (vbank4) in NOR Flash. I have no output on the serial output. When I attach the CW TAP Probe and view the SCRATCHRW2 value, it is 0x00000000. The SECMON_HPSR value is 0x8000ad00. Any suggestions?

Thanks,

Larry

0 Kudos

1,685 Views
yi_li
Contributor II

I added the attachment,if you don't receive it by email,you can download this.

0 Kudos

1,685 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Yi Li,

I found you used "ESBC_HDRADDR=c0b00000" in the file input_uboot_nor_secure, did you use ie_keys(generate keys with --key_ext option)? If not, please only use files in cst/input_files/uni_sign/t1_t2_t4.

Thanks,

Yiping

0 Kudos

1,685 Views
yi_li
Contributor II

My u-boot file comes from <SDK folder>/QorIQ-SDK-V2.0-20160527-yocto/build_t2080qds/tmp/deploy/images/t2080qds, And name is u-boot-secure-boot-2016.01+fslgit-r0.bin.

My input_uboot_nor_secure file is same with yours. It is comes from <SDK folder>/QorIQ-SDK-V2.0-20160527-yocto/build_t2080qds/tmp/sysroots/x86_64-linux/usr/bin/cst/input_files/uni_sign/t1_t2_t4, and I do not modify it.

0 Kudos

1,685 Views
yi_li
Contributor II

Hi Yiping ,

       We have contact the NXP china site  , Because our project is urgent , so we want to carry our board into NXP china site to ask help . Could you please help to send a request to china site ? If you need PO number ,I can send it to you ,thank you very much.

0 Kudos

1,685 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Yi Li,

You could submit a Service Request following How I could create a Service Request? .

Please provide all your images and SRK hash key, we will do verification for you on our target boards.

If you are urgent, you could send your images and SRK hash key to me through email directly, I will verify for you.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

1,685 Views
yi_li
Contributor II

Hi Yiping,

Please help me to verify it,I will send them by email.

Yi.

0 Kudos

1,685 Views
yi_li
Contributor II

Hello,

       Is any feedback ? thank you.

0 Kudos

1,685 Views
andrewbanda
Contributor I

Hello Yi Li,

I know that this was some time ago but do you remember how you got rid of the ERROR_STATE_NOT_CHECK, any clues would be helpful.

Best regards,

Andrew

0 Kudos

1,685 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Li Yi,

Let's continue to discuss your T2080 secure boot problem.

Would you please provide your PBL(RCW) file used for secure boot?


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

1,685 Views
yi_li
Contributor II

RCW please see attachment.

0 Kudos

1,685 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Yi Li,

Please make sure the u-boot image is used for secure boot.

Please try to use the attached configuration file to sign your u-boot image again.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

1,685 Views
yi_li
Contributor II

Now ,the SRK hash and OTPMK are burned into fuse array, and error code at address 0xfe314014 is 8000AD00. The SCRATCHRW2 is 00000000.but no print on u-boot console.The RCW comes from SDK2.0.

0 Kudos