Hi,
I have tried NOR secure boot in T1024RDB, but it goes to non-secure state which is detected from SECMON_HPSR register. Below are the steps followed,
PBL binary generation using QCVS tool:
#LAW for ESBC
09000c10 00000000
09000c14 c0000000
09000c18 81f0001b
# LAW for CPC/SRAM
09000d00 00000000
09000d04 bff00000
09000d08 81000013
# Scratch Registers
090e0200 c0b00000
090e0208 c0c00000
# CPC SRAM
09010100 00000000
09010104 bff00009
# CPC Configuration
09010f00 08000000
09010000 80000000
Key, hash value and CSF header generation:
Flashed the images and the corresponding CSF header in the alternate bank of T1024RDB.
Fusing OTPMK:
Switched to the alternate bank using the command “cpld reset altbank”. Since BOOT_HO is enabled, core enters doze mode.
Writing SRKH:
No console messages appear and the value of SECMON_HPSR is 0x80008b00 (i.e. SSM is in Non-secure state). Value of DCFG_CCSR_SCRATCHRW2 register is 0x00000000.
Are these steps enough or I have missed anything?
Further assistance to implement secure boot in T1024RDB would be helpful. Kindly suggest how to debug further?
Hello ARUMUGAM P,
Please use the following PBI commands provided in rcw package in SDK 2.0, you could use rcw package provided in Linux SDK to generate secure boot RCW, it is more convenient, please refer to the section "2.1.1 Create Secure boot RCW in Linux SDK" in Setting up Secure Boot on PBL Based Platforms in Prototype Stage .
write 0x10000, 0x00200400
write 0x10104, 0xBFF00007
write 0xC10, 0x00000000
write 0xC14, 0xC0000000
write 0xC18, 0x81F0001B
write 0xCF0, 0x00000000
write 0xCF4, 0xBFF00000
write 0xCF8, 0x81000010
write 0xE0200, 0xC0B00000
write 0xE0208, 0xC0C00000
write 0x10000, 0xC0000000
write 0x10100, 0x00000000
write 0x10F00, 0x08000000
In addition, do you use images signing input file provided in CST tool in the folder input_files/uni_sign/t1_t2_t4, would you please provide this file "input_uboot_nor_secure"?
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi Yiping,
Thanks for quick reply. I tried the PBI commands you gave, but I am still getting the same problem(i.e. transition to Non-secure state). Herewith I have attached the input_uboot_nor_secure file that is used for images signing using CST tool. In the input_uboot_nor_secure file, not able to add T1024 in PLATFORM field, why so?
While writing in SRKH mirror registers, "mem fe0e823c = 54f39b1f" command is used. Is this fine to write the SRKH registers, I also tried swapping the contents and writing using "-s" option but no solution obtained. Could you suggest how to proceed further.
Regards,
ARUMUGAM P