T1040 secure boot from NAND

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

T1040 secure boot from NAND

591 Views
KSin
Contributor II

Hello,

I am trying to set up secure boot from NAND on T1040. During study the materials I found som things which are ambiguous for me.

1. There, in the documentation of QorIQ SDK, is an example of PBI commands needed for secure boot. One section of the commands is setting of LAW for CPC/SRAM:
# LAW for CPC/SRAM
09000d00 00000000
09000d04 bff00000
09000d08 81000013

Looking into the T1040RM I found, thaht the highest address of LAW registers is CF8 and address D00, D04 and D08 are in the area marked as "reserved". Should I really use the register addresses written in the SDK documentation, or should I chose any from the area defined in reference manual?

2. Comparing the PBI commands for secure and non secure nand boot I found, that the CPC/SRAM for address FFFC000 is not configured in case of secure boot, but the u-boot SPL is builded to run on this address. Should I rebuild the u-boot SPL for address bff00000?

3. I tried also to apply the "uni_pbi" script on the u-boot-with-spl-pbl.bin image and compared the output image with the original one. I found, that there was set the RCW SB_EN bit to 1 (this I understand) but I don't understand, why is set also the bit BOOT_HO. Can you explain me the reason?

4. The "uni_pbi" script also adds som PBI commands in the output image after the SPL. Is this correct? Should not be the PBI commands consistent?

5. The added PBI commads beginns with:
09EE0200 00FD0000
09570158 000000F0
096100C0 000FFFFF
Followed by copying the SPL sign on address FD0000. The first three commands seem sto be some memory configuration, but the CCSR adresses are marked as "reserved" in T1040RM. What exactly the commands means?

Labels (1)
0 Kudos
1 Reply

582 Views
ufedor
NXP Employee
NXP Employee

Secure boot is a sensitive area which is close to the NDA-requiring documentation, so it is not convenient to discuss its peculiarities publicly.

Please create a Technical Case using the following link:

https://support.nxp.com/s/

0 Kudos