Hello,
When enabling secure boot in RCW and stopping with debugger at the first execution address of the boot loader (immediately after ISBC execution), I'm getting the following error in SCRATCHRW2: 0x701.
At this stage SECMON_HPSR[SSM_ST] reports none-secure mode, and SECMON_HPCOMR[SW_SV] is set.
The documentation describes this as:
ERROR_SEC_DEQ: Sec Block returned some error when dequeuing from it.
What exactly is the error? Which additional registers can I check to understand the specifics of the failure?
Thanks,
Dmitri
Solved! Go to Solution.
Is this happening in NXP development board (i.e. T2080RDB), or customer
board? Do you use SDK CST tool to built the RCW?
what flash media you are booting from, NOR/NAND/SD?
Also a note that the secure boot ISBC can only access the first 3.5G address space. DDR is not setup yet, so PBI is corenet platform cache(CPC) as SRAM so I can load and validate/authenticate the image. If your PBI is not correct, then Secure Boot won't able to access the SEC engine or your entire software image.
In the SDK2.0 1793 user guide, section "10.3.1.3 Pre-Boot Phase" has the following info:
NOR SECURE BOOT
...
. T1/T2/T4/B4
#LAW for ESBC
09000c10 00000000
09000c14 c0000000
09000c18 81f0001b
# LAW for CPC/SRAM
09000d00 00000000
09000d04 bff00000
09000d08 81000013
# Scratch Registers
090e0200 c0b00000
090e0208 c0c00000
# CPC SRAM
09010100 00000000
09010104 bff00009
# CPC Configuration
09010f00 08000000
09010000 80000000
As mention in the previous response. The register map is in the T2080 Security (SEC) Reference Manual (T2080SECRM.pdf).
Assume CCSRBAR is 0xfe000000.
The SEC block is in 0x00300000.
Job Ring Output Status for Job Ring 0 (JRSTAR_JR0) is at 0x00001044
Job Ring Output Status for Job Ring 1 (JRSTAR_JR1) is at 0x00002044
Job Ring Output Status for Job Ring 2 (JRSTAR_JR2) is at 0x00003044
Job Ring Output Status for Job Ring 3 (JRSTAR_JR3) is at 0x00004044
The error code is described in section 5.2.2 Job termination status/error codes.
So for example, the address of JRSTAR_JR0 is 0xfe301044
What is exact processor part number?
T2080NXE8T1B
(T2080E rev. 1.1)
After ISBC execution, you are into ESBC/uboot.
0x701 ERROR_SEC_DEQ Sec Block returned some error when dequeuing from it.
ESBC use the SEC engine (i.e. the CAAM block) to accelerate hash/sha-256 computation. If you are stopping the core, you will/can break the interface to the SEC engine. The ESBC is using the Job Ring interface to communicate with the SEC engine. ERROR_SEC_DEQ means it failed to "dequeu" a result coming back from the SEC engine.
You can check the SEC engine error code for additional information on the SEC engine side.
Is this happening in NXP development board (i.e. T2080RDB), or customer
board? Do you use SDK CST tool to built the RCW?
what flash media you are booting from, NOR/NAND/SD?
Also a note that the secure boot ISBC can only access the first 3.5G address space. DDR is not setup yet, so PBI is corenet platform cache(CPC) as SRAM so I can load and validate/authenticate the image. If your PBI is not correct, then Secure Boot won't able to access the SEC engine or your entire software image.
In the SDK2.0 1793 user guide, section "10.3.1.3 Pre-Boot Phase" has the following info:
NOR SECURE BOOT
...
. T1/T2/T4/B4
#LAW for ESBC
09000c10 00000000
09000c14 c0000000
09000c18 81f0001b
# LAW for CPC/SRAM
09000d00 00000000
09000d04 bff00000
09000d08 81000013
# Scratch Registers
090e0200 c0b00000
090e0208 c0c00000
# CPC SRAM
09010100 00000000
09010104 bff00009
# CPC Configuration
09010f00 08000000
09010000 80000000
As mention in the previous response. The register map is in the T2080 Security (SEC) Reference Manual (T2080SECRM.pdf).
Assume CCSRBAR is 0xfe000000.
The SEC block is in 0x00300000.
Job Ring Output Status for Job Ring 0 (JRSTAR_JR0) is at 0x00001044
Job Ring Output Status for Job Ring 1 (JRSTAR_JR1) is at 0x00002044
Job Ring Output Status for Job Ring 2 (JRSTAR_JR2) is at 0x00003044
Job Ring Output Status for Job Ring 3 (JRSTAR_JR3) is at 0x00004044
The error code is described in section 5.2.2 Job termination status/error codes.
So for example, the address of JRSTAR_JR0 is 0xfe301044
After reviewing the document section you mentioned I noticed that CPC was not configured properly in the PBI commands.
After adding the CPC configuration as specified the boot process succeeds without any issues.
Thanks!
Dmitri