Burning/Checking OTPMK fuses for HAB on I.MX6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Burning/Checking OTPMK fuses for HAB on I.MX6

3,613 Views
n0n
Contributor I

Hello,

I'm working on HAB. I'm using a SabreSD board with i.MX6quad processor.

According to “i.MX_6_High_Assurance_Boot_Linux_User_Guide” I burned the SRK to the corresponding fuses and verified it. Following I tried to check if the OTPMK is already burned.

I tried to read out the key with the MFG-Toll and the commands as followed.

...

<CMD> state=”Updater” type=”push” body=”$ cat /sys/fsl_otp/HW_OCOTP_OTPMK0”>cat word 0 of OTPMK field </CMD>

<CMD> state=”Updater” type=”push” body=”$ cat /sys/fsl_otp/HW_OCOTP_OTPMK1”>cat word 1 of OTPMK field </CMD>

<CMD> state=”Updater” type=”push” body=”$ cat /sys/fsl_otp/HW_OCOTP_OTPMK2”>cat word 2 of OTPMK field </CMD>

I only got this output.

...

UTP: sending Success to kernel for command $ ls /sys/fsl_otp.

UTP: received command '$ cat /sys/fsl_otp/HW_OCOTP_OTPMK0'

UTP: executing "cat /sys/fsl_otp/HW_OCOTP_OTPMK0"

0xbadabada

UTP: sending Success to kernel for command $ cat /sys/fsl_otp/HW_OCOTP_OTPMK0.

utp_poll: pass returned.

UTP: received command '$ cat /sys/fsl_otp/HW_OCOTP_OTPMK1'

UTP: executing "cat /sys/fsl_otp/HW_OCOTP_OTPMK1"

UTP: sending Success to kernel for command $ cat /sys/fsl_otp/HW_OCOTP_OTPMK1.

utp_poll: pass returned.

UTP: received command '$ cat /sys/fsl_otp/HW_OCOTP_OTPMK2'

UTP: executing "cat /sys/fsl_otp/HW_OCOTP_OTPMK2"

UTP: sending Success to kernel for command $ cat /sys/fsl_otp/HW_OCOTP_OTPMK2.

utp_poll: pass returned.

UTP: received command '$ cat /sys/fsl_otp/HW_OCOTP_OTPMK3'

...

I tried to burn the OTPMK but also without success.

I have a few questions:

1) Is the OTPMK already fused?

2) Why do I get 0xbadabada at HW_OCOTP_OTPMK0 and no values for the other fuses?

3) Is it possible to read the OTPMK anyway?

4) Am I doing anything wrong?

5) If I still have to fuse the OTPMK how can I do it?

Thanks …

Florian

Labels (2)
0 Kudos
5 Replies

1,439 Views
Yuri
NXP Employee
NXP Employee

There is the next comment in "i.MX_6_High_Assurance_Boot_Linux_User_Guide.pdf"

in Linux documentation regarding  OTPMK burning :

"This step is only required for preproduction parts where the fuses that are

normally programmed by Freescale are not programmed. On production

parts, the OTPMK are be burned by Freescale prior to shipping the device.

The value burned by Freescale is random and not recorded. The intent of the

OTPMK is to be a secret key that is only known to CAAM so the value

below is only meant for testing purposes. In order to use HAB, these fuses

should be programmed. One can determine if a valid OTPMK has been

burned by checking the OTPMK_ZERO bit in the SNVS_HP Status Register."

1,439 Views
huzaifahcs
Contributor II

Hi Yuri,

Can you please explain how can we determine if OTPMK has been burned in user space. Is there any interface for caam to test this register "SNVS_HP Status Register" or any log file? Do i have to write a kernel module to check the value of the OPTMK_ZERO bit or you please provide any user space solution/command.

I have tested that my files HW_OCOTP_OTPMK[0-7] and these are empty. Sorry I am just new to i.MX6.

Thanks for your help.

-Huz

0 Kudos

1,439 Views
Yuri
NXP Employee
NXP Employee

Hello,

  NXP Linux BSP checks CAAM during boot. In case of empty OTPMK

boot log will contain corresponding error message. 

Regards,

Yuri.

1,439 Views
n0n
Contributor I

Hey,

thank you. I've already seen this comment but I thought perhaps the OTPMK is not burned because on the SabreSD board there is a „PCIMX6Q...“ processor and not a „MCIMX6..“.

Thanks

Florian

0 Kudos

1,439 Views
n0n
Contributor I

Can somebody help me with this problem?

Thanks ...

Florian

0 Kudos