Check if OPTMK is burned in i.MX6 userspace

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Check if OPTMK is burned in i.MX6 userspace

Jump to solution
1,656 Views
huzaifahcs
Contributor II

Hi,

Can someone please explain how can we determine if OTPMK has been burned in user space. Is there any interface for caam to test this register "SNVS_HP Status Register" or any log file? Do i have to write a kernel module to check the value of the OPTMK_ZERO bit or you please provide any user space solution/command.

I have tested that my files HW_OCOTP_OTPMK[0-7] and these are empty.

I have also learned that "One can determine if a valid OTPMK has been burned by checking the OTPMK_ZERO bit in the SNVS_HP Status Register." from Mr Yuri's message here Burning/Checking OTPMK fuses for HAB on I.MX6.

All I need is to check if and how can I check this in user space??

Thanks for your help.

-Huz

Labels (1)
Tags (1)
1 Solution
1,036 Views
Yuri
NXP Employee
NXP Employee

Hello,

Looks like all is OK !

Correct (non-empty) OTPMK is present (in order to create blob).

As for "Is there any user level access to SNVS_HP Status

Register possible?" - our BSP does not support it.

Regards,

Yuri.

View solution in original post

4 Replies
1,037 Views
Yuri
NXP Employee
NXP Employee

Hello,

Looks like all is OK !

Correct (non-empty) OTPMK is present (in order to create blob).

As for "Is there any user level access to SNVS_HP Status

Register possible?" - our BSP does not support it.

Regards,

Yuri.

1,036 Views
Yuri
NXP Employee
NXP Employee

NXP Linux BSP checks CAAM during boot. In case of empty OTPMK

boot log will contain corresponding error message. 

Regards,

Yuri.

1,036 Views
huzaifahcs
Contributor II

Thanks Yuri,

Yes it is understood that otpmk can only be accessed by CAAM and it is factory burned. But how can we get 100% sure that these chips have been shipped with otpmk. Is there any user level access to SNVS_HP Status Register possible?

Also I did not find any error logs from dmesg except this.

$dmesg | grep -i caam

-snvs-secvio 20cc000.caam-snvs: violation handlers armed - non-secure state

Also $dmesg | grep caam  shows some **-bit clear/black keys hex with following headings:

platform caam_sm: 64-bit clear key:

platform caam_sm: 64-bit black key:

platform caam_sm: 128-bit clear key:

platform caam_sm: 128-bit black key:

platform caam_sm: 192-bit clear key:

platform caam_sm: 192-bit black key:

platform caam_sm: 256-bit clear key:

platform caam_sm: 256-bit black key:

platform caam_sm: 64-bit unwritten blob:

platform caam_sm: 128-bit unwritten blob:

platform caam_sm: 196-bit unwritten blob:

platform caam_sm: 256-bit unwritten blob:

platform caam_sm: 64-bit black key in blob:

platform caam_sm: 128-bit black key in blob:

platform caam_sm: 192-bit black key in blob:

platform caam_sm: 256-bit black key in blob:

platform caam_sm: restored 64-bit black key:

platform caam_sm: restored 128-bit black key:

platform caam_sm: restored 192-bit black key:

platform caam_sm: restored 256-bit black key:

Thanks,

-Huz

0 Kudos
1,036 Views
Yuri
NXP Employee
NXP Employee

Hello,

  The OTMPK is protected by the hardware and can be accessed only by CAAM.

The OTPMK is factory burned.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------