Check if OPTMK is burned in i.MX6 userspace

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Check if OPTMK is burned in i.MX6 userspace

跳至解决方案
3,157 次查看
huzaifahcs
Contributor II

Hi,

Can someone please explain how can we determine if OTPMK has been burned in user space. Is there any interface for caam to test this register "SNVS_HP Status Register" or any log file? Do i have to write a kernel module to check the value of the OPTMK_ZERO bit or you please provide any user space solution/command.

I have tested that my files HW_OCOTP_OTPMK[0-7] and these are empty.

I have also learned that "One can determine if a valid OTPMK has been burned by checking the OTPMK_ZERO bit in the SNVS_HP Status Register." from Mr Yuri's message here Burning/Checking OTPMK fuses for HAB on I.MX6.

All I need is to check if and how can I check this in user space??

Thanks for your help.

-Huz

标签 (1)
标记 (1)
1 解答
2,537 次查看
Yuri
NXP Employee
NXP Employee

Hello,

Looks like all is OK !

Correct (non-empty) OTPMK is present (in order to create blob).

As for "Is there any user level access to SNVS_HP Status

Register possible?" - our BSP does not support it.

Regards,

Yuri.

在原帖中查看解决方案

4 回复数
2,538 次查看
Yuri
NXP Employee
NXP Employee

Hello,

Looks like all is OK !

Correct (non-empty) OTPMK is present (in order to create blob).

As for "Is there any user level access to SNVS_HP Status

Register possible?" - our BSP does not support it.

Regards,

Yuri.

2,537 次查看
Yuri
NXP Employee
NXP Employee

NXP Linux BSP checks CAAM during boot. In case of empty OTPMK

boot log will contain corresponding error message. 

Regards,

Yuri.

2,537 次查看
huzaifahcs
Contributor II

Thanks Yuri,

Yes it is understood that otpmk can only be accessed by CAAM and it is factory burned. But how can we get 100% sure that these chips have been shipped with otpmk. Is there any user level access to SNVS_HP Status Register possible?

Also I did not find any error logs from dmesg except this.

$dmesg | grep -i caam

-snvs-secvio 20cc000.caam-snvs: violation handlers armed - non-secure state

Also $dmesg | grep caam  shows some **-bit clear/black keys hex with following headings:

platform caam_sm: 64-bit clear key:

platform caam_sm: 64-bit black key:

platform caam_sm: 128-bit clear key:

platform caam_sm: 128-bit black key:

platform caam_sm: 192-bit clear key:

platform caam_sm: 192-bit black key:

platform caam_sm: 256-bit clear key:

platform caam_sm: 256-bit black key:

platform caam_sm: 64-bit unwritten blob:

platform caam_sm: 128-bit unwritten blob:

platform caam_sm: 196-bit unwritten blob:

platform caam_sm: 256-bit unwritten blob:

platform caam_sm: 64-bit black key in blob:

platform caam_sm: 128-bit black key in blob:

platform caam_sm: 192-bit black key in blob:

platform caam_sm: 256-bit black key in blob:

platform caam_sm: restored 64-bit black key:

platform caam_sm: restored 128-bit black key:

platform caam_sm: restored 192-bit black key:

platform caam_sm: restored 256-bit black key:

Thanks,

-Huz

0 项奖励
回复
2,537 次查看
Yuri
NXP Employee
NXP Employee

Hello,

  The OTMPK is protected by the hardware and can be accessed only by CAAM.

The OTPMK is factory burned.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------