Check if OPTMK is burned in i.MX6 userspace

huzaifahcs · ‎07-19-2016

Hi,

Can someone please explain how can we determine if OTPMK has been burned in user space. Is there any interface for caam to test this register "SNVS_HP Status Register" or any log file? Do i have to write a kernel module to check the value of the OPTMK_ZERO bit or you please provide any user space solution/command.

I have tested that my files HW_OCOTP_OTPMK[0-7] and these are empty.

I have also learned that "One can determine if a valid OTPMK has been burned by checking the OTPMK_ZERO bit in the SNVS_HP Status Register." from Mr Yuri's message here Burning/Checking OTPMK fuses for HAB on I.MX6.

All I need is to check if and how can I check this in user space??

Thanks for your help.

-Huz

Yuri · ‎07-20-2016

Hello,

Looks like all is OK !

Correct (non-empty) OTPMK is present (in order to create blob).

As for "Is there any user level access to SNVS_HP Status

Register possible?" - our BSP does not support it.

Regards,

Yuri.

元の投稿で解決策を見る

Yuri · ‎07-20-2016

Hello,

Looks like all is OK !

Correct (non-empty) OTPMK is present (in order to create blob).

As for "Is there any user level access to SNVS_HP Status

Register possible?" - our BSP does not support it.

Regards,

Yuri.

Yuri · ‎07-19-2016

NXP Linux BSP checks CAAM during boot. In case of empty OTPMK

boot log will contain corresponding error message.

Regards,

Yuri.

huzaifahcs · ‎07-19-2016

Thanks Yuri,

Yes it is understood that otpmk can only be accessed by CAAM and it is factory burned. But how can we get 100% sure that these chips have been shipped with otpmk. Is there any user level access to SNVS_HP Status Register possible?

Also I did not find any error logs from dmesg except this.

$dmesg | grep -i caam

-snvs-secvio 20cc000.caam-snvs: violation handlers armed - non-secure state

Also $dmesg | grep caam shows some **-bit clear/black keys hex with following headings:

platform caam_sm: 64-bit clear key:

platform caam_sm: 64-bit black key:

platform caam_sm: 128-bit clear key:

platform caam_sm: 128-bit black key:

platform caam_sm: 192-bit clear key:

platform caam_sm: 192-bit black key:

platform caam_sm: 256-bit clear key:

platform caam_sm: 256-bit black key:

platform caam_sm: 64-bit unwritten blob:

platform caam_sm: 128-bit unwritten blob:

platform caam_sm: 196-bit unwritten blob:

platform caam_sm: 256-bit unwritten blob:

platform caam_sm: 64-bit black key in blob:

platform caam_sm: 128-bit black key in blob:

platform caam_sm: 192-bit black key in blob:

platform caam_sm: 256-bit black key in blob:

platform caam_sm: restored 64-bit black key:

platform caam_sm: restored 128-bit black key:

platform caam_sm: restored 192-bit black key:

platform caam_sm: restored 256-bit black key:

Thanks,

-Huz

Yuri · ‎07-19-2016

Hello,

The OTMPK is protected by the hardware and can be accessed only by CAAM.

The OTPMK is factory burned.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Check if OPTMK is burned in i.MX6 userspace

Check if OPTMK is burned in i.MX6 userspace

i.MX6_All