FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Fuses for a really secure boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fuses for a really secure boot

‎12-12-2017 11:28 PM
1,619 Views
andreasschuler
Contributor II

Hello,

I have a i.MX6 Quad Core device and I installed a complete chain of trust secure boot solution in the eMMC. The bootloader is in SPI flash.
The device is closed and the SRK is burned in.
Which fuses I need to set additionally that's not possible to access the system without permission ?

I think about JTAG and some other fuses that I don't know at the moment...

Thanks

Labels (2)
Labels
0 Kudos
Reply
1 Reply

‎12-13-2017 01:00 AM
1,341 Views
marius_grigoras
NXP Employee
NXP Employee

Hi,

Additionally, the following fuses must be programmed to completely secure your device. Note that this operation is irreversible and some features used for development may not be available after the following commands.

• SRK_LOCK: Lock SRK_HASH[255:0]

On i.MX6 Series 0x400[14]:

fuse prog 0 0 0x4000
On i.MX7S and i.MX7D 0x400[9]:

fuse prog 0 0 0x200

• DIR_BT_DIS: Disable Direct External Memory Boot

On i.MX6 Series 0x460[3]:

fuse prog 0 6 0x8

On i.MX7S and i.MX7D 0x470[27]:

fuse prog 1 3 0x8000000

• SJC_DISABLE: Disable the Secure JTAG Controller module

On i.MX6 Series 0x460[20]:

fuse prog 0 6 0x100000

Best regards,

Marius

0 Kudos
Reply