- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- Identification and Security
- i.MX Processors
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- CodeWarrior
- Wireless Connectivity
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
-
igorpadykov
Hi 浩 刘
please look at latest revision AN4581 Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4
https://www.nxp.com/docs/en/application-note/AN4581.pdf
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
igorpadykov:
I followed the AN4581 and generated a uboot . And burned into the board.
And with the cmd "hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin" get the date need to burn into uboot
In uboot programe the fuse with the date above 。just like " prog 3 0 xxxx" etc
After doing the above actions。I reset the board, I can enterr uboot
Then input the command “fuse prog 0 6 0x2”,and reboot the board
There is no more information is output to the serial port
My question:
1. What is the above phenomenon?Is it because the content of the encrypted signature does not match?
2。If I rediscover a board and follow the above process again, before I write "fuse prog 0 6 0x2". Do I have a way to verify that the hash value in the fuse matches the signature in the current uboot?
igorpadykov
>1. What is the above phenomenon?Is it because the content of the encrypted signature does not match?
seems yes.
> 2。If I rediscover a board and follow the above process again, before I write "fuse prog 0 6 0x2".
>Do I have a way to verify that the hash value in the fuse matches the signature in the current uboot?
on burned board it is not possible verify signatures or debug it somehow, I am afraid
Best regards
igor
igorpadykov:
The second question I have above is: I get a new board which is not burned the fuse any more.
after I burn the value which get form SRK_1_2_3_4_fuse.bin(before write "SRK_1_2_3_4_fuse.bin" to board).Do I have a way to verify that the hash value in the fuse matches the signature in the current uboot.Not on the burned board.
I find the AN4581 have a descriptor
CSF
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877fb000 0x000 0x48000 “/<path_to_u-boot_dir>/u-boot-dtb.imx"
On the section:“ E.1. Dumping U-boot binary ”
The description of the document is as follows:
od -X -N 0x20 u-boot-dtb.imx:
0000000 402000d1 87800000 00000000 877ff42c
0000020 877ff420 877ff400 8786d000 00000000
IVT address: 0x877ff400
Image length: CSF PTR – IVT Self = 0x8786d000 – 0x877ff400 = 0x6DC00
In CSF [Authenticate Data] field:
Block = 0x877ff400 0x00000000 0x0006DC00 “u-boot-dtb.imx
On my project,the uboot which burn into board is u-boot.imx
And I try the od command
od -X -N 0x20 u-boot.imx
0000000 402000d1 0090742c 00000000 00000000
0000020 00907420 00907400 00000000 00000000
The second line, third paragraph is 00000000
In my project I fill with "Block = 0x877ff400 0x00000000 0x0006DC00 “u-boot-dtb.imx "
what is the matter about this
Thanks
igorpadykov
Hi 浩 刘
please look at latest revision AN4581 Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4
https://www.nxp.com/docs/en/application-note/AN4581.pdf
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
