帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

IMX6 secure boot has failed after SRK_HASH reprogramming

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

IMX6 secure boot has failed after SRK_HASH reprogramming

跳至解决方案
‎09-12-2021 11:13 PM
2,258 次查看
hamedhpm
Contributor II

Hi,

I have tested secure boot and encrypted boot on IMX6Q. They were working fine.

The SRK_HASH(bank 3, word 0 up-to 7) and SEC_CONFIG(bank 0, word6) have programmed. (SEC_CONFIG = 1)

After some days, I have programmed a new value into bank 3 word 5. It was OK, and the past value remained.

But, when I shout down the system, it wasn't booted from EMMC or SD card. 

 

U-boot commands:

------------------------------------------------------------------------------------------------

=> fuse prog -y 3 5 0x0f405eff
Programming bank 3 word 0x00000005 to 0x0f405eff...
=> fuse read 3 5 1
Reading bank 3:

Word 0x00000005: 0f405efd

------------------------------------------------------------------------------------------------

 

So we can change the SRK burned fuse value, right? 

I can't understand the role of SRK_LOCK. 

 

Best regards

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎09-13-2021 12:39 AM
2,221 次查看
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,
  
     Please look at my comments.

 1. 
    i.MX6 fuses can be burned once. I mean it is not possible to clear the fuses.

2.
   Even if  some bits can be additional programmed ( 0 ->1 ), let me remind -
the SRK fuses contain hash of all SRKs, but not the SRK themselves.

3.
   if SRK was modified, the image (keys) should be signed again.

 

Regards,
Yuri.

在原帖中查看解决方案

0 项奖励
回复
5 回复数

跳至解决方案
‎09-13-2021 12:39 AM
2,222 次查看
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,
  
     Please look at my comments.

 1. 
    i.MX6 fuses can be burned once. I mean it is not possible to clear the fuses.

2.
   Even if  some bits can be additional programmed ( 0 ->1 ), let me remind -
the SRK fuses contain hash of all SRKs, but not the SRK themselves.

3.
   if SRK was modified, the image (keys) should be signed again.

 

Regards,
Yuri.

0 项奖励
回复

跳至解决方案
‎09-13-2021 01:14 AM
2,217 次查看
hamedhpm
Contributor II

Thanks for your reply.

Is there any solution for booting? Such as hard reset.

0 项奖励
回复

跳至解决方案
‎09-13-2021 10:09 PM
2,183 次查看
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,

   You can try to revoke the key.
Use Appendix B (SRK revocation on i.MX 6 & 7 series) of app note AN4581
(i.MX Secure Boot on HABv4 Supported Devices) for more details.

https://www.nxp.com/webapp/Download?colCode=AN4581

 

Regards,
Yuri.

0 项奖励
回复

跳至解决方案
‎09-26-2021 12:49 AM
2,158 次查看
hamedhpm
Contributor II

Hello,

I have tried revoking the key. It was not useful for me.

Is the processor has bricked? 

Is there any solution for a hard reset? 

回复

跳至解决方案
‎09-26-2021 08:56 PM
2,144 次查看
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,

   I am afraid, the revoking is the only solution

Regards,
Yuri.

0 项奖励
回复