ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

IMX6 secure boot has failed after SRK_HASH reprogramming

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

IMX6 secure boot has failed after SRK_HASH reprogramming

ソリューションへジャンプ
‎09-12-2021 11:13 PM
1,167件の閲覧回数
hamedhpm
Contributor II

Hi,

I have tested secure boot and encrypted boot on IMX6Q. They were working fine.

The SRK_HASH(bank 3, word 0 up-to 7) and SEC_CONFIG(bank 0, word6) have programmed. (SEC_CONFIG = 1)

After some days, I have programmed a new value into bank 3 word 5. It was OK, and the past value remained.

But, when I shout down the system, it wasn't booted from EMMC or SD card. 

 

U-boot commands:

------------------------------------------------------------------------------------------------

=> fuse prog -y 3 5 0x0f405eff
Programming bank 3 word 0x00000005 to 0x0f405eff...
=> fuse read 3 5 1
Reading bank 3:

Word 0x00000005: 0f405efd

------------------------------------------------------------------------------------------------

 

So we can change the SRK burned fuse value, right? 

I can't understand the role of SRK_LOCK. 

 

Best regards

ラベル(1)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎09-13-2021 12:39 AM
1,130件の閲覧回数
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,
  
     Please look at my comments.

 1. 
    i.MX6 fuses can be burned once. I mean it is not possible to clear the fuses.

2.
   Even if  some bits can be additional programmed ( 0 ->1 ), let me remind -
the SRK fuses contain hash of all SRKs, but not the SRK themselves.

3.
   if SRK was modified, the image (keys) should be signed again.

 

Regards,
Yuri.

元の投稿で解決策を見る

0 件の賞賛
返信
5 返答(返信)

ソリューションへジャンプ
‎09-13-2021 12:39 AM
1,131件の閲覧回数
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,
  
     Please look at my comments.

 1. 
    i.MX6 fuses can be burned once. I mean it is not possible to clear the fuses.

2.
   Even if  some bits can be additional programmed ( 0 ->1 ), let me remind -
the SRK fuses contain hash of all SRKs, but not the SRK themselves.

3.
   if SRK was modified, the image (keys) should be signed again.

 

Regards,
Yuri.

0 件の賞賛
返信

ソリューションへジャンプ
‎09-13-2021 01:14 AM
1,126件の閲覧回数
hamedhpm
Contributor II

Thanks for your reply.

Is there any solution for booting? Such as hard reset.

0 件の賞賛
返信

ソリューションへジャンプ
‎09-13-2021 10:09 PM
1,092件の閲覧回数
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,

   You can try to revoke the key.
Use Appendix B (SRK revocation on i.MX 6 & 7 series) of app note AN4581
(i.MX Secure Boot on HABv4 Supported Devices) for more details.

https://www.nxp.com/webapp/Download?colCode=AN4581

 

Regards,
Yuri.

0 件の賞賛
返信

ソリューションへジャンプ
‎09-26-2021 12:49 AM
1,067件の閲覧回数
hamedhpm
Contributor II

Hello,

I have tried revoking the key. It was not useful for me.

Is the processor has bricked? 

Is there any solution for a hard reset? 

返信

ソリューションへジャンプ
‎09-26-2021 08:56 PM
1,053件の閲覧回数
Yuri
NXP Employee
NXP Employee

@hamedhpm 
Hello,

   I am afraid, the revoking is the only solution

Regards,
Yuri.

0 件の賞賛
返信