IMX8MM BOOT_MODE recommendation for secure production deployment

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

IMX8MM BOOT_MODE recommendation for secure production deployment

跳至解决方案
478 次查看
Dandroid4NXP
Contributor II

Q1. What is the recommended BOOT_MODE value for deployed system?

Q2. Can you please describe the difference of  (BOOT_MODE=01 AND BT_FUSE_SEL=1) versus  (BOOT_MODE=00), since eFUSES are used to boot ?

Several development boards and reference designs have DIP switches that provide flexibility of configuring the BOOT_MODE. However, for deployed production systems, this may not be the most secure configuration; because a hacker can modify the switch settting. 

Q3. For most secure operation should the DIP switches be removed and/or glued to fixed switch position?The  boot_mode="10" (Production)  in Table 6-49 suggest that BOOT_MODE=00 for Internal Boot should be used for secure deployed production systems.

The IMX8MMRM page 863, Table 6-49 for BT_FUSE_SEL states the following:

If boot_mode="00"
(Development)
0=Boot mode configuration is taken from GPIOs.
1=Boot mode configuration is taken from fuses.
If boot_mode="10"
(Production)
0 - Boot using Serial Loader (USB)
1- Boot mode configuration is taken from fuses.

___

The above comments seem to contradict the statements made in section 6.1.2.3 and section 6.1.2.5, which suggest that BOOT_MODE[1:0] = 00b boot from fuses should be used for secure deployed production systems.

The IMX8MMRM page 782, Section 6.1.2.3 Boot From Fuses mode (BOOT_MODE[1:0] = 00b)

[..]

A value of 00b in the BOOT_MODE[1:0] register selects the Boot From Fuses mode.
This mode is similar to the Internal Boot mode described in Internal Boot mode
(BOOT_MODE[1:0] = 0b10) with one difference. In this mode, the GPIO boot override
pins are ignored. The boot ROM code uses the boot eFUSE settings only. This mode also
supports a secure boot using HAB.

[..]

The IMX8MMRM page 782, Section 6.1.2.5 Internal Boot mode (BOOT_MODE[1:0] = 0b10)

[..]

When set to the Internal Boot, the boot flow may be controlled by a combination of
eFUSE settings with an option of overriding the fuse settings using the General Purpose
I/O (GPIO) pins. The GPIO Boot Select FUSE (BT_FUSE_SEL) determines whether the
ROM uses the GPIO pins for a selected number of configuration parameters or eFUSEs
in this mode.
• If BT_FUSE_SEL = 1, all boot options are controlled by the eFUSEs described in
Table 6-2.
• If BT_FUSE_SEL = 0, the specific boot configuration parameters may be set using
the GPIO pins rather than eFUSEs. The fuses that can be overridden when in this
mode are indicated in the GPIO column of Table 6-2. Table 6-3 provides the details
of the GPIO pins.
The use of the GPIO overrides is intended for development since these pads are used for
other purposes in the deployed products. NXP recommends controlling the boot
configuration by the eFUSEs in the deployed products and reserving the use of the GPIO
mode for the development and testing purposes only.

 

[..]

 

 

0 项奖励
回复
1 解答
453 次查看
JorgeCas
NXP TechSupport
NXP TechSupport

Hello, I hope you are doing well.

What is the recommended BOOT_MODE value for deployed system?

Boot from fuses to leave a default boot source previously configurated.

Can you please describe the difference of (BOOT_MODE=01 AND BT_FUSE_SEL=1) versus (BOOT_MODE=00), since eFUSES are used to boot?

If BT_FUSE_SEL = 0, indicating that the boot device (for example, flash, SD/ MMC) was not programmed yet, the boot flow jumps directly to the Serial Downloader. If BT_FUSE_SEL = 1, the normal boot flow is followed, where the ROM attempts to boot from the selected boot device.

BOOT_MODE=00 select the boot type "Boot from fuses" and BOOT_MODE=01 select the boot type "Serial Downloaded".

For most secure operation should the DIP switches be removed and/or glued to fixed switch position?The boot_mode="10" (Production) in Table 6-49 suggest that BOOT_MODE=00 for Internal Boot should be used for secure deployed production systems.

For development stage you can use DIP switches to test.

For production stage you can leave switches as DNP and flash it to boot without read GPIO pins and boot from fuses.

Best regards.

在原帖中查看解决方案

1 回复
454 次查看
JorgeCas
NXP TechSupport
NXP TechSupport

Hello, I hope you are doing well.

What is the recommended BOOT_MODE value for deployed system?

Boot from fuses to leave a default boot source previously configurated.

Can you please describe the difference of (BOOT_MODE=01 AND BT_FUSE_SEL=1) versus (BOOT_MODE=00), since eFUSES are used to boot?

If BT_FUSE_SEL = 0, indicating that the boot device (for example, flash, SD/ MMC) was not programmed yet, the boot flow jumps directly to the Serial Downloader. If BT_FUSE_SEL = 1, the normal boot flow is followed, where the ROM attempts to boot from the selected boot device.

BOOT_MODE=00 select the boot type "Boot from fuses" and BOOT_MODE=01 select the boot type "Serial Downloaded".

For most secure operation should the DIP switches be removed and/or glued to fixed switch position?The boot_mode="10" (Production) in Table 6-49 suggest that BOOT_MODE=00 for Internal Boot should be used for secure deployed production systems.

For development stage you can use DIP switches to test.

For production stage you can leave switches as DNP and flash it to boot without read GPIO pins and boot from fuses.

Best regards.