FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is fuse can be programmed multiple time in imx93 before close the hardware?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is fuse can be programmed multiple time in imx93 before close the hardware?

‎06-26-2024 04:56 AM
412 Views
vikki
Contributor II

Hi,

I am new to crypto and secure booting. I am trying secure booting in imx93. My question is, Is fusing the hardware can be done multiple times until I close the hardware (before using ahab_close tool in uboot to close the hardware)?

If not, In development stage how can I verify that current Image is following secure boot till development reaching to production level? Is there any other method is available to validate secure boot without fusing ? I have followed doc/imx/ahab/guides (nxp uboot) for imx93.

0 Kudos
Reply
3 Replies

‎06-26-2024 08:09 AM
398 Views
JorgeCas
NXP TechSupport
NXP TechSupport

Hello,

Once a fuse is burned, it is NOT possible to change it.

During development, users should check the events before the device is closed. Once an image is signed with a signature that does not generate events during loading, the signed image should be able to boot on a closed device without issues. This should be the goal for development, since trying to debug on a closed platform requires the use of JTAG or the USB serial download protocol to acquire the event debug information.

You can take a look on the next application notes for more information:

Secure Boot on AHAB Supported Devices

Edgelock Secure Enclave (ELE) API Reference Guide

i.MX Encrypted Boot on AHAB-Enabled Devices

Best regards.

0 Kudos
Reply

‎07-27-2024 02:48 PM
288 Views
vikki
Contributor II


thanks for the reply.

I have manually signed image as mentioned in u-boot/doc/imx/ahab but without programming the fuse. Currently i am getting following event [single boot image without m33 container]

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


0x0287fad6
IPC = MU APD (0x2)
CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
STA = ELE_SUCCESS_IND (0xD6)

0x0287fad6
IPC = MU APD (0x2)
CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
STA = ELE_SUCCESS_IND (0xD6)
u-boot=>

It looks like event due to missing HASH fuse programming. And hope It will disappear if i program fuses (which i will not do now). Is my understanding is correct? please correct me if i am wrong
note:
before signing the error was "ELE_NO_AUTHENTICATION_FAILURE_IND (0xEE)"
0 Kudos
Reply

‎08-26-2024 03:14 PM
169 Views
JorgeCas
NXP TechSupport
NXP TechSupport

Hello,

If you are getting HAB events before close the device, something was wrong in your process. The device should be closed once you are able to boot without any HAB event.

Please check if you missed something.

Best regards.

0 Kudos
Reply