FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is fuse can be programmed multiple time in imx93 before close the hardware?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is fuse can be programmed multiple time in imx93 before close the hardware?

‎06-26-2024 04:56 AM
168 Views
vikki
Contributor I

Hi,

I am new to crypto and secure booting. I am trying secure booting in imx93. My question is, Is fusing the hardware can be done multiple times until I close the hardware (before using ahab_close tool in uboot to close the hardware)?

If not, In development stage how can I verify that current Image is following secure boot till development reaching to production level? Is there any other method is available to validate secure boot without fusing ? I have followed doc/imx/ahab/guides (nxp uboot) for imx93.

0 Kudos
Reply
2 Replies

‎06-26-2024 08:09 AM
154 Views
JorgeCas
NXP TechSupport
NXP TechSupport

Hello,

 

Once a fuse is burned, it is NOT possible to change it.

 

During development, users should check the events before the device is closed. Once an image is signed with a signature that does not generate events during loading, the signed image should be able to boot on a closed device without issues. This should be the goal for development, since trying to debug on a closed platform requires the use of JTAG or the USB serial download protocol to acquire the event debug information.

 

You can take a look on the next application notes for more information:

 

Secure Boot on AHAB Supported Devices

 

Edgelock Secure Enclave (ELE) API Reference Guide

 

i.MX Encrypted Boot on AHAB-Enabled Devices

 

Best regards.

0 Kudos
Reply

2 weeks ago
44 Views
vikki
Contributor I


thanks for the reply.

I have manually signed image as mentioned in u-boot/doc/imx/ahab but without programming the fuse. Currently i am getting following event [single boot image without m33 container]

u-boot=> ahab_status
Lifecycle: 0x00000008, OEM Open


0x0287fad6
IPC = MU APD (0x2)
CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
STA = ELE_SUCCESS_IND (0xD6)

0x0287fad6
IPC = MU APD (0x2)
CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
STA = ELE_SUCCESS_IND (0xD6)
u-boot=>

It looks like event due to missing HASH fuse programming. And hope It will disappear if i program fuses (which i will not do now). Is my understanding is correct? please correct me if i am wrong
note:
before signing the error was "ELE_NO_AUTHENTICATION_FAILURE_IND (0xEE)"
0 Kudos
Reply