Is secure debug allowed on IMX8DX, if TZ OEM key & NW OEM key are in default values (0x0)?

cchopra · ‎11-20-2023

Hi,

If I know the unique chip id for my IMX8DX and the fuses for TrustZone OEM key and Normal World OEM key are not set (they are still in their default values i.e. 0x0), would the challenge/response mechanism to authenticate secure debug succeed if I send both the responses as 0x0?

Regards,

cchopra

@yu, @har iMX8X

JorgeCas · ‎11-21-2023

Hello, I hope you are doing well.

Secure debug is enabled only if the chip life cycle is OEM Closed.

Best regards.

cchopra · ‎11-21-2023

Hi,

What if the OEM is closed and response secrets are set to default values (0x0), will secure debug succeed in this case, if I know the unique chip id?

Regards,

cchopra

@JorgeCas

JorgeCas · ‎11-22-2023

Hello,

Yes, it should be possible. Just note that response eFuses are writable only from LC OEM Open. After switching to LC OEM Closed, these eFuses are locked out.

Best regards.

Is secure debug allowed on IMX8DX, if TZ OEM key & NW OEM key are in default values (0x0)?

Is secure debug allowed on IMX8DX, if TZ OEM key & NW OEM key are in default values (0x0)?

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus