Reprogramming the SRK_HASH bank in imx6

rakesh3 · ‎04-10-2023

Hi team,

I am trying to reprogram the SRK_HASH bank but not able to reprogram this.

I tried with =>fuse override 3 0 <hex> but this also didn't work and getting old values on reboot.

Could you please guide me, how to reprogram imx6d with different key so that we can use other device to check secure boot with other key.

Regards,

Rk

Harvey021 · ‎04-10-2023

Please note, Once the SRK Hash has been programmed we can't reprogram it, which we operate on an OTP.

Best regards

Harvey

rakesh3 · ‎04-11-2023

Thanks for reply ,

SO it means we can't test the secure boot in that board further.

Regards,

Rk

mason2036 · ‎04-12-2023

This is my understanding.

fuse override is for test purpose. Could be used before you really burn the fuse.

If you read the source code, you can find

fuse override means temporarily change the OTP shadow register, which makes override the value read from OTP fuse in shadow register before.

That is why it calls override. not overwrite.

You just test in this power cycle, if you test in another power cycle, it will read from OTP fuse again.

BTW, I should also say, OTP fuse only can write once. It could be not overwritten.

NXP expert,

Question from rakesh3 is override, not overwrite.

Like the following link, I could not believe you really understand the question.

Harvey021 · ‎04-12-2023

No, you can't test secure boot due to failing to establish root of trust.

Best regards

Harvey