SRK revocation, SRK_REVOKE_LOCK default protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SRK revocation, SRK_REVOKE_LOCK default protection

2,966 Views
jdepedro
Contributor IV


I am reading AN4581 Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4, Rev. 1, 10/2015, on Appendix A. SRK Revocation on i.MX 6 Series the following is stated:

(...) However, in the Closed configuration, HAB, by default, sets the SRK_REVOKE_LOCK sticky bit in the OCOTP controller to write protect this eFuse field. To instruct HAB not to lock the SRK_REVOKE field requires the use of the Unlock CSF command, with the command flag indicating to unlock the SRK_REVOKE field. Including this command in a CSF signature allows the SRK0 fuse to be blown by a trusted bootloader or runtime image. Below is an example CSF command that unlocks the SRK_REVOKE eFuse field, allowing U-Boot or a later stage to burn the fuse.

I built a signed U-Boot with the following CSF description file:

[Header]

    Version = 4.0

    Hash Algorithm = sha256

    Engine Configuration = 0

    Certificate Format = X509

    Signature Format = CMS

[Install SRK]

    File = "SRK_table.bin"

    Source index = 3

[Install CSFK]

    File = "CSF4_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]

    Engine = CAAM

    Features = RNG

[Install Key]

    Verification index = 0

    Target index = 2

    File = "IMG4_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]

    Verification index = 2

    Blocks = 0x177FF400 0 0x60C00 "u-boot-pad.imx"

And I have able to burn the SRK_REVOKE field, and revoke the key index 2. Notice that the following block:

[Unlock]

Engine = OCOTP

Features = SRK Revoke

is *not* present the CSF description file I used.

I was expecting not to be able to program the SRK_REVOKE field. Could you explain this behaviour?

Tags (4)
0 Kudos
Reply
5 Replies

2,351 Views
jdepedro
Contributor IV

I have tried this same thing in the i.MX6UL and the behavior is the expected one:

  • If the CSF descriptor file does not include the Unlock block for the OCOTP, when I try to revoke a key I get the following error:

    mxc_ocotp %s(): Access protect error
    and the key is not revoked..
  • If the CSF descriptor file does include the Unlock block for the OCOTP, then I can revoke keys.

Is this then a known issue in the i.MX6?

0 Kudos
Reply

2,351 Views
Yuri
NXP Employee
NXP Employee

Hello,

   Sorry, but the information you are requesting is treated as confidential info at this time

and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this

with you in public anyway, this requires to be handled as a Service Request (SR).

Have a great day,
Yuri

-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------

0 Kudos
Reply

2,351 Views
jdepedro
Contributor IV

Hi Yuri,

do you have any update on this?

0 Kudos
Reply

2,351 Views
Yuri
NXP Employee
NXP Employee

Hello,

   Is Your system really in the Closed configuration ?

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

2,351 Views
jdepedro
Contributor IV

Hi Yuri,

thanks for your answer. Yes, my device is in closed configuration. I have programmed the SEC_CONFIG[2] OTP bit. 'hab_status returns:

=> hab_status

Secure boot enabled

HAB Configuration: 0xcc, HAB State: 0x99

No HAB Events Found!

0 Kudos
Reply