Hello
I have finalised my set-up for secure boot, and am at the stage of closing the device by setting the SEC_CONFIG to 1. However, when trying to blow the bit, I get the following error:
>TX6Q U-Boot > fuse prog -y 0 6 0x2
Programming bank 0 word 0x00000006 to 0x00000002...
mxc_ocotp fuse_prog(): Access protect error
ERROR
Any ideas?
It's a i-MX6 Q module
Ive just realised that the related BOOT_CFG_LOCK bit (3:2) is set to 01 which is write protect, I am guessing there is no way of enabling SEC_CONFIG because of that?
Hello,
You are right - there is no way to write the SEC_CONFIG.
Regards,
Yuri.
Thanks Yuri.
Does this mean that OTPMK is not used by the CAAM for blob encapsulation if one try to use the secure memory in non-secure state (where secure boot cannot be implemented as it is here)?
Hello,
If SEC_CONFIG is not set - correct: the OTPMK is not used.
Regards,
Yuri.
And the fact that override protect bit in BOOT_CFG_LOCK[3] is set to 0 does not help since that can only be used to change the shadow registers which do not affect fuses after reset. Is that right?
Correct.
~Yuri.