Unable to configure OCOTP_CFG5 for Secure Boot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to configure OCOTP_CFG5 for Secure Boot

1,854 Views
eren_yilmaz
Contributor III

Hello

I have finalised my set-up for secure boot, and am at the stage of closing the device by setting the SEC_CONFIG to 1. However, when trying to blow the  bit, I get the following error:

>TX6Q U-Boot > fuse prog -y 0 6 0x2

Programming bank 0 word 0x00000006 to 0x00000002...
mxc_ocotp fuse_prog(): Access protect error
ERROR

Any ideas?

It's a i-MX6 Q module

Labels (3)
0 Kudos
Reply
6 Replies

1,599 Views
eren_yilmaz
Contributor III

Ive just realised that the related BOOT_CFG_LOCK bit (3:2) is set to 01 which is write protect, I am guessing there is no way of enabling SEC_CONFIG because of that?

1,599 Views
Yuri
NXP Employee
NXP Employee

Hello,

   You are right - there is no way to write the SEC_CONFIG.

Regards,

Yuri.

1,599 Views
eren_yilmaz
Contributor III

Thanks Yuri.

Does this mean that OTPMK is not used by the CAAM for blob encapsulation if one try to use the secure memory in non-secure state (where secure boot cannot be implemented as it is here)?

0 Kudos
Reply

1,599 Views
Yuri
NXP Employee
NXP Employee

Hello,

   If SEC_CONFIG is not set - correct: the OTPMK is not used.

Regards,

Yuri.

1,599 Views
eren_yilmaz
Contributor III

And the fact that override protect bit in BOOT_CFG_LOCK[3] is set to 0 does not help since that can only be used to change the shadow registers which do not affect fuses after reset. Is that right?

0 Kudos
Reply

1,599 Views
Yuri
NXP Employee
NXP Employee

Correct.

~Yuri.