Hello,
On my i.MX6ULL i want to disable the SecureBoot of the device by blowing the FIELD_RETURN fuse. By my knowing i followed the "Code-Signing Tool User’s Guide, Rev. 3.1.0" correctly but the u-boot command "fuse prog 5 6 1" gives met the error "mxc_ocotp fuse_prog(): Access protect error".
I requested the SoC UID and added the unlock statement to the CSF of the SPL.
During the boot of the Linux Kernel i also get a error about the CAAM, with is also in the unlock so not sure if that can be related:
caam-snvs 20cc000.caam-snvs: can't get snvs clock
caam-snvs 20cc000.caam-snvs: violation handlers armed - init state
With kind regards,
Therry
Solved! Go to Solution.
I managed to blow the SoC FIELD_RETURN fuse.
Before the fuse can be blown the FIELD_RETURN must be unlocked by the bootloader (the U-Boot SPL in my case).
To unlock the FIELD_RETURN the [unlock] part of the CSF must be set. The example CSF also had the unlock of the CAAM RNG, but my i.MX6ULL doesn't have a CAAM. so that statement must be removed.
--------------------
Get Soc UID in U-Boot:
fuse read 0 1 2
Reading bank 0:
Word 0x00000001: 33221100 77665544
--------------------
Get Soc UID in Linux:
cat /sys/bus/soc/devices/soc0/serial_number or cat /sys/devices/soc0/serial_number
7766554433221100
--------------------
The UNLOCK of the SPL CSF:
[Unlock]
Engine = OCOTP
Features = FIELD RETURN
UID = 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
--------------------
I managed to blow the SoC FIELD_RETURN fuse.
Before the fuse can be blown the FIELD_RETURN must be unlocked by the bootloader (the U-Boot SPL in my case).
To unlock the FIELD_RETURN the [unlock] part of the CSF must be set. The example CSF also had the unlock of the CAAM RNG, but my i.MX6ULL doesn't have a CAAM. so that statement must be removed.
--------------------
Get Soc UID in U-Boot:
fuse read 0 1 2
Reading bank 0:
Word 0x00000001: 33221100 77665544
--------------------
Get Soc UID in Linux:
cat /sys/bus/soc/devices/soc0/serial_number or cat /sys/devices/soc0/serial_number
7766554433221100
--------------------
The UNLOCK of the SPL CSF:
[Unlock]
Engine = OCOTP
Features = FIELD RETURN
UID = 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
--------------------
Dear Yuri,
Hereby the CSF file of the SPL based on the SoC UID acquired (not actual UID but in the same order)
--------------------
U-Boot:
fuse read 0 1
Reading bank 0:
Word 0x00000001: 55667788
fuse read 0 2
Reading bank 0:
Word 0x00000002: 11223344
--------------------
Linux:
cat /sys/bus/soc/devices/soc0/serial_number
1122334455667788
--------------------
SPL CSF file
[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = SW
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0 # Index of the key location in the SRK table to be installed
[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x00908400 0x00000000 0x0000ac00 "SPL"
[Unlock]
Engine = CAAM, OCOTP
Features = RNG, FIELD RETURN
UID = 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88
--------------------
With kind regards,
Therry Angenent