blow FIELD_RETURN fuse

cancel
Showing results for 
Search instead for 
Did you mean: 

blow FIELD_RETURN fuse

Jump to solution
721 Views
Therry
Contributor II

Hello,

On my i.MX6ULL i want to disable the SecureBoot of the device by blowing the FIELD_RETURN fuse. By my knowing i followed the "Code-Signing Tool User’s Guide, Rev. 3.1.0" correctly but the u-boot command "fuse prog 5 6 1" gives met the error "mxc_ocotp fuse_prog(): Access protect error".

I requested the SoC UID and added the unlock statement to the CSF of the SPL.

During the boot of the Linux Kernel i also get a error about the CAAM, with is also in the unlock so not sure if that can be related:

caam-snvs 20cc000.caam-snvs: can't get snvs clock
caam-snvs 20cc000.caam-snvs: violation handlers armed - init state

With kind regards,
Therry

Labels (3)
Tags (2)
0 Kudos
1 Solution
551 Views
Therry
Contributor II

I managed to blow the SoC FIELD_RETURN fuse.

Before the fuse can be blown the FIELD_RETURN must be unlocked by the bootloader (the U-Boot SPL in my case).
To unlock the FIELD_RETURN the [unlock] part of the CSF must be set. The example CSF also had the unlock of the CAAM RNG, but my i.MX6ULL doesn't have a CAAM. so that statement must be removed.

--------------------
Get Soc UID in U-Boot:

fuse read 0 1 2
Reading bank 0:
Word 0x00000001: 33221100 77665544
--------------------
Get Soc UID in Linux:

cat /sys/bus/soc/devices/soc0/serial_number or cat /sys/devices/soc0/serial_number
7766554433221100
--------------------
The UNLOCK of the SPL CSF:

[Unlock]
Engine = OCOTP
Features = FIELD RETURN
UID = 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
--------------------

View solution in original post

0 Kudos
3 Replies
552 Views
Therry
Contributor II

I managed to blow the SoC FIELD_RETURN fuse.

Before the fuse can be blown the FIELD_RETURN must be unlocked by the bootloader (the U-Boot SPL in my case).
To unlock the FIELD_RETURN the [unlock] part of the CSF must be set. The example CSF also had the unlock of the CAAM RNG, but my i.MX6ULL doesn't have a CAAM. so that statement must be removed.

--------------------
Get Soc UID in U-Boot:

fuse read 0 1 2
Reading bank 0:
Word 0x00000001: 33221100 77665544
--------------------
Get Soc UID in Linux:

cat /sys/bus/soc/devices/soc0/serial_number or cat /sys/devices/soc0/serial_number
7766554433221100
--------------------
The UNLOCK of the SPL CSF:

[Unlock]
Engine = OCOTP
Features = FIELD RETURN
UID = 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
--------------------

0 Kudos
705 Views
Yuri
NXP TechSupport
NXP TechSupport

@Therry 
Hello,

  looks like the FIELD_RETURN is not unlocked.
Let me look at the CSF.

 

Regards,
Yuri.

0 Kudos
697 Views
Therry
Contributor II

Dear Yuri,

Hereby the CSF file of the SPL based on the SoC UID acquired (not actual UID but in the same order)

--------------------
U-Boot:

fuse read 0 1
Reading bank 0:
Word 0x00000001: 55667788

fuse read 0 2
Reading bank 0:
Word 0x00000002: 11223344
--------------------
Linux:

cat /sys/bus/soc/devices/soc0/serial_number
1122334455667788
--------------------

SPL CSF file

[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = SW
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS

[Install SRK]
File = "../../crts/SRK_1_2_3_4_table.bin"
Source index = 0 # Index of the key location in the SRK table to be installed

[Install CSFK]
# Key used to authenticate the CSF data
File = "../../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target index = 2
# Key to install
File = "../../crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem"

[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x00908400 0x00000000 0x0000ac00 "SPL"

[Unlock]
Engine = CAAM, OCOTP
Features = RNG, FIELD RETURN
UID = 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88
--------------------

With kind regards,
Therry Angenent

0 Kudos