- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- [i.MAX6ULL] How to burn the imx6ull program after the fuse is broken
[i.MAX6ULL] How to burn the imx6ull program after the fuse is broken
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[i.MAX6ULL] How to burn the imx6ull program after the fuse is broken
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I was trying to use the secure boot feature recently and I've already broken fuse. And successfully signed uboot and zImage. And when we call hab_status and hab_auth_img to verify if a HAB Event was generated:
Secure boot enabled
HAB Confiquration: 0xfo. HAB state: 0x66
NO HAB Events Found!
At this point I thought I had implemented secure boot, but then I ran into a problem. How do I use the tools to burn into device trees, filesystems, images? And do you need to manually write the certificate to fuse in production? Is there a quick way?
I made some attempts with the documentation linked below.
①https://boundarydevices.com/high-assurance-boot-hab-dummies/
Chapter: What about imx_usb_loader?
②https://github.com/nxp-imx/mfgtools/wiki/UUU-default-support-protocol-list
Chapter: HABv4 closed chip support
The links are probably all about using tools to modify the DCD region in uboot. After I follow this operation, I successfully burn uboot using imx_usb in ① but uboot will only be loaded once.
I think the reason uboot works here is because we're in the area where uboot is loaded:
---------------------------
succeeded (security 0x12343412, status 0x88888888)
jumping to 0x877ff400
-----------------------------
The content is as follows:
---------------------------
U-Boot 2021.04-dirty (Nov 08 2023-12:05:10 +0800)
CPU: i.MX6ULL rev1.1 528 MHz (running at 396 MHz)
CPU: Industrial temperature grade (-40C to 105C) at 47C
Reset cause: POR
Model: i.MX6 ULL 14x14 EVK Board
Board: MX6ULL 14x14 EVK
DRAM: 512 MiB
MMC: FSL_SDHC: 0, FSL_SDHC: 1
Loading Environment from MMC... *** Warning - bad CRC, using default environment
[*]-Video Link 0 (480 x 272)
[0] lcdif@21c8000, video
In: serial
Out: serial
Err: serial
switch to partitions #0, OK
mmc1(part 0) is current device
Net:
Warning: ethernet@20b4000 (eth1) using random MAC address - c2:81:d3:ec:bd:b3
eth1: ethernet@20b4000 [PRIME]Get shared mii bus on ethernet@2188000
Warning: ethernet@2188000 (eth0) using random MAC address - f6:e3:cd:25:16:87
, eth0: ethernet@2188000
Fastboot: Normal
Boot from USB for mfgtools
*** Warning - Use default environment for mfgtools
, using default environment
Run bootcmd_mfg: run mfgtool_args; if iminfo ${initrd_addr}; then if test ${tee} = yes; then bootm ${tee_addr} ${initrd_addr} ${fdt_addr}; else bootz ${loadaddr} ${initrd_addr} ${fdt_addr}; fi; else echo "Run fastboot ..." ; fastboot 0; fi;
Hit any key to stop autoboot: 0
----------------------------
Once reset, uboot won't get up.
I put the uboot file with the modified DCD region into the mfgtool tool. If I do not modify the.imx file in fireware that is uboot, the mfgtool tool will be stuck in the jumping to OS section log below, see mfgtool1.log for details
-----------------------
...
CmdOperation[0] device chagned and reset to state 0
ModuleID[2] LevelID[10]: ExecuteCommand--Boot[WndIndex:0], File is F:\driver_imax6ull\mfgtool\mfgtool\Profiles\linux\OS Firmware\firmware\u-boot-imx6ull-14x14-emmc.imx
---------------------------
After I replaced the imx file in fireware, the serial port was directly disconnected. For detailed log, please see mfgtool2.log
Finally, attached is the contents of the file I used cst tool. I suspect it has something to do with that, too
Maybe it's because my Engine option says SW, but if I use CAAM, DCP, or ANY, I get a HAB Event
