i.MX 6UL - SDP_DISABLE not working with FORCE_INTERNAL_BOOT

Pugo · ‎06-20-2024

We have a system based on i.MX 6UL, using HAB and NAND flash.

To lock down after our production step we burn the SDP_DISABLE. We want no SDP at all, in any mode. The boot mode (BOOT_MODE[1:0]) has been 00 and with that mode the SDP_DISABLE seems to work as expected, I can no longer use SDP.

After reading through "IMXSCK - iMX_Security_Checklist_v2_1" and general recommendations we decided to also burn FORCE_INTERNAL_BOOT, to prevent that any attempts to change boot mode. When burning this fuse I detected that I could again use SDP to program the firmware. It seems like it no longer honors the SDP_DISABLE fuse.

We have burned the BT_FUSE_SEL to force that no fuses should be overridable by GPIO:s.

My questions:

We would appreciate any help to understand why SDP becomes available again, even though SDP_DISABLE is 1, when we enable FORCE_INTERNAL_BOOT.
Can we achieve the same level of security in the original "Boot from fuses" mode? When we have burned BT_FUSE_SEL I can't see much difference, except from physical tamper that theoretcically could change the BOOT_MODE[1:0].

Pugo · ‎06-20-2024

Maybe I have found some answers myself.

When looking more closely to our logs during boot I see that U-Boot SPL is active in both boot modes. As I mentioned we have a jumper on our development board, switching between booting from NAND and SPL.

Here is how it looks on a boot from NAND.

and here is how it looks in the other mode:

I'm starting to think that the SDP_DISABLE might work as expected when running the internal boot mode, but that U-Boot SPL is started and it checks the jumper and initiates SDP.

JorgeCas · ‎06-20-2024

Hello,

Please check on your e-mail since this is information under NDA.

Best regards.

i.MX 6UL - SDP_DISABLE not working with FORCE_INTERNAL_BOOT

i.MX 6UL - SDP_DISABLE not working with FORCE_INTERNAL_BOOT

i.MX6 All

i.MX6UL

Linux

Security