FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

[i.MX8M Plus] Secure JTAG Operation Issue Inquiry

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[i.MX8M Plus] Secure JTAG Operation Issue Inquiry

‎10-16-2023 12:34 AM
793 Views
dhj
Contributor II

We have previously inquired about this issue:

https://community.nxp.com/t5/i-MX-Processors/i-MX8M-Plus-Is-secure-jtag-a-trace32-demo-script-execut...

 

Following the support from NXP technical team, we received a Trace32 script, and it seemed to work correctly when executed with this script. However, this operation was successful only when the secure JTAG-related efusing was performed (SJC_RESP, SJC_RESP_LOCK, JTAG_SMODE).

We added efusing specific to our product as follows:

/* SRK_HASH[255:0] - SRK write */
fuse prog -y 6 0 <confidential>
fuse prog -y 6 1 <confidential>
fuse prog -y 6 2 <confidential>
fuse prog -y 6 3 <confidential>
fuse prog -y 7 0 <confidential>
fuse prog -y 7 1 <confidential>
fuse prog -y 7 2 <confidential>
fuse prog -y 7 3 <confidential>

/* SEC_CONFIG[1]    - 0x470[25] - Closed device */
/* BOOT_MODE_FUSE   - 0x470[15:12] - eMMC Boot */
/* BT_FUSE_SEL      - 0x470[28] - enable eFuse BOOT_MODE */
/* JTAG_SMODE[1:0]  - 0x470[23:22] */
fuse prog -y 1 3 0x12402000

/* WDOG_EN          - 0x480[10] - Watchdog reset counter enable *
fuse prog -y 2 0 0x400

/* USDHC_PWR_EN     - 0x490[7] - eMMC reset enable */
/* IMG_CNTN_SET1_OFFSET - 0x490[22:19] - Secondary Image Boot Offset (8mb) */
fuse prog -y 2 1 0x180080

/* SJC_RESP[63:0]   - 0x600-0x610 */
/* SJC_RESP[127:64] - 0x7D0-0x7E0 */
fuse prog -y 8 0 0x12345678
fuse prog -y 8 1 0x9abcdef0
fuse prog -y 15 1 0x12345678
fuse prog -y 15 2 0x9abcdef0

/* SJC_RESP_LOCK    - 0x400[10] */
/* SRK_LOCK         - 0x400[9] */
/* BOOT_CFG_LOCK    - 0x400[3:2] */
fuse prog -y 0 0 0x604

 

trace32 area log:

dhj_0-1697441637733.png

 

Are there any other values besides the secure JTAG-related efusing that might have an impact? Or could there be another reason? We are looking forward to your prompt response.

 

 

Thank you.

Tags (1)
0 Kudos
Reply
7 Replies

‎10-16-2023 02:21 AM
769 Views
joanxie
NXP TechSupport
NXP TechSupport

let me double checked this from script owner, any update, I will post here

0 Kudos
Reply

‎10-16-2023 07:41 PM
760 Views
dhj
Contributor II

Upon further investigation, we have confirmed that when proceeding with SEC_CONFIG[1] - 0x470[25] - Closed device, we are unable to perform the attach. It seems that HAB is affecting the SJC in this case.

0 Kudos
Reply

‎10-16-2023 10:44 PM
751 Views
joanxie
NXP TechSupport
NXP TechSupport

so you have found the root cause, right? do you still need further help?

0 Kudos
Reply

‎10-16-2023 10:55 PM
747 Views
dhj
Contributor II

The issue has not been resolved. We require secure boot functionality, and for this, we need to use the device closed state (SEC_CONFIG[1] - 0x470[25]).

We mentioned that among several efusing data we applied, SEC_CONFIG[1] - 0x470[25] was the issue. We hoped for a quicker response as the NXP technical support team is aware of this and has looked into it.

Please provide guidance on how to use Secure JTAG while using our efusing.

0 Kudos
Reply

‎10-17-2023 11:26 PM
719 Views
joanxie
NXP TechSupport
NXP TechSupport

the expert team has issue on another case this week, they will help you next week, do you mind if I put you in the group, and you can contact them directly? maybe call is better

0 Kudos
Reply

‎10-24-2023 05:41 PM
668 Views
dhj
Contributor II

I can directly contact them via email.


and...

Has my inquiry been forwarded to them? Do I need to send a separate email to them, or should I wait for a response

0 Kudos
Reply

‎10-31-2023 08:48 PM
604 Views
joanxie
NXP TechSupport
NXP TechSupport

I have already forward your new request to them before, you also can send to them again for save

0 Kudos
Reply