- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- i.MX8MQ EVK: Secure boot with rollback prevention
i.MX8MQ EVK: Secure boot with rollback prevention
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
i.MX8MQ EVK: Secure boot with rollback prevention
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
I have an i.MX8MQ EVK with an extended secure boot all the way up to a custom uImage. Now I want to add a rollback prevention mechanism for our custom uImage. For this, I currently assume the proper location to be in u-boot after our uImage was authenticated. I assume that our rollback prevention mechanism will have to work against the SNVS Secure Monotonic Counter registers. My questions are now as follows:
- Where within u-boot is the proper place for this rollback prevention mechanism to be implemented?
- Does someone have some sample code on how to access the SNVS Secure Monotonic counter registers on an i.MX8MQ EVK?
Many thanks for your help.
Cyrill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
I'm still working on this. Meanwhile, I tried to access the SNVS registers from the interactive U-Boot command line interface. Looking at the SNVS_HP Command Register (HPCOMR), I see field 31 as set and with this assume I should be able to access privileged registers:
u-boot=> md.l 0x30370004 1
30370004: 80002100
Then looking at the SNVS_LP Lock Register (LPLR), I see field 4 as not set and with this assume I should have write access to the monotonic counter and MC_ENV bit:
u-boot=> md.l 0x30370034 1
30370034: 00000000
Then looking at the SNVS_LP Control Register (LPCR) I see field 2 (MC_ENV) as not set and with this assume that the monotonic counter is disabled or invalid:
u-boot=> md.l 0x30370038 1
30370038: 00000020
Now I tried to enable the monotonic counter by setting this MC_ENV field of the LPCR register as follows:
u-boot=> mw.l 0x30370038 0x00000024
However, this has no effect:
u-boot=> md.l 0x30370038 1
30370038: 00000020
What am I missing?
Many thanks,
Cyrill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
I'm still working on this. I would like to summarize my previous question as follows: booting the i.MX8MQ EVK and interrupting u-boot to get into the interactive u-boot CLI, why is it not possible to write the MC_ENV field of the LPCR register (from within the u-boot CLI) to enable the monotonic counter even though the HPCOMR register indicates that access to privileged registers is enabled and the LPLR register indicates that I should have access to the MC_ENV field of the LPCR register?
Many thanks for your help.
Cyrill
jamesbone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
reason may be insufficient permissions which are handled in atf
