FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

imx6 secure boot without efuse blow?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imx6 secure boot without efuse blow?

‎02-24-2014 09:21 PM
1,686 Views
davidyu
Contributor I

My question is:

According to the manual of iMX6, it mentioned that secure boot takes effect when DIR_BT_DIS and SEC_CONFIG in eFuse should be blown.

In the developing stage, can imx6 board use secure boot without eFuse blow?  (internal boot mode or serial download mode)

Is there any way (such as setting GPIO or registers) to get this effect?

Thanks!

Tags (2)
0 Kudos
Reply
4 Replies

‎04-10-2014 12:02 AM
766 Views
YixingKong
Senior Contributor IV

David

We are sorry for getting back to you so late. Are you still stuck with the issue? If you have somehow to resolved the issue, can we close the discussion? If you still need help, please feel free to reply with an update to this discussion.

Thanks,

Yixing

0 Kudos
Reply

‎04-10-2014 12:27 AM
766 Views
davidyu
Contributor I

Yes, we still need help~~ thx~

0 Kudos
Reply

‎04-15-2014 12:34 AM
766 Views
YixingKong
Senior Contributor IV

David

We have some response from internal expert and response is below:

---------------------------------------------------------------------------------------------------

For iMX6 secure boot in development stage is possible to override the need to have efuses locked for secure boot,

by forcing the result of check_hab_enable to be true:


for uboot-imx branch imx_v2013.04_3.10.17_1.0.0_beta:


diff --git a/arch/arm/cpu/armv7/mx6/soc.c b/arch/arm/cpu/armv7/mx6/soc.c

index 4702dc6..2daaca6 100644

--- a/arch/arm/cpu/armv7/mx6/soc.c

+++ b/arch/arm/cpu/armv7/mx6/soc.c

@@ -643,7 +643,7 @@ int check_hab_enable(void)

        if (reg & 0x2)

                result = 1;

-       return result;

+       return result = 1;

}

That way hab_authenticate is executed without the need to burn fuses, so user could make sure that secure boot is working as expected.

Is also recommended to define the macro DEBUG_AUTHENTICATE_IMAGE in the config header file for the platform used so

HAB can log more information.

---------------------------------------------------------------------------------------------------

Regards,

Yixing

0 Kudos
Reply

‎04-10-2014 01:09 AM
766 Views
YixingKong
Senior Contributor IV

David

I will branch your discussion into an internal group and assign an engineer to work on it.

Regards,

Yixing

0 Kudos
Reply