帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

revoke SRK in the closed device

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

revoke SRK in the closed device

‎09-26-2023 12:30 AM
2,225 次查看
jongho
Contributor I

Hi

I'm using imx8mq.

 

By writing the appropriate values to SRK_HASH and SEC_CONFIG,

I successfully closed the device.

I confirmed that HAB and secureboot are working correctly.

 

To do revoke SRK, I added the following to spl csf:

[Unlock]
Engine = OCOTP
Features = SRK REVOKE

But, the command 'fuse prog -y 9 3 1' fails.
SRK_REVOKE could not be performed.
At this time, if I read 0x30350050
The value is 0x000007be which means SRK_REVOKE_LOCK is set.

On open devices, I confirmed that the 'fuse prog -y 9 3 1' command operates normally.


Is there something I haven't done to do SRK_REVOKE?

 

I would like to inform you that I have already signed the NDA.

 

 

标签 (1)
0 项奖励
回复
5 回复数

‎09-27-2023 01:49 AM
2,178 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Hi @jongho 

Try not to include HDMI FW when compiling. Then sign the SPL as it currently is.

 

Best regards

Harvey

0 项奖励
回复

‎10-03-2023 11:51 PM
2,143 次查看
jongho
Contributor I

Hi.

Even though I set the build target to flash_evk_no_hdmi, srk revoke still doesn't work.

I tried unlock srk revoke for only spl.csf

and also tried unlock srk revoke for both spl.csf and fit.csf.

In both cases, the command 'fuse prog -y 9 3 1' does not work.

0 项奖励
回复

‎10-08-2023 07:53 PM
2,098 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Hi, 

Please check the link (i.MX 8MQ SRK Revocation limitations in HAB Closed ... - NXP Community) if it is help for the problem that you've encountered. 

 

Best regards

Harvey

0 项奖励
回复

‎10-09-2023 09:29 PM
2,089 次查看
jongho
Contributor I

Thank you. My question was resolved after seeing that link.

BTW, I have a few more questions.

1. While reviewing the workaround code in the u-boot source, I tried disabling HDMI (fuse 0x450 bit 25), but this bit is also fuse write protected. Where is the HDMI LOCK bit information?


2. The SRK_REVOKE_LOCK bit (in OCOTP_HW_OCOTP_SW_STICKY) is not mentioned in my security reference manual. Through Googling, I learned about the existence of the SRK_REVOKE_LOCK bit. Is there any documentation mentioning this?


3. My reference manual also doesn't have any information about disabling SJC and secure JTAG. Is there any documentation mentioning this?

Thanks.

Best Regards,

Jongho.

0 项奖励
回复

‎10-10-2023 08:29 PM
2,070 次查看
Harvey021
NXP TechSupport
NXP TechSupport

These follow up questions will be answered in a new case, please wait.

 

Best regards

Harvey

0 项奖励
回复