Hi all,
Noticed that the following commands in uboot are always successful even the container image was no signed, but "seco events" shows that the image was not signed (AHAB_NO_AUTHENTICATION_IND):
Uboot>if run auth_os; then echo Done; else echo ERR; fi; - it almost the same what uboot will do if we enable:
So, I enabled CONFIG_AHAB_BOOT to use SECO API from uboot
generated keys and signed containers follow to AHAB guides and burned SRK_HASH fuses.
1th container image - signed flash.bin with SCU, uboot, SCFW that works fine. No SECO events
2th container image - flash_os.bin (Linux Kernel + DTB) unsigned and
flash_os.bin.signed with the same keys as a previous one and it should be authenticated by uboot via SECO API
So, if you look at the screenshot:
run auth_os-> auth_cntr -> do_authenticate -> authenticate_os_container -> sc_seco_authenticate -< No errors
But "seco events" shows(or not shows the errors depending on Linux image) AHAB_NO_AUTHENTICATION_IND
Thus, the questions are:
Regards,
Bulat
You can see at the end of apply_snvs_config function, the hp.lock(0x1f0703ff) and lp.lock(0x1f0003ff) will be set, so the LPTGFCR_HL and LPTGFCR_SL will both set to 1.
The 0x44 SNVS register is SNVS_LPSM_LP Tamper Glitch Filters Configuration Register, which is used to configure the glitch filters for the SNVS_LP tamper inputs. This register cannot be programmed when
the LPTGFCR_SL or LPTGFCR_HL bit is set.
Meanwhile, from below description, you can know the reset conditions of these two bits. Cold reset will make these two bits reset, warm reset can't, so the failure appeared.
SNVS_LP Lock Register
SNVS_HP Lock Register