帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

what's the role of SRK_LOCK in i.MXRT105X

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

what's the role of SRK_LOCK in i.MXRT105X

跳至解决方案
‎06-28-2022 12:39 AM
1,635 次查看
JerryQian_132
Contributor II

Hi,

I have followed the AN12681 to enabled the HAB secure boot in i.MX RT105x. Everything works fine.

I found that I still can read and write SRK_HASH (0x580[31:0]) after the instructions of AN12681. It means there is a chance to change the SRK_HASH to break the bootup sequence.

There is a bit of SRK_LOCK (0x400[14]) as below. I suppose it can lock the read and write of SRK_HASH (like SJC_RESP_LOCK). So write 0x1 to SRK_LOCK (0x400[14]). Unfortunately, my board cannot boot now... Do you know the role of SRK_LOCK (0x400[14])?

  • Is it used to protect the SRK_HASH? Avoid overriding.
  • If yes, why my board cannot boot after program 0x1 to SRK_LOCK (0x400[14])?
  • If no, is it possible to protect SRK_HASH cannot be overridden?

Snipaste_2022-06-28_15-23-40.png

Snipaste_2022-06-28_15-24-05.png

My fuse settings are:

  • 0x400
    • Before :  0x40128043
    • After : 0x4012c043
  • 0x460 : 0x00000012

'After' means write 0x1 to SRK_LOCK (0x400[14]), my board fails to boot.

0 项奖励
回复
1 解答

跳至解决方案
‎07-03-2022 10:32 PM
1,614 次查看
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @JerryQian_132 ,

   From AN12681 , we can know, to the HAB secure boot, the fuse just need to modify the following point:

kerryzhou_0-1656912536595.png

SRK table and the SEC_CONFIG to enable HAB closed mode, no SRK_LOCK (0x400[14]), after you modify SRK_LOCK, the SRK_Table shoud even can't be read by the HAB secure boot, that's why you boot failed.

I think you totally don't need to modify SRK_LOCK bit.

As, even you can read and write SRK_HASH (0x580[31:0]) , because you have the related certificate files, if to others, don't have it, they can't access it. So, the related fuse table still be protected.

As you know, fuse area just can modify from 0 to 1, can't be back, maybe you need to test another chip for the HAB secure boot, by totally following the AN12681.

 

Best Regards,

kerry

 

在原帖中查看解决方案

0 项奖励
回复
2 回复数

跳至解决方案
‎07-03-2022 10:32 PM
1,615 次查看
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @JerryQian_132 ,

   From AN12681 , we can know, to the HAB secure boot, the fuse just need to modify the following point:

kerryzhou_0-1656912536595.png

SRK table and the SEC_CONFIG to enable HAB closed mode, no SRK_LOCK (0x400[14]), after you modify SRK_LOCK, the SRK_Table shoud even can't be read by the HAB secure boot, that's why you boot failed.

I think you totally don't need to modify SRK_LOCK bit.

As, even you can read and write SRK_HASH (0x580[31:0]) , because you have the related certificate files, if to others, don't have it, they can't access it. So, the related fuse table still be protected.

As you know, fuse area just can modify from 0 to 1, can't be back, maybe you need to test another chip for the HAB secure boot, by totally following the AN12681.

 

Best Regards,

kerry

 

0 项奖励
回复

跳至解决方案
‎07-03-2022 11:12 PM
1,607 次查看
JerryQian_132
Contributor II

Hi Kerry,

"after you modify SRK_LOCK, the SRK_Table shoud even can't be read by the HAB secure boot, that's why you boot failed".

This makes sense. Thanks for clarifying.

BR

Jerry Qian

0 项奖励
回复