FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

what's the role of SRK_LOCK in i.MXRT105X

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

what's the role of SRK_LOCK in i.MXRT105X

Jump to solution
‎06-28-2022 12:39 AM
682 Views
JerryQian_132
Contributor II

Hi,

I have followed the AN12681 to enabled the HAB secure boot in i.MX RT105x. Everything works fine.

I found that I still can read and write SRK_HASH (0x580[31:0]) after the instructions of AN12681. It means there is a chance to change the SRK_HASH to break the bootup sequence.

There is a bit of SRK_LOCK (0x400[14]) as below. I suppose it can lock the read and write of SRK_HASH (like SJC_RESP_LOCK). So write 0x1 to SRK_LOCK (0x400[14]). Unfortunately, my board cannot boot now... Do you know the role of SRK_LOCK (0x400[14])?

  • Is it used to protect the SRK_HASH? Avoid overriding.
  • If yes, why my board cannot boot after program 0x1 to SRK_LOCK (0x400[14])?
  • If no, is it possible to protect SRK_HASH cannot be overridden?

Snipaste_2022-06-28_15-23-40.png

Snipaste_2022-06-28_15-24-05.png

My fuse settings are:

  • 0x400
    • Before :  0x40128043
    • After : 0x4012c043
  • 0x460 : 0x00000012

'After' means write 0x1 to SRK_LOCK (0x400[14]), my board fails to boot.

0 Kudos
Reply
1 Solution

Jump to solution
‎07-03-2022 10:32 PM
661 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @JerryQian_132 ,

   From AN12681 , we can know, to the HAB secure boot, the fuse just need to modify the following point:

kerryzhou_0-1656912536595.png

SRK table and the SEC_CONFIG to enable HAB closed mode, no SRK_LOCK (0x400[14]), after you modify SRK_LOCK, the SRK_Table shoud even can't be read by the HAB secure boot, that's why you boot failed.

I think you totally don't need to modify SRK_LOCK bit.

As, even you can read and write SRK_HASH (0x580[31:0]) , because you have the related certificate files, if to others, don't have it, they can't access it. So, the related fuse table still be protected.

As you know, fuse area just can modify from 0 to 1, can't be back, maybe you need to test another chip for the HAB secure boot, by totally following the AN12681.

 

Best Regards,

kerry

 

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎07-03-2022 10:32 PM
662 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @JerryQian_132 ,

   From AN12681 , we can know, to the HAB secure boot, the fuse just need to modify the following point:

kerryzhou_0-1656912536595.png

SRK table and the SEC_CONFIG to enable HAB closed mode, no SRK_LOCK (0x400[14]), after you modify SRK_LOCK, the SRK_Table shoud even can't be read by the HAB secure boot, that's why you boot failed.

I think you totally don't need to modify SRK_LOCK bit.

As, even you can read and write SRK_HASH (0x580[31:0]) , because you have the related certificate files, if to others, don't have it, they can't access it. So, the related fuse table still be protected.

As you know, fuse area just can modify from 0 to 1, can't be back, maybe you need to test another chip for the HAB secure boot, by totally following the AN12681.

 

Best Regards,

kerry

 

0 Kudos
Reply

Jump to solution
‎07-03-2022 11:12 PM
654 Views
JerryQian_132
Contributor II

Hi Kerry,

"after you modify SRK_LOCK, the SRK_Table shoud even can't be read by the HAB secure boot, that's why you boot failed".

This makes sense. Thanks for clarifying.

BR

Jerry Qian

0 Kudos
Reply