Background:
The CAAM manufacturing protection feature provides a mechanism to authenticate the chip to the OEM's server. The manufacturing protection feature can be used to ensure that the chip:
The CAAM manufacturing protection feature is based on an ECC private key generated by the High Assurance Boot (HAB) code on every boot cycle. The Manufacturing Protection (MP) private key generation takes as input several fixed secrets and the MANUFACTURE_PROTECTION_KEY[255:0] being one of them in SoC fuses.
Issue Description:
On certain i.MX RT117x and RT116x devices the MANUFACTURE_PROTECTION_KEY[255:0] fuses were incorrectly programmed at the NXP factory. During the MP private key generation, the CAAM block validates the inputs provided and fails as the MANUFACTURE_PROTECTION_KEY[255:0] provided is not a valid one.
As the MPPubK-generation and MPSign CAAM functions depends on the result of MPPrivK-generation function the CAAM manufacturing protection feature cannot be used on the impacted devices.
Details regarding manufacturing protection functions can be found in the section "Manufacturing-protection chip-authentication process" in the security reference manuals (SRM).
Please note that in closed mode the CAAM MPPrivK-generation function can be only executed once in the same power-on session. Running a second time returns a CAAM error (0x40000481) undefined protocol command which is not related to the issue described in this document.
Checking if your device is impacted:
Customers can check if their device is impacted by following the 3 steps below:
Customers can parse the HAB persistent memory region at 0x20242000 in order to get the warning events.
Impacted devices should report the event below:
Event | 0xdb | 0x0024 | 0x45 | SRCE Field: 69 30 e1 1d
| | | | STS = HAB_WARNING (0x69)
| | | | RSN = HAB_ENG_FAIL (0x30)
| | | | CTX = HAB_CTX_ENTRY (0xE1)
| | | | ENG = HAB_ENG_CAAM (0x1d)
| | | | Evt Data (hex):
| | | | 00 01 00 02 40 00 04 cc 00 00 00 0f 00 00 00 00
| | | | 00 00 00 00 00 00 00 00 00 00 00 01
3. Checking the CAAM SCFGR register: After running the MPPrivK-generation function the CAAM block stores in the CAAM SCFGR register the elliptic curve that was selected when the MPPrivK generation protocol was executed.
Users can check the MPCURVE field [31:28] in the CAAM SCFGR register and on impacted devices this field will be 0.
List of impacted devices:
All i.MX RT117x and RT116x devices prior to 2213 datecode are impacted.
Workaround:
No Software Workaround can be implemented.
Customers planning to use the Manufacturing Protection feature should request for SoC's that have the correct fuse programming.
Please Note: This issue does not impact the Secure Boot flow and does not compromise security.