PUF enroll returns activation code of zeros on an RT685 secure boot enabled MCU

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

PUF enroll returns activation code of zeros on an RT685 secure boot enabled MCU

942件の閲覧回数
yoeinhor
Contributor I

Hi,

 

I have an RT685 MCU that has its OTP fuses burnt to enable secure boot.

I am trying to use the PUF in my image but the activation code returned from the enroll operation is always zeros on this chip.

I have another chip that is not locked on which activation code is returned correctly using the same code.

Also, blhost seems to be able to generate an activation code when booting from ISP.

 

Any help on getting PUF enrollment working on the locked part will be greatly appreciated.

Thanks.

0 件の賞賛
返信
3 返答(返信)

849件の閲覧回数
RaRo
NXP TechSupport
NXP TechSupport

Hello @yoeinhor,

To start, could you please take a look at the following application note for the LPC55Sxx: LPC55Sxx Usage of the Physically Unclonable Function and Hash Crypt to Coding? It might be useful.

Best regards, Raul.

0 件の賞賛
返信

805件の閲覧回数
yoeinhor
Contributor I

Thanks, @RaRo .

I reviewed the application note but did not find anything to point me in the right direction.

Any other ideas?

 

Thanks.

0 件の賞賛
返信

780件の閲覧回数
RaRo
NXP TechSupport
NXP TechSupport

Hello @yoeinhor,

Could you please check if you enable (1) the PUF_BLOCK_ENROLL bit in BOOT_CG[5] (also known as SEC_BOTT_CFG[5]) bit fields while you burned the OTP fuses to enable secure boot?

The RT6xx User manual. Chapter 42. RT6xx Secure Boot ROM mentions the following about PUF_BLOCK_ENROLL: "Block further enrollment of the PUF block. When this bit is set, ROM blocks generation of new activation codes." Which could explain why you cannot do the enrollment anymore.

You could check the OTP configuration with MCUXpresso Secure Provisioning Tool. You could download it here.

Best regards, Raul.

0 件の賞賛
返信