Hi @samet-san
I hope that you are doing well.
I see that you already burned security related fuses on your MCU. Did you already burned the SRK related fuses?
They are required and their value depends on the certificate you generate for secure boot. After those fuses are burned you need to generate the signed bootable image using the same certificate. Try generating a signed image using HAB with the MCUXpresso Secure Provisioning tool. Make sure to import your certifcates, so the tool could sign the image with them.
Let me know if I there is anything else where I could help you.
Diego
Hi @samet-san
Yes, you made well not sharing those fuses! I did it becuase I am not using them, and thanks for the confirmation.
I you want to use OTFAD and HAB please use the Encrypted( OTFAD) authenticated option. Below a reference image
Please check step by step setup in the section 6.2.3.9 Booting OTFAD encrypted image authenticated with user keys of the SPT User guide ( click on Help tile of the tool to open the guide)
I hope this could help you!
Diego
Hi Diego
Thanks for your help.
I couldn't run it. My configuration is below; DCD file is empty. I dont know what I write about it .
This is myfuses;
Fuse request: 0x940 |= 0x2 (mask: 0xff); current value=0x800; status=WRITE
Fuse request: 0x970 |= 0x0 (mask: 0x1000); current value=0x0; status=MATCHES
Fuse request: 0x860 |= 0x0 (mask: 0x40); current value=0xc028; status=MATCHES
Fuse request: 0x8E0 |= 0x0 (mask: 0x40); current value=0x202; status=MATCHES
Fuse request: 0xB00 |= 0x278c501c; current value=0x278c501c; status=MATCHES
Fuse request: 0xB10 |= 0x7345100b; current value=0x7345100b; status=MATCHES
Fuse request: 0xB20 |= 0x472e7aa8; current value=0x472e7aa8; status=MATCHES
Fuse request: 0xB30 |= 0xb13fb29a; current value=0xb13fb29a; status=MATCHES
Fuse request: 0xB40 |= 0xca3b1685; current value=0xca3b1685; status=MATCHES
Fuse request: 0xB50 |= 0x6505ca99; current value=0x6505ca99; status=MATCHES
Fuse request: 0xB60 |= 0x6e6652e6; current value=0x6e6652e6; status=MATCHES
Fuse request: 0xB70 |= 0x6669fc6d; current value=0x6669fc6d; status=MATCHES
Fuse request: 0xC70 |= 0x0 (mask: 0x10); current value=0x0; status=MATCHES
Fuse request: 0x1000 |= 0xffb62518; current value=0xffb62518; status=MATCHES
Fuse request: 0x1010 |= 0x1b8fa603; current value=0x1b8fa603; status=MATCHES
Fuse request: 0x1020 |= 0x645e94b0; current value=0x645e94b0; status=MATCHES
Fuse request: 0x1030 |= 0x6cdd2ac4; current value=0x6cdd2ac4; status=MATCHES
I dont know where it is false.
Hi @samet-san
Thank you for your reply.
When you say that you can not run the app, was the application flashed into memory? Please share full log from the tool when you attempt to write an image.
I see the below error and it makes me think that the flashloader, used to flash the image, was not even executed.
If I am correct, it seems that the flashloader signature does not match the SRK fuses, so it was rejected by the ROM, this implies that if the flashloader does not executes, you will not be able to flash the image.
In the PKI management of the tool we have an option to generate keys and certificates, and import keys. Make sure to import the keys and certificates that you used the first time you burn the SRK fuses.
If you check your write script, from the tool's Write image tab, is the value written to SRK fuses matching the ones you have?
I hope this helps,
Diego
Hi Diego
Flashloader is running. It doesn't have any problem. This problem is temporary. Some connection problems.
They SRK keys is same. Also, Certificates are included.
I think I configurated uncorrect something .I am doing uncorrect somewhere. But I dont know it.
Thanks a lot
