SLN-VIZN-IOT Secure Boot Failed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SLN-VIZN-IOT Secure Boot Failed

1,012 Views
13911368792
Contributor I

   We have met some problems with the secure boot of this kit, we have been strictly following the procedure according to the developer's guide.

    Our environment is: win10 os, python 3.6.8 and openssl 1.1.0g

    For open boot mode, everything is fine.

    For secure boot mode, every python scripts works fine, but after flashing, we change boot mode and restart, it failed, only green light is on. The HAB is enabled and the device is locked.

    Do you have any example binary files we can try, or we can share our binary files if you can help us to find out if something wrong, thanks!

0 Kudos
Reply
2 Replies

979 Views
victorjimenez
NXP TechSupport
NXP TechSupport

Hi Nicolas, 

I checked this directly with our applications team and I received the following reply from them: 

Similar to the customer, I had an issue when using the python secure_app.py and prog_sec_app.py scripts when using them without the "-s" argument which indicates the board should be flashed and not run with execute-in-place enabled. If the customer is wanting to run with HAB and XIP enabled, they will need to also run the lock_boot_mode.py script. This information should be in the dev guide (and is something I will make sure to add for the next revision), but I was able to find it by checking out the README found under Scripts/sln_vizn_iot_secure_boot. That being said, I hope the customer is aware that they will no longer be able to debug their board as a result of having enabled HAB, and I believe eXIP is a one-way ticket as well based on what I've read and the information I've been able to get from the teammates who implemented the lock_boot_mode script. 

If they do not want to permanently enable eXIP, they can try using the secure_app.py and prog_sec_app.py scripts WITH the "-s" argument and the board will be flashed without eXIP enabled. Doing it this way, I was able to get the board to run properly, but I had to make sure I was using a 2A power source to do so. Doing this on my laptop's USB ports caused a strange issue where the board completed its boot sequence, but then reset itself and was no longer able to go through the boot sequence or run at all unless I reflashed the board using the prog_sec_app script again which would result in the board going through the same boot->reset->lock up sequence again. Very strange, but using a higher amperage power source seemed to fix the issue, but did require me to do so directly after flashing the board and changing the boot header.

Have a great day,

Victor

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct"button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

------------------------------------------------------------------------------- 

0 Kudos
Reply

979 Views
13911368792
Contributor I

Hi Victor,

We have read both the developer's guide and readme files, and have used lock_boot_mode.py.

Here is our procedure:

python secure_app.py

python enable_hab.py

python lock_boot_mode.py

python prog_sec_app.py -c nicolas

It seems everything is fine, and we have checked many times, our images and signatures are right. (Open boot works fine, and the projects settings are changed according to the developer's guide during the image creation)

We also use a laptop as power source, and after flashing and changing the boot mode, only green light is on.

We will try a 2A power source and see if it can work or not, thanks!

Have a nice day!

Best Regards,

Nicolas

0 Kudos
Reply