We have met some problems with the secure boot of this kit, we have been strictly following the procedure according to the developer's guide.
Our environment is: win10 os, python 3.6.8 and openssl 1.1.0g
For open boot mode, everything is fine.
For secure boot mode, every python scripts works fine, but after flashing, we change boot mode and restart, it failed, only green light is on. The HAB is enabled and the device is locked.
Do you have any example binary files we can try, or we can share our binary files if you can help us to find out if something wrong, thanks!
Hi Nicolas,
I checked this directly with our applications team and I received the following reply from them:
Similar to the customer, I had an issue when using the python secure_app.py and prog_sec_app.py scripts when using them without the "-s" argument which indicates the board should be flashed and not run with execute-in-place enabled. If the customer is wanting to run with HAB and XIP enabled, they will need to also run the lock_boot_mode.py script. This information should be in the dev guide (and is something I will make sure to add for the next revision), but I was able to find it by checking out the README found under Scripts/sln_vizn_iot_secure_boot. That being said, I hope the customer is aware that they will no longer be able to debug their board as a result of having enabled HAB, and I believe eXIP is a one-way ticket as well based on what I've read and the information I've been able to get from the teammates who implemented the lock_boot_mode script.
If they do not want to permanently enable eXIP, they can try using the secure_app.py and prog_sec_app.py scripts WITH the "-s" argument and the board will be flashed without eXIP enabled. Doing it this way, I was able to get the board to run properly, but I had to make sure I was using a 2A power source to do so. Doing this on my laptop's USB ports caused a strange issue where the board completed its boot sequence, but then reset itself and was no longer able to go through the boot sequence or run at all unless I reflashed the board using the prog_sec_app script again which would result in the board going through the same boot->reset->lock up sequence again. Very strange, but using a higher amperage power source seemed to fix the issue, but did require me to do so directly after flashing the board and changing the boot header.
Have a great day,
Victor
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct"button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Victor,
We have read both the developer's guide and readme files, and have used lock_boot_mode.py.
Here is our procedure:
python secure_app.py
python enable_hab.py
python lock_boot_mode.py
python prog_sec_app.py -c nicolas
It seems everything is fine, and we have checked many times, our images and signatures are right. (Open boot works fine, and the projects settings are changed according to the developer's guide during the image creation)
We also use a laptop as power source, and after flashing and changing the boot mode, only green light is on.
We will try a 2A power source and see if it can work or not, thanks!
Have a nice day!
Best Regards,
Nicolas