- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
-
- Home
- :
- i.MX Security
- :
- Knowledge Base
- :
- Field Return dependency on OCOTP Module clock in MPU and MCU devices
Field Return dependency on OCOTP Module clock in MPU and MCU devices
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Field Return dependency on OCOTP Module clock in MPU and MCU devices
Field Return dependency on OCOTP Module clock in MPU and MCU devices
Overview:
The entry to the Field-Return configuration on a secure enabled device requires specific steps to be performed. On certain devices, the field-return configuration operates differently than currently described in the Security Reference Manual. The FIELD_RETURN fuse is protected by the FIELD_RETURN_LOCK sticky bit in the OCOTP_CTRL fuse controller. This requires the OCOTP module clock to be enabled to set the sticky bit
Before leaving the boot ROM, the FIELD_RETURN_LOCK bit is set as long as the OCOTP clock has been enabled in the initial bootloader either via DCD or plugin method), so that the FIELD_RETURN fuse cannot be burned.
If the OCOTP module clock is not enabled then the FIELD RETURN behavior does not operate as described. In addition, if the device is configured in Serial Downloader Mode (SDP) the OCOTP module clock is not enabled on certain devices hence the Field Return Mode functionality does not operate as described.
Expected Field Return behavior:
| Chip State | OCOTP Clock | FIELD RETURN Sticky Bit | SRK REVOKE Sticky Bit | OCOTP_SW_STICKY value | Comments |
|---|---|---|---|---|---|
| Open (SEC_CONFIG[1] = 0) | Disabled | Disabled | Disabled | 0x18 | No Unlock FIELD RETURN No Unlock SRK REVOKE |
| Open (SEC_CONFIG[1] = 0) | Enabled | Enabled | Disabled | 0x1C | No Unlock FIELD RETURN No Unlock SRK REVOKE |
| Closed (SEC_CONFIG[1] = 1) | Disabled | Disabled | Disabled | 0x18 | No Unlock FIELD RETURN No Unlock SRK REVOKE |
| Closed (SEC_CONFIG[1] = 1) | Enabled | Enabled | Enabled | 0x1E | No Unlock FIELD RETURN No Unlock SRK REVOKE |
| Open (SEC_CONFIG[1] = 0) | Disabled | Disabled | Disabled | 0x18 | Unlock FIELD RETURN Unlock SRK REVOKE |
| Open (SEC_CONFIG[1] = 0) | Enabled | Disabled | Disabled | 0x18 | Unlock FIELD RETURN Unlock SRK REVOKE |
| Closed (SEC_CONFIG[1] = 1) | Disabled | Disabled | Disabled | 0x18 | Unlock FIELD RETURN Unlock SRK REVOKE |
| Closed (SEC_CONFIG[1] = 1) | Enabled | Disabled | Disabled | 0x18 | Unlock FIELD RETURN Unlock SRK REVOKE |
Fixes:
1. Updated ROM:
Certain devices such as i.MX 6SLL, i.MX 6UL, i.MX 7S/D, i.MX 8M, i.MX 8MM enable the FIELD RETURN and SRK REVOKE sticky bits in Serial Downloader Mode(SDP) boot mode. Future NPIs will incorporate similar functionality.
2. Software Patches to keep OCOTP Module Clocks Enabled
U-boot patches developed to enable OCOTP clock in DCD/Plugin. All customers should ensure these patches are in place to ensure the clock to the OCOTP module is enabled.
Patches in CodeAurora :
Security Implications
- As long as the OCOTP clock has been enabled, the FIELD RETURN functions as documented.
- In the development process where DCD/Plugin is not yet executed to enable OCOTP clock and JTAG is connected, it may be possible to program the FIELD RETURN fuse.
