FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

BSC9131RDB: is it possible to enable secure boot on this board without actually blowing the fuses?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

BSC9131RDB: is it possible to enable secure boot on this board without actually blowing the fuses?

Jump to solution
‎03-12-2015 03:24 AM
1,818 Views
ravindrakhati
Contributor I

I was looking in to prototyping the secure boot on this board, however could not find any way to enable secure boot on this board without blowing the fuses? There is this document Secure boot for Non-PBL Platform which describes the prototyping procedure for 9132QDS board, do we have someway to prototype secure boot on 9131 as well.

0 Kudos
Reply
1 Solution

Jump to solution
‎03-20-2015 01:45 AM
1,351 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Ravindra Khati,


BSC9131RDB secure boot is not enabled by default in SDK u-boot source, you need to modify the u-boot source code according to BSC9132QDS.

Please refer to the attached patch to modify your u-boot source code.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

View solution in original post

u-boot-sdk-git-r30_v1.patch.zip
0 Kudos
Reply
6 Replies

Jump to solution
‎03-23-2015 04:39 AM
1,351 Views
ravindrakhati
Contributor I

Hi Yiping,

is it mandatory to blow OTPMK as well before trying a signed ESBC image? at least till ESBC validation and boot up I don't think OTPMK will be used.
and if we fuse the ITS bit only and for SRK hash we just fill the shadow registers with CCS, would that work?

Regards,

Ravindra Khati

0 Kudos
Reply

Jump to solution
‎03-24-2015 04:42 AM
1,351 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Ravindra Khati,


Both OTPMK and SRK has are required to be programmed into fused if ITS or SB_EN is set, otherwise ISBS will refuse to pass control to ESBC.


Check the status register of sec mon block (location CCSRBAR + 0xe6014). Refer to the details of the register from the Reference Manual. Bits OTPMK_ZERO, OTMPK_SYNDROME and PE should be 0 otherwise there is some error in the OTPMK fuse blown by you.




Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Reply

Jump to solution
‎03-23-2015 02:39 AM
1,351 Views
ravindrakhati
Contributor I

HI Yiping,

Thanks, for the patch. One more query on this there could be several reasons for ISBC to not able to validate the ESBC image, How do you suggest to debug such issues if we land up in such problem.

In other platforms I guess there are registers which could tell the error code for why ISBC failed the validation but could not find any such register in bsc9131.

Regards,

Ravindra Khati

0 Kudos
Reply

Jump to solution
‎03-16-2015 11:27 PM
1,351 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Ravindra Khati,


9131RDB board doesn't have DIP-Switch for CFG_SB_DIS, for 9131RDB it is only possible to do so by blowing the fuse. Once fuse is blown, it can't be booted as non secure.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Reply

Jump to solution
‎03-19-2015 08:05 AM
1,351 Views
ravindrakhati
Contributor I

Hi Yiping,

Thanks for your reply, As per the Secure boot for Non-PBL Platform document there is separate secure u-boot(NAND_SECBOOT) build in case of BSC9132QDS, However for BSC9131RDB I can not see any such u-boot build target for secure boot in freescale's latest SDK. Does this mean a normal u-boot NAND build can be used in case of secure boot or is there any modification required in u-boot as well for secure boot?

Regards,

Ravindra Khati

0 Kudos
Reply

Jump to solution
‎03-20-2015 01:45 AM
1,352 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Ravindra Khati,


BSC9131RDB secure boot is not enabled by default in SDK u-boot source, you need to modify the u-boot source code according to BSC9132QDS.

Please refer to the attached patch to modify your u-boot source code.


Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

u-boot-sdk-git-r30_v1.patch.zip
0 Kudos
Reply