- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- CodeWarrior
- :
- CodeWarrior for QorIQ
- :
- How to enable secure debug on ls1021atwr board.? Secure boot is running on ls1021atwr.
How to enable secure debug on ls1021atwr board.? Secure boot is running on ls1021atwr.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii
I am looking for some guidance to run secure debug(SDC) on ls1021atwr.
OEM security policy register 1
I know there are some register given in the Ref Manual.
But still little confused about how we can implement this.
I checked freescale infocenter also but no luck.
Just want run some demo where i can show the Challenge Read/Write authentication using code warrior.
Thanks
Abhishek Ojha
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii linminliang,
My problem is solved.
Only thing i was missing is Jumper we need to insert jumper TA_BB for running secure boot.
One bug is der in SDK 1.7 that RCW given for secure boot is going in hold_off mode(BOOT_HO=1).
Most probably That is now fixed in SDK1.8.
Here is the steps if anybody wants to try secure debug on LS series.
Reset Configuration Word (RCW):
00000000: 0608000a 00000000 00000000 00000000
00000010: 20000000 00407900 e0225a00 21046000
00000020: 00000000 00000000 00000000 00038000
00000030: 00000000 881b7540 00000000 00000000
Board: LS1021ATWR
1.Insert Jumper j8 and programme fuses in following fashion.
mw 1e80204 02000000
mw 1e80208 dodododo
mw 1e8020c cocococo
mw 1e80210 eecbfeca
mw 1e80214 ba00aa01
mw 1e80020 02000000
01aa00bbcafecafe (passowrd)
Hamming code:-
DRV0-cafecbee
DRV1-01aa00ba
2.Board is booting in Secure state.
3.Commands from Codewarrior Connection server.
bin) 50 % display ccs::read_mem 19 0x00010000 0x00000000 8 0 1
+0 +8
[0x0001000000000000] C0C0C0C0D0D0D0D0
(bin) 52 % ccs::write_mem 19 0x00010000 0x00000008 8 0 {0xba00aa01 0xeecbfeca}
this will allow you to debug disassembly and register
But three wrong attempts will reset your board.
this is our password "0xba00aa01 0xeecbfeca"
=> md 1e80204
01e80204: 02000000 d0d0d0d0 c0c0c0c0 ffffffff ................
01e80214: ffffffff 00000000 00000000 00000000 ................
01e80224: 00000000 00000000 00000000 00000000 ................
01e80234: ffffffff ffffffff ffffffff ffffffff ................
01e80244: ffffffff ffffffff ffffffff ffffffff ................
01e80254: 45e85b37 e8e2bb49 a47fa6d7 5afa0bda 7[.EI..........Z
01e80264: c716a39c f6a13b4d 29654110 3c8007a9 ....M;...Ae)...<
Let me know if anyone is interested in Secure Boot i can share steps for those also.
Thanks
Abhishek Ojha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii,
Adding some more points.
64b string 01aa00bbcafecafe
hamming code generated using cst tool
DRV0-cafecbee
DRV1-01aa00ba
These registers i programmed.
Condition
mw 1e80204 02000000
Challenge Value
mw1e80208 d0d0d0d0
mw 1e8020c c0c0c0c0
Response Value
mw 1e80210 eecbgeca
mw 1e80214 ba00aa01
Program
mw 1e80020 02000000
When i am connecting codewarrior using CMSIS-DAP.
i dnt see any message notification(for challenge key).
CodeWarrior Debugger Shell v1.0
%>mem 63f80000
CCS: Core not in debug mode(CCSProtocolPlugin)
Error: <error>
i cant access any location bcoz board in secure mode(Condition with notification).
If i have to read 0x0001_0000_0000_0000 register what the correct way of reading.
to start Challenge/Response read cycle.
Thanks
Abhishek Ojha
lunminliang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello abhishek ojha,
1. To program SFP fuses, the user is required to supply 1.8 V to the TA_PROG_SFP pin per Power sequencing. You could find the related information in LS1021A Data Sheet, see Chapter 6 Security fuse processor and 3.2 Power sequencing. As this doc is currently NDA required, you will need to contact Freescale sales representative to get it.
2. Challenge/response cycle is executed via CodeWarrior Connection Server.
3. "Core not in debug mode" shows a connection issue.
Maybe there is no valid RCW on the board.
Or Have you install USB driver on the host PC before using the serial terminal? Have you have SW2[8] = 0?
Have a great day,
Lunmin
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii linminliang,
My problem is solved.
Only thing i was missing is Jumper we need to insert jumper TA_BB for running secure boot.
One bug is der in SDK 1.7 that RCW given for secure boot is going in hold_off mode(BOOT_HO=1).
Most probably That is now fixed in SDK1.8.
Here is the steps if anybody wants to try secure debug on LS series.
Reset Configuration Word (RCW):
00000000: 0608000a 00000000 00000000 00000000
00000010: 20000000 00407900 e0225a00 21046000
00000020: 00000000 00000000 00000000 00038000
00000030: 00000000 881b7540 00000000 00000000
Board: LS1021ATWR
1.Insert Jumper j8 and programme fuses in following fashion.
mw 1e80204 02000000
mw 1e80208 dodododo
mw 1e8020c cocococo
mw 1e80210 eecbfeca
mw 1e80214 ba00aa01
mw 1e80020 02000000
01aa00bbcafecafe (passowrd)
Hamming code:-
DRV0-cafecbee
DRV1-01aa00ba
2.Board is booting in Secure state.
3.Commands from Codewarrior Connection server.
bin) 50 % display ccs::read_mem 19 0x00010000 0x00000000 8 0 1
+0 +8
[0x0001000000000000] C0C0C0C0D0D0D0D0
(bin) 52 % ccs::write_mem 19 0x00010000 0x00000008 8 0 {0xba00aa01 0xeecbfeca}
this will allow you to debug disassembly and register
But three wrong attempts will reset your board.
this is our password "0xba00aa01 0xeecbfeca"
=> md 1e80204
01e80204: 02000000 d0d0d0d0 c0c0c0c0 ffffffff ................
01e80214: ffffffff 00000000 00000000 00000000 ................
01e80224: 00000000 00000000 00000000 00000000 ................
01e80234: ffffffff ffffffff ffffffff ffffffff ................
01e80244: ffffffff ffffffff ffffffff ffffffff ................
01e80254: 45e85b37 e8e2bb49 a47fa6d7 5afa0bda 7[.EI..........Z
01e80264: c716a39c f6a13b4d 29654110 3c8007a9 ....M;...Ae)...<
Let me know if anyone is interested in Secure Boot i can share steps for those also.
Thanks
Abhishek Ojha
lunminliang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello abhishek ojha,
Thank you for sharing this to the community, you will be more welcomed if you share also the steps of Secure Boot.
Indeed in the board schematic SPF-28040_C1.pdf, I find this jumper named as PWR_PROG_SFP connected to TA_PROG_SFP control connection to 1.8 V. This seems not mentioned in the board doc.
Have a great day,
Lunmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii Lunminliang,
I'll share Secure Boot Steps shortly.
Yes,you are Correct TA_BB is not mentioned in Ref Manual or Guide.
Thanks
Abhishek ojha
addiyi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, please not that using SFP_DPR configured as conditionally closed with notification (reg 1e80204 = 00000002), will not access to all debugging capabilities. SFP_DPR configured as conditionally closed without notification (reg 1e80204 = 00000001) should be used instead.
Adrian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii Adrian,
Yes you are correct steps are already given on infocenter.
And for Secure Debug we have 4 different cases.
I selected Conditionally closed without notification.
Initially i wasn't aware of that so i posted Question about Secure Debug but no one replied.
Then i tried "Conditionally closed without notification." and it worked.
I have only one tower board so i cant test other cases.
One more thing, TA_BB Jumper is not mentioned in any of the Manuals.
Have a good day
Thanks
Abhishek Ojha
addiyi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The steps to follow for secure boot are available on Secure Boot.
Adrian
