AnsweredAssumed Answered

P4080 Secure Boot RTIC Access

Question asked by Tom Saluzzo on Dec 17, 2015
Latest reply on Dec 21, 2015 by Tom Saluzzo

We are using revision 3 of the P4080 on our own board and running our own Bootloader (not u-boot).

 

I am having an issue when enabling secure boot via setting the SB_EN bit in the RCW.  I have implemented the documented secure boot procedure, including burning appropriate fuses, and the Freescale ISBC is successfully validating my Bootloader.  (No errors in the SCRATCHRW2 register and the SECMON_HPSR is indicating that the security monitor is in the Trusted state).

 

My Bootloader code is now trying to validate the public key in the CSF file associated with the next image in the chain-of-trust. It is attempting to do this by computing a hash of the public key using the Run-time integrity checker (RTIC) SHA-256 capability.  Specifically, the Bootloader sets the RTIC registers as described in the P4080 Rev. 3 Security (SEC 4.0) Reference Manual.

 

If I run with an RCW that does not enable secure boot and force the Bootloader through this code, the RTIC correctly computes the hash.  However, when I run through
the code when I have enabled secure boot in the RCW the code does not work; the code times out waiting for the Hash Done (HD) bit to come on in the RTIC status
register.  I do not see any status error bits being set.

 

Given that the code works when I do an unsecure boot, is there some additional configuration that my Bootloader needs to do before accessing the RTIC when I have performed a successful secure boot and am in the Trusted state?

 

Outcomes