AnsweredAssumed Answered

Testing LS1043Ardb Secure Boot without permanently blowing SRKH fuses

Question asked by Branden Sherrell on May 25, 2016
Latest reply on May 27, 2016 by Branden Sherrell

My original question is on this forum under a related header, but it seems to have died. Perhaps this is because after someone posts to a question it falls into an "Assumed Answered" state regardless.



Is there not a way to do this without making the change permanent? Writing to the fuses is fine. I just do not want to write to the fuses in such a way as to make it permanent (i.e. making our choice of key permanent).


The manual alludes to a method of doing this by writing to the SRKH shadow registers at boot time (pg 839, section There is an additional step to transfer the mirror register values to the fuse array, but I was under the impression that without doing this final step then the values written to the mirror registers would suffice for secure boot testing.


How we can test secure boot by following the directions on page 8 of this document when we cannot access the SFP registers during secure boot (i.e. per of the LS1043A reference manual)?


In other words, if we intend to boot in a secure way then we must at least configure with SBEN=1 in the RCW. However, according to section we do not actually have read/write access to the SFP registers when booting in secure state. So, it seems that we cannot actually test the chain of trust using the value stored in the SRKH register without permanently writing your key hashes first before attempting a secure boot.


I understand how this would be a huge design flaw in the security architecture of this CPU if it allowed writing to the SRKH registers at boot time while attempting to boot in a secure mode, but it seems reasonable that this should work if the Intent to Secure (ITS) fuse was not set so it all may be tested before making the change permanent.