I'm working on secure boot for T2080QDS.I find an issue ,when we use wrong key to sign the u-boot ,the u-boot still can boot up.
Below is my steps ,
Brun Key1 to flash ,
Use other key Key2 to sign the u-boot ,
Burn u-boot and header into flash ,reboot the device ,the u-boot can boot up.
We do the same test in P4080 board ,it has same issue
U-Boot 2016.012.0+ga9b437f (Jul 14 2016 - 15:55:35 +0800)
Environment size: 1729/8188 bytes
=> tftp 1000000 secure_boot/p4080/hdr_uboot.out
Using FM1@DTSEC1 device
TFTP from server 128.224.167.34; our IP address is 128.224.162.23
Filename 'secure_boot/p4080/hdr_uboot.out'.
Load address: 0x1000000
Loading: *
TFTP error: 'File not found' (1)
Not retrying...
=> tftp 1000000 secure_boot/p4080/hdr_uboot.out.t2080_key
Using FM1@DTSEC1 device
TFTP from server 128.224.167.34; our IP address is 128.224.162.23
Filename 'secure_boot/p4080/hdr_uboot.out.t2080_key'.
Load address: 0x1000000
Loading: #
done
Bytes transferred = 1280 (500 hex)
=> erase ecb00000 +500
. done
Erased 1 sectors
=> cp.b 1000000 ecb00000 500
Copy to Flash... 9....8....7....6....5....4....3....2....1....done
=>
U-Boot 2016.012.0+ga9b437f (Jul 13 2016 - 19:59:54 +0800)
CPU0: P4080E, Version: 2.0, (0x82080020)
Core: e500mc, Version: 2.0, (0x80230020)
Clock Configuration:
CPU0:1499.985 MHz, CPU1:1499.985 MHz, CPU2:1499.985 MHz, CPU3:1499.985 MHz,
CPU4:1499.985 MHz, CPU5:1499.985 MHz, CPU6:1499.985 MHz, CPU7:1499.985 MHz,
CCB:799.992 MHz,
DDR:649.994 MHz (1299.987 MT/s data rate) (Asynchronous), LBC:99.999 MHz
FMAN1: 599.994 MHz
FMAN2: 599.994 MHz
QMAN: 399.996 MHz
PME: 599.994 MHz
L1: D-cache 32 KiB enabled
I-cache 32 KiB enabled
Reset Configuration Word (RCW):
00000000: 105a0000 00000000 1e1e181e 0000cccc
00000010: 40464003 3c3c2000 dea00000 e1000000
00000020: 00000000 00000000 00000000 008b6000
00000030: 00000000 00000000 00000000 00000000
I2C: ready
Board: P4080DS, Sys ID: 0x17, Sys Ver: 0x01, FPGA Ver: 0x0a, vBank: 0
SERDES Reference Clocks: Bank1=100MHz Bank2=125MHz Bank3=125MHz
SPI: ready
DRAM: Initializing....using SPD
Detected UDIMM HMT125U7BFR8C-H9
Detected UDIMM HMT125U7BFR8C-H9
2 GiB left unmapped
Testing 0x00000000 - 0x7fffffff
Testing 0x80000000 - 0xffffffff
Remap DDR 2 GiB left unmapped
4 GiB (DDR3, 64-bit, CL=9, ECC on)
DDR Controller Interleaving Mode: cache line
DDR Chip-Select Interleaving Mode: CS0+CS1
POST memory PASSED
Flash: 128 MiB
L2: 128 KiB enabled
Corenet Platform Cache: 2 MiB enabled
SRIO1: disabled
SRIO2: disabled
MMC: FSL_SDHC: 0
Using default environment
EEPROM: Invalid ID (ff ff ff ff)
PCIe1: Root Complex, no link, regs @ 0xfe200000
PCIe1: Bus 00 - 00
PCIe2: disabled
PCIe3: Root Complex, no link, regs @ 0xfe202000
PCIe3: Bus 01 - 01
In: serial
Out: serial
Err: serial
Net: Fman1: Uploading microcode version 106.2.9
Fman2: Uploading microcode version 106.2.9
Could not get PHY for P4080DS_MDIO8: addr 28
Failed to connect
Could not get PHY for P4080DS_MDIO8: addr 29
Failed to connect
Could not get PHY for P4080DS_MDIO1: addr 0
Failed to connect
FM1@DTSEC2
Error: FM1@DTSEC2 address not set.
, FM2@DTSEC1
Error: FM2@DTSEC1 address not set.
, FM2@DTSEC2
Error: FM2@DTSEC2 address not set.
, FM2@TGEC1
Error: FM2@TGEC1 address not set.
Hit any key to stop autoboot: 0
esbc_validate command successful
## Executing script at e8a00000
esbc_validate command successful
esbc_validate command successful
WARNING: adjusting available memory to 30000000
## Booting kernel from Legacy Image at e8020000 ...
Image Name: vxworks
Image Type: PowerPC VxWorks Kernel Image (uncompressed)
Data Size: 1862808 Bytes = 1.8 MiB
Load Address: 00100000
Entry Point: 00100000
Verifying Checksum ... OK
## Flattened Device Tree blob at e8800000
Booting using the fdt blob at 0xe8800000
Loading Kernel Image ... OK
Loading Device Tree to 03fe9000, end 03fff03d ... OK
## Starting vxWorks at 0x00100000, device tree at 0x03fe9000 ...
Hello, VxWorks!
Hello Li Yan,
The behavior you see is correct, the system wouldn’t reset if there is mismatch in the hash, and would continue when we do secure boot with SB_EN=1.
The system would get reset for this error , if you secure boot with ITS=1. (blowing fuse ITS)
To stop system from moving further / reset with SB_EN=1, try removing the header of the bootscript from flash. You will get a barker code error and system will reset.
Have a great day,
Yiping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi Yiping,
If we set the ITS to board , it cannot be change. And if we want boot this board ,we must sign the image , am I right?
Yes, you are right. After blowing fuse ITS, the board only can be used for secure boot.
Thanks,
Yiping