I have tried NOR secure boot in T1024RDB, but it goes to non-secure state which is detected from SECMON_HPSR register. Below are the steps followed,
PBL binary generation using QCVS tool:
- RCW values of T1024RDB retained, but with bits 201 & 202(BOOT_HO & SB_EN) set to 1.
- Below PBI commands are added in the binary image using QCVS,
#LAW for ESBC
# LAW for CPC/SRAM
# Scratch Registers
# CPC SRAM
# CPC Configuration
Key, hash value and CSF header generation:
- Generated the public/private RSA key pair using “./gen_keys 1024”
- Obtained the hash string of the key pair, to be programmed in SFP using “./uni_sign –hash <input_uboot_secure path>”.
- Created CSF header for ESBC boot image, uImage, dtb, rootfs and bootscript using “uni_sign”.
Flashed the images and the corresponding CSF header in the alternate bank of T1024RDB.
Switched to the alternate bank using the command “cpld reset altbank”. Since BOOT_HO is enabled, core enters doze mode.
- Initial state of the SECMON_HPSR register is 0x88008900.
- Generated OTPMK is written into mirror registers(SFP_OTPMKRn) using JTAG. Now SECMON_HPSR register value is 0x80008900 and SFP_SVHESR register value is 0x00000000.
- The values are then fused by writing in SFP_INGR
- SRKH value is written into SFP_SRKHRn mirror registers using JTAG. Then core is released for booting by writing in DCFG_CCSR_BRR
No console messages appear and the value of SECMON_HPSR is 0x80008b00 (i.e. SSM is in Non-secure state). Value of DCFG_CCSR_SCRATCHRW2 register is 0x00000000.
Are these steps enough or I have missed anything?
Further assistance to implement secure boot in T1024RDB would be helpful. Kindly suggest how to debug further?