I made a strange observation and I am looking for a logical explanation.
Initially, I flashed the 4SRK onto the fuse bank 3 starting from words 0 to 7 at the u-boot level using the command fuse. I signed my multi-stage bootloader and kernel and they work like a charam. I didn't lock the device yet because I want to check if the Secure Chain actually works.
There is a FSL-OTP driver in Linux Kernel (not bootloader u-boot). This driver mounts the information register content onto sys. I opened the first word HW_OCOTP_SRK0 and it's available there. This is 0xD1621DC9. I edited this expecting it never change and it got saved. I was surprised it has a new value. I rebooted my device, checked it at u-boot level using the fuse command and the new value is read instead of the old one.
=> fuse read 3 0
Reading bank 3:
Word 0x00000000: dbee7fc9
- The Kernel and u-boot loader donot have any HAB events.
- This means the original values are still saved but they are not anymore readable.
- The iMX6 Reference manual talks about Shadow Registers.
- What are Shadow Registers? Why are they used here? What happens if they aren't used here?
- Can I lock my device now? If I lock it will my signatures still work?
- Can anyone please give a logical explanation here about why these OTP registers rewriting works at Linux level.