AnsweredAssumed Answered

OTP and Shadow registers - Super Root Keys for Secure Boot

Question asked by satyadamarla on Feb 24, 2017
Latest reply on Mar 6, 2017 by satyadamarla

Hello Everyone,


I made a strange observation and I am looking for a logical explanation.


Initially, I flashed the 4SRK onto the fuse bank 3 starting from words 0 to 7 at the u-boot level using the command fuse. I signed my multi-stage bootloader and kernel and they work like a charam. I didn't lock the device yet because I want to check if the Secure Chain actually works.



There is a FSL-OTP driver in Linux Kernel (not bootloader u-boot). This driver mounts the information register content onto sys. I opened the first word HW_OCOTP_SRK0 and it's available there. This is 0xD1621DC9. I edited this expecting it never change and it got saved. I was surprised it has a new value. I rebooted my device, checked it at u-boot level using the fuse command and the new value is read instead of the old one.


=> fuse read 3 0
Reading bank 3:

Word 0x00000000: dbee7fc9


cat /sys/fsl_otp/HW_OCOTP_SRK0



  1. The Kernel and u-boot loader donot have any HAB events.
  2. This means the original values are still saved but they are not anymore readable.
  3. The iMX6 Reference manual talks about Shadow Registers.



  1. What are Shadow Registers? Why are they used here? What happens if they aren't used here?
  2. Can I lock my device now? If I lock it will my signatures still work?
  3. Can anyone please give a logical explanation here about why these OTP registers rewriting works at Linux level.