I have several questions about i.MX6UL SNVS and tamper:
* Processor is the G3 version.
* I am writing code in U-Boot, using SPL.
* I am running a secure setup, so SRK fuses are burned and U-Boot and U-Boot SPL are signed.
* In the U-Boot CSF scripts, I have unlocked the SNVS (LP SWR and ZMK WRITE).
* I need to implement active tamper.
My code works somewhat. The SNVS comes up as secure in trusted state. I can set ZMK, time etc. Setting the SW_LPSV generates a violation and ZMK is zeroed etc. However I have some issues & questions:
1. If I disconnect and reconnect the SNVS coin cell supply, an SNVS POR is forced, as expected. The SNVS PGD bit is set, also expected. However, I cannot clear the PGD bit - it always remains set. I can reset PGD by loading a signed image that does not unlock SNVS, so there is no problem with the battery circuit. The ROM code manages to reset PGD. How should I do this?
2. What SNVS initialisation does the ROM code carry out: a) if SNVS is not unlocked; b) if SNVS is unlocked.
3. If I read the LFSR parameter registers (LPATnCR), I always read zeros. If I write non-zero values to these registers, I always read back zeros. Is this expected?
4. Active tamper functionality appears in both the 'normal' SNVS registers and the LP_SNVS registers. For example routing control (LPATRC1R, LPATRC2R in SNVS vs ETRCTRL in LP_SNVS). If I leave DryIce disabled (DRYICE_EN=0), do the SNVS registers take precedence? Or do I have to enable DryIce and use the LP_SNVS registers?
5. The DryIce Trim Value Register documentation states that the trim values should be read from OCOTP. I assume these are set during manufacture? I can't find any reference to these fuse values in the documentation.
6. Do you have any SNVS sample code?
Any light you can throw on these questions would be appreciated.