AnsweredAssumed Answered

SNVS/Tamper questions

Question asked by Bill Webster on Jul 3, 2017
Latest reply on Jul 4, 2017 by Yuri Muhin

I have several questions about i.MX6UL SNVS and tamper:


* Processor is the G3 version.

* I am writing code in U-Boot, using SPL.

* I am running a secure setup, so SRK fuses are burned and U-Boot and U-Boot SPL are signed.

* In the U-Boot CSF scripts, I have unlocked the SNVS (LP SWR and ZMK WRITE).

* I need to implement active tamper.


My code works somewhat. The SNVS comes up as secure in trusted state. I can set ZMK, time etc. Setting the SW_LPSV generates a violation and ZMK is zeroed etc. However I have some issues & questions:


1. If I disconnect and reconnect the SNVS coin cell supply, an SNVS POR is forced, as expected. The SNVS PGD bit is set, also expected. However, I cannot clear the PGD bit - it always remains set. I can reset PGD by loading a signed image that does not unlock SNVS, so there is no problem with the battery circuit. The ROM code manages to reset PGD. How should I do this?


2. What SNVS initialisation does the ROM code carry out: a) if SNVS is not unlocked; b) if SNVS is unlocked.


3. If I read the LFSR parameter registers (LPATnCR), I always read zeros. If I write non-zero values to these registers, I always read back zeros. Is this expected?


4. Active tamper functionality appears in both the 'normal' SNVS registers and the LP_SNVS registers. For example routing control (LPATRC1R, LPATRC2R in SNVS vs ETRCTRL in LP_SNVS). If I leave DryIce disabled (DRYICE_EN=0), do the SNVS registers take precedence? Or do I have to enable DryIce and use the LP_SNVS registers?


5. The DryIce Trim Value Register documentation states that the trim values should be read from OCOTP. I assume these are set during manufacture? I can't find any reference to these fuse values in the documentation.


6. Do you have any SNVS sample code?


Any light you can throw on these questions would be appreciated.