AnsweredAssumed Answered

Secure Boot fails in an early phase

Question asked by Tanjeff Moos on May 20, 2019
Latest reply on May 29, 2019 by Tanjeff Moos

I have trouble performing Secure Boot on a board that we built, using T1023. The board stops while verifying U-Boot, probably because I used wrong addresses somewhere.



Is there documentation for the config files used by uni_sign? For example, I need to know what the addresses (e.g. ENTRY_POINT and SG_TABLE_ADDR) mean. Also, I would appreciate documentation about the exact structure of the binary CSF file.


Long version:

My current project status is

  • I started with a non-secure boot RCW + U-Boot, both installed in NOR flash, which works just fine.
  • I set the SB_EN bit in the RCW to enable Secure Boot (the ITS fuse is not fused)
  • I added some PBI commands as follows:
    09000c10 00000000 // Map the IFC to 0xc000_0000
    09000c14 c0000000 // ...
    09000c18 81f0001b // ...
    09000d00 00000000 // Map the SRAM to 0xbff0_0000
    09000d04 bff00000 // ...
    09000d08 81000013 // ...
    090e0200 c3e20000 // Signature is at offset 0x03e2_0000 --> mapped at 0xc3e2_0000
    09010100 00000000 // Configure CPC as SRAM
    09010104 bff00009
    09010f00 08000000
    09010000 80000000
  • To create the signature (or CSF, as it is called in the docs), I used uni_sign with the file input_uboot_nor_secure from the SDK, but with ENTRY_POINT=c0000000 and IMAGE_1={u-boot.bin,c0000000,ffffffff}.
  • The signature is in NOR at offset 0x03e2_0000.
  • The system is not booting.

I can observe the read accesses of the NOR flash by visualizing its "chip enable" and "write enable" signals. I observe the following:

  • On power-up, 72 bytes are read, which is the preamble+RCW.
  • After 660µs, 96 bytes are read, which is the PBI+CRC. At this point, RCW and PBI were completely consumed.
  • After another 1.75ms, 64 bytes are read, supposedly the header of the CSF file.
  • No more read accesses are observed.

I suppose that some information within the CSF header is wrong. In the file input_uboot_nor_secure I can set addresses like ENTRY_POINT or SG_TABLE_ADDR, but I don't know what they mean. Is there documentation about that config file? I would also appreciate documentation about the exact structure of the binary CSF file.


Thanks in advance, Tanjeff