AnsweredAssumed Answered

Running secure boot (Chain of Trust with Confidentiality) on LS1012A

Question asked by BRIAN PATERSON on Jun 4, 2019
Latest reply on Jun 5, 2019 by Serguei Podiatchev

I see in the documentation the details on setting up the secure boot, encrypting the various components and setting them into NAND, Flash, QSPI or wherever.

I also see the options of blowing the fuses or running RCW with SB_EN=0, or both. 

However, what I don't see is how to re-flash the unit when the firmware changes - and it always changes. 

Clearly blowing the fuses will brick the unit, so we need the internal switches to be set. 

Question - with this device located on a hardwire Ethernet network, is there a way to reflash the unit once it's in secure boot mode? We can make the assumption that the connection to actually do the flashing is secure, but I don't see how to reset the switches to allow booting to the non-secure mode and from there reloading the encrypted packages. 

 

Many thanks!

Brian

Outcomes