FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

New LS1020 batch boots with different SECMON state

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New LS1020 batch boots with different SECMON state

‎01-24-2020 02:36 PM
738 Views
lucroy
Contributor III

We have received new batch of LS1020 (ls1020 axe7hnb qyx1848 1nk taiw kqaluyu) and they were causing some problem for our u-boot software (and manufacturing) because security wise (SECMON) they do not seem to react in the same way as previous batchs (ls1020 axehnb qty1813 1nk taiw jkakuyu, LS1020 AXE7HNB  QVW 1828 JMAKUYF).

We have fix the problem for our manufacturing by reverting back to original uboot code to determine "ITS" state (i.e OSPR register) instead of using the SYS_SECURE_BOOT bit in the SecMon HP Status Register (LS1021 reference manual rev1).

We have noticed that the new chip boots in the "check" state while the old one is in the "non-secure" state. We believe that the difference in state may have affected the state of SYS_SECURE_BOOT.

 

Are there changes or fixes to SECMON or the chip that could explain the problems we are having? Are there conditions or inputs to SECMON or the chip that could explain the problems? Are we fielding ls1020 IC that would have security issues or weaknesses in the future? Do you have release notes on the various LS1020 production batches?

Notes

1- The SECMON version listed in the 2 version register are the same in all versions of the chip.

2- All LS1020 batches were used in the same board manufacturing batch so only the CPU has changed not the surrounding circuits.

3- Our boards are on the LS1021 IOT. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------

 

The next questions are related to our original use of the chip. 

In the LS1021 reference manual rev1, the SecMon HP Status Register has a bit SYS_SECURE_BOOT and the manual states the following: In a chip in the field, SYS_SECURE_BOOT will normally reset to 1. It will reset to 0 only in a test chip.

 

Can you clarify what is a chip in the field and a test chip?

How can I find out which one I am using (field/test)? Can the setting be changed?

Is there a SecMon state where the value will be overridden or modified?

The bit description indicated: sys_secure_boot input signal to SecMon. Where is the signal coming from? Is possible to have more information.  

0 Kudos
Reply
3 Replies

‎03-05-2020 10:30 PM
653 Views
Pavel
NXP Employee
NXP Employee

New case was created for your problem.

Have a great day,
Pavel Chubakov

0 Kudos
Reply

‎03-05-2020 07:43 AM
653 Views
lucroy
Contributor III

Looks like the case number that was open for this is now closed. Asked for it to be reopened but after 24h nothing has happenned. 

Can we reopen the related case?

0 Kudos
Reply

‎02-05-2020 03:19 AM
653 Views
Pavel
NXP Employee
NXP Employee

Please wait answer.

Have a great day,
Pavel Chubakov

 

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply