LS1046ARDB Alternate Image SEC Initialization during Secure boot

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

LS1046ARDB Alternate Image SEC Initialization during Secure boot

882件の閲覧回数
Faizanbaig
Contributor IV

Hi,

We are trying to provide an alternate boot image in case authentication of first boot image fails during secure boot. As per LS1046ARM_Reference_Manual, DCFG ScratchRW3 should be written with the CSF header address for alternate boot image. When we test authentication fail for the first image, we get no error in DCFG ScratchRW4 and  the alternate boot image is authenticated successfully. But our SEC Initialization is failing when we try to initialise it using alternate boot image .
Are we missing any additional steps in achieving this? 

Any suggestions regarding this would be appreciated.

Thanks,

Faizanbaig Inamdar

ラベル(1)
タグ(2)
0 件の賞賛
返信
4 返答(返信)

863件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

What version of LSDK you are using?

Can you share your

input_files/uni_sign/ls1/nor/input_uboot_secure

input_files/uni_sign/ls1/sd_nand/input_uboot_secure

input_files/uni_sign/ls1/sd_nand/input_spl_uboot_secure

 

In the input files you use to sign the image, depends on your situation,

there should be a

SEC_IMAGE Flag for Secondary Image. Required for TA 2.x platforms only

that you can specify the secondary image information.

0 件の賞賛
返信

856件の閲覧回数
Faizanbaig
Contributor IV
Hi, Thanks for your response, I have set SEC_FLAG to 1 and ISBC is authenticating the alternate image successfully but SEC(Security Engine) initialization module is failing when we execute it through alternate boot image. However,When we flash the same image as primary Image it is successfully initializing the SEC(Security Engine). Could you please provide any help on this? Thanks
0 件の賞賛
返信

841件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

Where is the SEC_FLAG-=1 flag is set?
I check the Code Signing Tool (CST) input file and there is no such flag. Is it a flag for linux kernel built?
It sounds like this is not secure boot (ISBC/ESBC) related issue. If customer has a console log, a capture of the log of the message leading to "initializing the SEC" will be helpful. i.e. is the error from uboot init or linux init?

0 件の賞賛
返信

837件の閲覧回数
Faizanbaig
Contributor IV

Thanks for the response, Issue  was with our binary boot image file . 
Now it successfully performs chain of trust from alternate image.

タグ(1)
0 件の賞賛
返信