FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Looking for a practical how-to on secure boot setup for LS1046 FRWY

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Looking for a practical how-to on secure boot setup for LS1046 FRWY

‎02-27-2020 04:44 AM
1,688 Views
m_giaconia
Contributor I

Hello,

I am trying to set up #secure boot for #LS1046FRWY platform. 

I am finding a great deal of documentation and experiencing difficulties in matching document contents and in mapping steps to actual implementation. 
More specifically.

CONTEXT

  • I am trying to set up a prototyping flow to avoid bricking my board due to wrong fuse programming.
  • I have installed CodeWarrior Development Studio for QorIQ LS Series - ARM V8 ISA
  • I have downloaded the Layerscape SDK (lsdk1909_update_311219) and successfully built all targets for ls1046afrwy (flashed the non-secure composite images to QSPI NOR and booted successfully)
  • I have downloaded https://www.nxp.com/docs/en/user-guide/LSDKUG_Rev19.09.pdf and I am referring to chapter 6 (Security - flow for PBL-based platforms)

UNDERSTANDING

in the prototyping flow I see as suggested the following steps, which I now need to try out on actual board.

  1. skip ITS fuse programming
  2. Set RCW with SB_EN = 1 and BOOT_HO = 1
  3. Set OTPMK (actually fuse values ti OTPMK) - I understand that fuses can be written to either using uBoot commands OR using CCS commands.
  4. Set SRKH to mirror registers (without fusing to SRKH) - I understand that SRKH mirror registers can only be written using CCS.
  5. Release the boot hold off by writing to the "Core Release" register in DCFG

QUESTIONS/ISSUES ENCOUNTERED

  1. can someone confirm/correct each step of my understanding above?
  2. Is there a CCS script available for performing the steps above, or a how-to document that provides the list of commands, that I can refer to?
  3. how do I modify SB_EN and BOOT_HO? (I assume that there is more than one way. Starting with the prototyping flow, I am guessing that this can be done via CCS?)

note: I have found many, many documents, community questions and application notes on subjects close to this, but each time I try to follow one, the commands listed seem to be somewhat inconsistent w.r.t. the tools I am using (different names for command windows, commands not recognized, scripts not found in installation directories etc) - Example: AN5227 - Configuring LS1 Processors for Secure Boot and Secure Debug using CodeWarrior for ARMv7 - I am really struggling to find some reliable reference point to guide development for the specific case I am targeting. Thanks if you can provide one (or a few).

Labels (1)
Labels
0 Kudos
Reply
2 Replies

‎10-29-2021 05:32 AM
1,229 Views
kairovr
Contributor I

Hi, did you manage to make the pratical and correct setup? Can you share what you found or what you did to setup the secure boot? I found some inconsistences either and i'm trying to find a trustworthy secure boot guide.

0 Kudos
Reply

‎03-10-2020 02:47 AM
1,503 Views
m_giaconia
Contributor I

no answer in over a week... solved this myself with some extra effort in putting together which are the needed/correct documentation references.

0 Kudos
Reply