Hi Paul,
On 7/1/2024 8:39 PM, Paul Geurts wrote:
Hi Ye,
Hi Paul,
On 6/26/2024 3:17 PM, Paul Geurts wrote:
Hi,
Thanks for the feedback.
Hi Paul,
On 6/24/2024 8:09 PM, Fabio Estevam wrote:
Hi Paul,
On Fri, Jun 21, 2024 at 10:06 AM Paul Geurts
<paul.geu...@prodrive-technologies.com> wrote:
-struct imx_sec_config_fuse_t {
+struct imx_fuse_t {
Please make the struct renaming a separate patch.
Peng Fan, Ye Li,
Could you please help review this patch?
Thanks
Can you take a look iMX8MP FIELD_RETURN fuse, I think it does not
have 1 bit but 8 bits which requires to burn a sequence. Only when
the bits sequence is matched, the field return can work. So checking
the bit 0 is not enough.
Are you sure about that? The security reference manual (IMX8MPSRM)
says in Table 5-5
that the FIELD_RETURN fuse is located on fuse 0x630[0], which is a
single bit. Also,
the "Chip Security Lifecycle" section (2.15.1) says the following:
FEILD RETURN (SEC_CONFIG[1] fuse = 1 and FIELD_RETURN fuse = 1)
Are you maybe confusing the FIELD_RETURN fuse with the
FIELD_RETURN_LOCK sticky bit?
clearing the lock bit _is_ quite the procedure, but it is unrelated to
U-Boot, as
this is done by ROM code through CSF.
I tested this on an i.MX8M Plus and it seems to work fine.
I know the steps for field return. What I mean is the FIELD_RETURN
fuse. It is true that security RM mentions it as you quote. But from
8MP fuse map and ROM codes, I get different things.
FIELD_RETURN 8-bit code.
FIELD_RETURN = 0, is non-field return mode, functional/secure mode.
FIELD_RETURN = Matching Sequence, device is in field_return mode
FIELD_RETURN != Matching Sequence, device asserts security violation
That is indeed different from what is mentioned in documentation. I have
asked our NXP FAE about the discrepancy and I will adjust the code if
needed.
Thanks for confirm. I also cross checked with teams. 8MP must burn a
pattern. Otherwise HAB won't covert to field return.
Additional, do you think it is very necessary to add this patch set?
Because field return is a pure debug feature, it won't be deployed on
productions. The developers working on field return parts can re-build
u-boot with CONFIG_IMX_HAB disabled.
This patch may introduce risk to HAB in some sense, especially for
productions. One mistake would make unsigned image bypass authentication
result.
Best regards,
Ye Li
However, I'm not sure how is it implemented in HAB. Since you have
tested 8M plus, can you confirm the closed part is successfully
converted to field return and can boot without signing?
Maybe I did something wrong while testing. I will retest it on a new
board when I have received some more information from NXP.
Best regards,
Ye Li
