Hi Paul,
On 6/26/2024 3:17 PM, Paul Geurts wrote:
Hi,
Thanks for the feedback.
Hi Paul,
On 6/24/2024 8:09 PM, Fabio Estevam wrote:
Hi Paul,
On Fri, Jun 21, 2024 at 10:06 AM Paul Geurts
<paul.geu...@prodrive-technologies.com> wrote:
-struct imx_sec_config_fuse_t {
+struct imx_fuse_t {
Please make the struct renaming a separate patch.
Peng Fan, Ye Li,
Could you please help review this patch?
Thanks
Can you take a look iMX8MP FIELD_RETURN fuse, I think it does not have 1 bit
but 8 bits which requires to burn a sequence. Only when the bits sequence is
matched, the field return can work. So checking the bit 0 is not enough.
Are you sure about that? The security reference manual (IMX8MPSRM) says in
Table 5-5
that the FIELD_RETURN fuse is located on fuse 0x630[0], which is a single bit.
Also,
the "Chip Security Lifecycle" section (2.15.1) says the following:
FEILD RETURN (SEC_CONFIG[1] fuse = 1 and FIELD_RETURN fuse = 1)
Are you maybe confusing the FIELD_RETURN fuse with the FIELD_RETURN_LOCK sticky
bit?
clearing the lock bit _is_ quite the procedure, but it is unrelated to U-Boot,
as
this is done by ROM code through CSF.
I tested this on an i.MX8M Plus and it seems to work fine.
I know the steps for field return. What I mean is the FIELD_RETURN
fuse. It is true that security RM mentions it as you quote. But from
8MP fuse map and ROM codes, I get different things.
FIELD_RETURN 8-bit code.
FIELD_RETURN = 0, is non-field return mode, functional/secure mode.
FIELD_RETURN = Matching Sequence, device is in field_return mode
FIELD_RETURN != Matching Sequence, device asserts security violation
However, I'm not sure how is it implemented in HAB. Since you have
tested 8M plus, can you confirm the closed part is successfully
converted to field return and can boot without signing?
Best regards,
Ye Li
Fuses for other platforms look ok.
Best regards,
Ye Li
