Testing Trusted Boot on SPINOR, efuse

Home Forums Software discussion Testing Trusted Boot on SPINOR, efuse

Log In Register Lost Password
Viewing 1 post (of 1 total)
  • Author
    Posts
  • January 25, 2018 at 9:58 pm #1465
    ezaluzec
    Participant

    I am testing secure boot(trusted boot) on my 2GB EspressoBIN, using the armada-17.10 versions of u-boot, a3700utils, and atf-marvell.
    Following the trusted_boot.txt document, I successfully built an untrusted and trusted flash.bin and a u-boot.bin with mvebu efuse enabled.

    I was able to boot the board with the untrusted boot image and ran the efuse write commands. My board had a loss of power before I burned the trusted boot image using bubt. Now that I have set ‘efuse write BOOT_DEVICE’, mentioned in the trusted_boot.txt doc, I am unable to boot from SATA or SPI to burn the trusted boot image. I am unable to boot anything. Switching the jumper pins has no effect.

    Is there any alternative options to burn SPINOR with my trusted boot image? I need to burn the SPINOR with my trusted boot image.
    https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.10/doc/mvebu/trusted_boot.txt#L261

    For future reference,
    Is there a method, supported by u-boot-2017.03-armada-17.10, to test trusted boot without efusing my hardware permanently?

    Is the ‘efuse write BOOT_DEVICE <device_type>’ command required before burning trusted image? 

    Marvell>> efuse write ENCRYPTION 10
Returned EFUSE value after write:
ENCRYPTION      10

Marvell>> efuse write AES256_KEY 
Returned EFUSE value after write:
AES256_KEY      

Marvell>> efuse write BOOT_DEVICE SPINOR
Returned EFUSE value after write:
BOOT_DEVICE     SPINOR (1)

Marvell>> efuse write KAK_DIGEST 
Returned EFUSE value after write:
KAK_DIGEST      

Marvell>> efuse write CSK_INDEX 3
Returned EFUSE value after write:
CSK_INDEX       3

Marvell>> efuse write OPER_MODE 2
Returned EFUSE value after write:
OPER_MODE       2

Marvell>> efuse DEV_DEPLOY 0
0 - Invalid eFuse ID
efuse - efuse - read/Write SoC eFuse entries

Usage:
efuse
Access to SoC eFuse entry values
        list         - Display all supported eFuse entry ids
        dump         - Dump all supported eFuse entries
        raw          - Dump all eFuses in raw format
        read id      - Read eFuse entry "id"
        write id val - Write "val" to eFuse entry "id"

Marvell>> efuse write DEV_DEPLOY 0
efuse_write: Invalid value 0, expected 1
DEV_DEPLOY      === ERROR WRITING EFUSE VALUE ===
Marvell>> efuse write DEV_DEPLOY 1
Returned EFUSE value after write:
DEV_DEPLOY      DEPLOYED (1)

    Any information would be helpful!
    Thank you.

  • Author
    Posts
Log In Register Lost Password
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.
Signup to our newsletter

Technical specification tables can not be displayed on mobile. Please view on desktop