Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove imx7ulp support #798

Merged
merged 1 commit into from
Feb 13, 2025
Merged

Remove imx7ulp support #798

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion source/_static/csv/supported-boards.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ Device Name,MACHINE
:ref:`NXP i.MX6 UL EVK <ref-rm_board_imx6ulevk>`,imx6ulevk
:ref:`NXP i.MX6 ULL EVK <ref-rm_board_imx6ullevk>`,imx6ullevk
:ref:`NXP i.MX6 ULL EVK with secure boot enabled <ref-rm_board_imx6ullevk>`,imx6ullevk-sec
Embedded Artists i.MX 7ULP uCOM,imx7ulpea-ucom
:ref:`NXP i.MX 8M Mini EVK <ref-rm_board_imx8mmevk>`,imx8mm-lpddr4-evk
:ref:`NXP i.MX 8M Mini EVK with secure boot enabled <ref-rm_board_imx8mmevk>`,imx8mm-lpddr4-evk-sec
:ref:`NXP i.MX 8M Quad EVK <ref-rm_board_imx8mqevk>`,imx8mq-evk
Expand Down
2 changes: 0 additions & 2 deletions source/reference-manual/security/imx-generic-custom-keys.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,6 @@ Where ``<soc>`` can be found in the table below:
- imx6
* - imx6ul, imx6ull
- imx6ul
* - imx7ulp
- imx7ulp
* - imx8mq, imx8mm
- imx8m
* - imx8mn, imx8mp
Expand Down
125 changes: 7 additions & 118 deletions source/reference-manual/security/secure-boot-imx-habv4.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@

.. _ref-secure-boot-imx-habv4:

Secure Boot on i.MX 6/7/8M Using HABv4
Secure Boot on i.MX 6/8M Using HABv4
======================================

On the i.MX 6/7/8M platforms, Secure Boot is implemented via the High Availability Boot (HABv4) component of the on-chip ROM.
On the i.MX 6/8M platforms, Secure Boot is implemented via the High Availability Boot (HABv4) component of the on-chip ROM.
The ROM is responsible for loading the initial program image, the bootloader; HABv4 then enables the ROM to authenticate it using digital signatures.

HABv4 also provides a mechanism to establish a root of trust for the remaining software components and establishes a secure state—the close state—on the i.MX IC secure state machine in hardware.
Expand All @@ -22,11 +22,10 @@

OP-TEE also prepares the next stage bootloader—U-Boot—and generates an overlay DTS for the Linux® kernel consumption.
U-Boot implements the ``fiovb`` command to validate the trusted application functionality.
In the case of i.MX 7ULP, U-Boot also controls the M4 firmware upgrade process using the ``fiovb`` trusted application.

U-Boot then jumps to the kernel entry point.

A system like the one just described, which boots without TF-A (for example i.MX 7ULP), would look as follows:
A system which boots without TF-A would look as follows:

.. figure:: /_static/imx-secure-boot.png
:align: center
Expand Down Expand Up @@ -92,81 +91,6 @@

The Security Reference Manual for your specific SoC will indicate which fuses need to be programmed with the SRK fuse information.


i.MX 7ULP Fusing
^^^^^^^^^^^^^^^^

.. warning::
The values shown in this section are just examples of our standard LmP HABv4 keys, and are not meant for production.
Fuses cannot be changed after the first write.

On the i.MX 7ULP the A7 fuses are stored in the fuse bank 5, words 0 to 7 and the M4 fuses are stored in the fuse bank 6, words 0 to 7.

To program the A7 fuses you could use U-Boot's fuse command as follows::

=> fuse prog 5 0 0xEA2F0B50
=> fuse prog 5 1 0x871167F7
=> fuse prog 5 2 0xF5CECF5D
=> fuse prog 5 3 0x364727C3
=> fuse prog 5 4 0x8DD52832
=> fuse prog 5 5 0xF158F65F
=> fuse prog 5 6 0xA71BBE78
=> fuse prog 5 7 0xA3AD024A

For the M4 fuses it would look like this::

=> fuse prog 6 0 0xEA2F0B50
=> fuse prog 6 1 0x871167F7
=> fuse prog 6 2 0xF5CECF5D
=> fuse prog 6 3 0x364727C3
=> fuse prog 6 4 0x8DD52832
=> fuse prog 6 5 0xF158F65F
=> fuse prog 6 6 0xA71BBE78
=> fuse prog 6 7 0xA3AD024A

Alternatively, you can use the kernel to program the A7 fuses via SDP by using NXP's :term:`Universal Update Utility`.
This is shown in the following script (replace ``@@MACHINE@@`` with your machine name)::

uuu_version 1.0.1

SDP: boot -f SPL-@@MACHINE@@

SDPU: delay 1000
SDPU: write -f u-boot-@@MACHINE@@.itb
SDPU: jump

FB: ucmd fuse prog -y 5 0 0xEA2F0B50
FB: ucmd fuse prog -y 5 1 0x871167F7
FB: ucmd fuse prog -y 5 2 0xF5CECF5D
FB: ucmd fuse prog -y 5 3 0x364727C3
FB: ucmd fuse prog -y 5 4 0x8DD52832
FB: ucmd fuse prog -y 5 5 0xF158F65F
FB: ucmd fuse prog -y 5 6 0xA71BBE78
FB: ucmd fuse prog -y 5 7 0xA3AD024A

FBK: DONE

And the following script would work for setting the M4 fuses::

uuu_version 1.0.1

SDP: boot -f SPL-@@MACHINE@@

SDPU: delay 1000
SDPU: write -f u-boot-@@MACHINE@@.itb
SDPU: jump

FB: ucmd fuse prog -y 6 0 0xEA2F0B50
FB: ucmd fuse prog -y 6 1 0x871167F7
FB: ucmd fuse prog -y 6 2 0xF5CECF5D
FB: ucmd fuse prog -y 6 3 0x364727C3
FB: ucmd fuse prog -y 6 4 0x8DD52832
FB: ucmd fuse prog -y 6 5 0xF158F65F
FB: ucmd fuse prog -y 6 6 0xA71BBE78
FB: ucmd fuse prog -y 6 7 0xA3AD024A

FBK: DONE

i.MX 8MM Fusing
^^^^^^^^^^^^^^^

Expand Down Expand Up @@ -278,7 +202,7 @@
The next fuse instruction will close the board for unsigned images: make sure you can rebuild the signed images before programming that fuse.


Now we can close the device — From here on only signed images can be booted on the platform. For the i.MX 7ULP, we need to fuse bit31 of word 6 from bank 29 (SEC_CONFIG[1] in the documentation)::
Now we can close the device — From here on only signed images can be booted on the platform.

=> fuse prog 29 6 0x80000000

Expand Down Expand Up @@ -332,7 +256,7 @@
$ ls SPL.signed
SPL.signed

2. On i.MX 7/8M and other i.MX 6 families, using the ``--fix-sdp-dcd`` parameter is not required.
2. On i.MX 8M and i.MX 6 families, using the ``--fix-sdp-dcd`` parameter is not required.


.. note::
Expand All @@ -359,7 +283,7 @@
SDPU: delay 1000
SDPU: write -f u-boot-@@MACHINE@@.itb

2) On i.MX 7/8M and other i.MX 6 families — those where SDP does not impose DCD restrictions — the UUU boot script will look like:
2) On i.MX 8M and i.MX 6 families — those where SDP does not impose DCD restrictions — the UUU boot script will look like:

Check warning on line 286 in source/reference-manual/security/secure-boot-imx-habv4.rst

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Fio-docs.expand-acronyms] 'SDP' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.

Raw Output:
{"message": "[Fio-docs.expand-acronyms] 'SDP' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.", "location": {"path": "source/reference-manual/security/secure-boot-imx-habv4.rst", "range": {"start": {"line": 286, "column": 49}}}, "severity": "INFO"}

Check warning on line 286 in source/reference-manual/security/secure-boot-imx-habv4.rst

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Fio-docs.expand-acronyms] 'DCD' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.

Raw Output:
{"message": "[Fio-docs.expand-acronyms] 'DCD' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.", "location": {"path": "source/reference-manual/security/secure-boot-imx-habv4.rst", "range": {"start": {"line": 286, "column": 69}}}, "severity": "INFO"}

Check warning on line 286 in source/reference-manual/security/secure-boot-imx-habv4.rst

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Fio-docs.expand-acronyms] 'UUU' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.

Raw Output:
{"message": "[Fio-docs.expand-acronyms] 'UUU' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.", "location": {"path": "source/reference-manual/security/secure-boot-imx-habv4.rst", "range": {"start": {"line": 286, "column": 92}}}, "severity": "INFO"}

.. code-block:: console

Expand All @@ -381,41 +305,6 @@
These have been contributed to the Universal Update Utility by Foundries.io.
Make sure your UUU version is up-to-date with these changes.

How to Sign an M4 Binary for HABv4 Validation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. note::
This applies to i.MX 7ULP which has the Cortex-M4 as the primary core.

To use the i.MX HABv4 validation process when booting an M4 binary, it will also need to be signed in a similar manner.
This is also true for SoCs such as i.MX7ULP which support "dual-boot" mode.
The M4 bootrom loads the M4 binary at power on.
If the device is in a closed state, the bootrom requires the M4 binary to be signed.

Signing the M4 application image is nearly the same as before.
Instead of the ``--spl`` parameter, use ``--m4app``::

$ cd security/imx_hab4/
$ ./sign-file.sh --cst ./cst --m4app sdk20-app_flash.img

SETTINGS FOR : ./sign-file.sh
--------------:
CST BINARY : ./cst
CSF TEMPLATE : u-boot-spl-sign.csf-template
BINARY FILE : sdk20-app_flash.img
KEYS DIRECTORY: .

4+0 records in
4+0 records out
4 bytes copied, 8.5903e-05 s, 46.6 kB/s
4+0 records in
4+0 records out
4 bytes copied, 0.000117146 s, 34.1 kB/s
FOUND HAB Blocks 0x1ffd1000 0x00001000 00015000
CSF Processed successfully and signed data available in sdk20-app_flash.img_csf.bin
$ ls sdk20-app_flash.img.signed
sdk20-app_flash.img.signed

Booting a Closed System With a CAAM Device
------------------------------------------

Expand All @@ -427,7 +316,7 @@

.. note::
The current NXP BSP implementation expects the CAAM registers to be unlocked when configuring the CAAM to operate in the non-secure TrustZone world.
This applies when OP-TEE is enabled on the i.MX 6, i.MX 7, and i.MX 7ULP processors.
This applies when OP-TEE is enabled on the i.MX 6 processor.

Check warning on line 319 in source/reference-manual/security/secure-boot-imx-habv4.rst

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Fio-docs.expand-acronyms] 'TEE' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.

Raw Output:
{"message": "[Fio-docs.expand-acronyms] 'TEE' has no definition, definition is missing capitalization, or is a variable name and should be written as a literal.", "location": {"path": "source/reference-manual/security/secure-boot-imx-habv4.rst", "range": {"start": {"line": 319, "column": 24}}}, "severity": "INFO"}

Our ``u-boot-spl-sign.csf-template`` takes care of supporting CAAM on closed platforms by adding the following section::

Expand Down
Loading