[PATCH] imx: hab: Make imx_hab_is_enabled dependent on FIELD_RETURN

Paul Geurts paul.geurts at prodrive-technologies.com
Mon Jul 1 14:39:14 CEST 2024 

Hi Ye,

> Hi Paul,
>
> On 6/26/2024 3:17 PM, Paul Geurts wrote:
>> Hi,
>> Thanks for the feedback.
>>
>>> Hi Paul,
>>>
>>> On 6/24/2024 8:09 PM, Fabio Estevam wrote:
>>>
>>>> Hi Paul,
>>>>
>>>> On Fri, Jun 21, 2024 at 10:06 AM Paul Geurts
>>>> <paul.geurts at prodrive-technologies.com>  wrote:
>>>>
>>>>> -struct imx_sec_config_fuse_t {
>>>>> +struct imx_fuse_t {
>>>> Please make the struct renaming a separate patch.
>>>>
>>>> Peng Fan, Ye Li,
>>>>
>>>> Could you please help review this patch?
>>>>
>>>> Thanks
>>> Can you take a look iMX8MP FIELD_RETURN fuse, I think it does not
>>> have 1 bit but 8 bits which requires to burn a sequence. Only when
>>> the bits sequence is matched, the field return can work.  So checking
>>> the bit 0 is not enough.
>> Are you sure about that? The security reference manual (IMX8MPSRM)
>> says in Table 5-5
>> that the FIELD_RETURN fuse is located on fuse 0x630[0], which is a
>> single bit. Also,
>> the "Chip Security Lifecycle" section (2.15.1) says the following:
>>
>> FEILD RETURN (SEC_CONFIG[1] fuse = 1 and FIELD_RETURN fuse = 1)
>>
>> Are you maybe confusing the FIELD_RETURN fuse with the
>> FIELD_RETURN_LOCK sticky bit?
>> clearing the lock bit _is_ quite the procedure, but it is unrelated to
>> U-Boot, as
>> this is done by ROM code through CSF.
>>
>> I tested this on an i.MX8M Plus and it seems to work fine.
>
> I know the steps for field return.  What I mean is the FIELD_RETURN
> fuse.  It is true that security RM mentions it as you quote. But from
> 8MP fuse map and ROM codes,  I get different things.
>
> FIELD_RETURN 8-bit code.
> FIELD_RETURN = 0, is non-field return mode, functional/secure mode.
> FIELD_RETURN = Matching Sequence, device is in field_return mode
> FIELD_RETURN != Matching Sequence, device asserts security violation

That is indeed different from what is mentioned in documentation. I have
asked our NXP FAE about the discrepancy and I will adjust the code if
needed.

>
>
> However, I'm not sure how is it implemented in HAB. Since you have
> tested 8M plus, can you confirm the closed part is successfully
> converted to field return and can boot without signing?

Maybe I did something wrong while testing. I will retest it on a new
board when I have received some more information from NXP.

>
>
>  Best regards,
>
> Ye Li
>

More information about the U-Boot mailing list