[PATCH] imx: hab: Make imx_hab_is_enabled dependent on FIELD_RETURN

Ye Li ye.li at oss.nxp.com
Wed Jun 26 13:55:20 CEST 2024 

Hi Paul,

On 6/26/2024 3:17 PM, Paul Geurts wrote:
> Hi,
> Thanks for the feedback.
>
>> Hi Paul,
>>
>> On 6/24/2024 8:09 PM, Fabio Estevam wrote:
>>
>>> Hi Paul,
>>>
>>> On Fri, Jun 21, 2024 at 10:06 AM Paul Geurts
>>> <paul.geurts at prodrive-technologies.com>  wrote:
>>>
>>>> -struct imx_sec_config_fuse_t {
>>>> +struct imx_fuse_t {
>>> Please make the struct renaming a separate patch.
>>>
>>> Peng Fan, Ye Li,
>>>
>>> Could you please help review this patch?
>>>
>>> Thanks
>> Can you take a look iMX8MP FIELD_RETURN fuse, I think it does not have 1 bit but 8 bits which requires to burn a sequence. Only when the bits sequence is matched, the field return can work.  So checking the bit 0 is not enough.
> Are you sure about that? The security reference manual (IMX8MPSRM) says in Table 5-5
> that the FIELD_RETURN fuse is located on fuse 0x630[0], which is a single bit. Also,
> the "Chip Security Lifecycle" section (2.15.1) says the following:
>
> FEILD RETURN (SEC_CONFIG[1] fuse = 1 and FIELD_RETURN fuse = 1)
>
> Are you maybe confusing the FIELD_RETURN fuse with the FIELD_RETURN_LOCK sticky bit?
> clearing the lock bit _is_ quite the procedure, but it is unrelated to U-Boot, as
> this is done by ROM code through CSF.
>
> I tested this on an i.MX8M Plus and it seems to work fine.

I know the steps for field return.  What I mean is the FIELD_RETURN 
fuse.  It is true that security RM mentions it as you quote. But from 
8MP fuse map and ROM codes,  I get different things.

FIELD_RETURN 8-bit code.
FIELD_RETURN = 0, is non-field return mode, functional/secure mode.
FIELD_RETURN = Matching Sequence, device is in field_return mode
FIELD_RETURN != Matching Sequence, device asserts security violation


However, I'm not sure how is it implemented in HAB. Since you have 
tested 8M plus, can you confirm the closed part is successfully 
converted to field return and can boot without signing?


Best regards,

Ye Li

>> Fuses for other platforms look ok.
>>
>>
>> Best regards,
>>
>> Ye Li

More information about the U-Boot mailing list