Hi Ye, > Hi Paul, > > On 6/26/2024 3:17 PM, Paul Geurts wrote: >> Hi, >> Thanks for the feedback. >> >>> Hi Paul, >>> >>> On 6/24/2024 8:09 PM, Fabio Estevam wrote: >>> >>>> Hi Paul, >>>> >>>> On Fri, Jun 21, 2024 at 10:06 AM Paul Geurts >>>> <[email protected]> wrote: >>>> >>>>> -struct imx_sec_config_fuse_t { >>>>> +struct imx_fuse_t { >>>> Please make the struct renaming a separate patch. >>>> >>>> Peng Fan, Ye Li, >>>> >>>> Could you please help review this patch? >>>> >>>> Thanks >>> Can you take a look iMX8MP FIELD_RETURN fuse, I think it does not >>> have 1 bit but 8 bits which requires to burn a sequence. Only when >>> the bits sequence is matched, the field return can work. So checking >>> the bit 0 is not enough. >> Are you sure about that? The security reference manual (IMX8MPSRM) >> says in Table 5-5 >> that the FIELD_RETURN fuse is located on fuse 0x630[0], which is a >> single bit. Also, >> the "Chip Security Lifecycle" section (2.15.1) says the following: >> >> FEILD RETURN (SEC_CONFIG[1] fuse = 1 and FIELD_RETURN fuse = 1) >> >> Are you maybe confusing the FIELD_RETURN fuse with the >> FIELD_RETURN_LOCK sticky bit? >> clearing the lock bit _is_ quite the procedure, but it is unrelated to >> U-Boot, as >> this is done by ROM code through CSF. >> >> I tested this on an i.MX8M Plus and it seems to work fine. > > I know the steps for field return. What I mean is the FIELD_RETURN > fuse. It is true that security RM mentions it as you quote. But from > 8MP fuse map and ROM codes, I get different things. > > FIELD_RETURN 8-bit code. > FIELD_RETURN = 0, is non-field return mode, functional/secure mode. > FIELD_RETURN = Matching Sequence, device is in field_return mode > FIELD_RETURN != Matching Sequence, device asserts security violation
That is indeed different from what is mentioned in documentation. I have asked our NXP FAE about the discrepancy and I will adjust the code if needed. > > > However, I'm not sure how is it implemented in HAB. Since you have > tested 8M plus, can you confirm the closed part is successfully > converted to field return and can boot without signing? Maybe I did something wrong while testing. I will retest it on a new board when I have received some more information from NXP. > > > Best regards, > > Ye Li >
