BF512F lockbox enter secure mode fail

Hi,all
I have a problem about the lockbox with the custom board.
I can enter into the secure mode by using the emulator without any problem.
if generate the ldr file and program to the inner-spi-flash,the led can blink,and the secure authentication goes fail.
Could someone tell me the reason,thank you.
best regards!

// custom board.
// CPU: BF512F,REV0.1
// ldf: USE_DATA_A_CACHE,USE_SCRATCHPAD_STACK,USE_SCRATCHPAD_HEAP, secure overlay
// initcode: see init dir
// didn't use the preboot para. in the otp memory and the public key have write into the otp correctly.

// the problems are:
// 1. the system can enter into the secure mode by using the emulator without any problem.
// 2. if generate the ldr file and program to the inner-spi-flash,the led can blink,and the boot seems correct.
// 3. it seems can't enter into the secure mode, and the authentication was failure.

// my questions are:
// 1. the preboot page int the otp was necessary if I want to use the lockbox?(I use the init code)
// 2. why the boot was ok, but the secure authentication goes fail?
// 3. the default ldf was changed by I for target board use.it can effect the secure authentication?
// 4. does the hardware can effect the result(system can boot cottectly)?

  • 0
    •  Analog Employees 
    on Jun 17, 2011 1:27 PM

    Hi,

    I believe the problem you are seeing may be related to the fact that digital signing of the sections in the dxe is called after ldr generation, as it is called by a post-build command (take a look under Project Options: Post Build).

    With the DXE, this works as the last command of the Makefile is the DXE generation, then the DXE is patched by the post-build command. In your case, building a loader file, the generation of the LDR is the last command of the Makefile. After this, the DXE is patched, but the Loader file is not regenerated with the new patched DXE.

    This can be resolved by setting the Project type to Executable, and adding another post-build option - after the DXE has been patched.

    You will first need to extract the exact elfloader.exe command line options so you can create your post build command. For that you should set the project for Loader file, turn on verbose through “Settings: Preferences: Project: Verbose build output”, and copy the entire line relevant to elfloader.exe. You can then copy the same to your post build command - this is a one time procedure.

    Let me know if this resolves the issue for you.

    Regards,

    Craig.

  • Hi,Craig

    Thanks for your reply,with your help I have resolved this issue.

    Regards,

    JStyle.