Post Go back to editing

SC573 security problem

SC573 security problem

I set public and private key in OTP memory using API functions. Then lock the device with function 'adi_rom_lock'. All functions returned 'true'. Then I reset the device. But device is OPEN. I can load unsecure programs to it and read OTP. I try to read lockbit in OTP memory location 0x48C: it is '1'. 

I repeat this procedure at another chip with the same result. The chip revision is 0.0.

The same procedure on Blackfin BF707 (it has the same security system) lock the part without any problem.

Parents
  • We connect our device through UART (FTDI chip onboard) and Ethernet. We do not use JTAG. There is no standart driver for cldp for that case.

    We use only OTP API functions (adi_rom_otp_get, adi_rom_otp_pgm, adi_rom_otp_lock).

    The same code on Blackfin BF707 lock the device.

    After C code:

    uint32_t otp_GP1[ROM_OTP_SZ_gp1]; adi_rom_otp_get_data(otp_GP1, 0x48C, 1);

    otp_GP1[0] equal 1.

     

    Before lock we successfull write: otpcmd_secure_emu_key, otpcmd_pvt_128key0, otpcmd_public_key0.

     

    How can it be, that device after successfull request 'adi_rom_otp_lock' remain unlocked?

    Maybe we must write to otp more information?

Reply
  • We connect our device through UART (FTDI chip onboard) and Ethernet. We do not use JTAG. There is no standart driver for cldp for that case.

    We use only OTP API functions (adi_rom_otp_get, adi_rom_otp_pgm, adi_rom_otp_lock).

    The same code on Blackfin BF707 lock the device.

    After C code:

    uint32_t otp_GP1[ROM_OTP_SZ_gp1]; adi_rom_otp_get_data(otp_GP1, 0x48C, 1);

    otp_GP1[0] equal 1.

     

    Before lock we successfull write: otpcmd_secure_emu_key, otpcmd_pvt_128key0, otpcmd_public_key0.

     

    How can it be, that device after successfull request 'adi_rom_otp_lock' remain unlocked?

    Maybe we must write to otp more information?

Children