AnsweredAssumed Answered

bf70x Si rev1.0 how to secure boot SPI Master ? (for mass production)

Question asked by alban on Aug 12, 2015
Latest reply on Oct 30, 2015 by alban



i would like to know what do i need to write in otp for BLx secure boot a BF706 Si REV1.0

my application uses a standard flash memory connected to SPI2 and /SPI_SEL2 pin (not the default SS/SEL1 pin)


for normal non secure boot i just need to write 0x20211202 at dBootCmd, and the booting process is ok

here is the CLDP command i use :


cldp -proc ADSP-BF706 -emu 200 -driver "bf707_otp_driver.dxe" -device otp -cmd prog -file otp_spi2_sel2_boot.bin -format bin -offset 0x288 -numbyte 4 -quiet


the binary file contains only the following bytes (LSB first):

  02 12 21 20


for performing the SPI boot process at full speed, i need to write an "initcode" that sets the spi clock register at the right speed.

this acts like a first stage boot. this is a very convenient way for setting the CPU and SPI clock speed, turning on the memory. etc


for secure booting i have three big problems :


first there is no "initcode" available therefore i'm not sure how set the SPI speed for booting at the maximum speed available

Q : is it in the uwClkLower field of the ADI_ROM_BOOT_SPI structure ?


secondly due the 19000026 bug we need to boot using the undocumented BCMD_DEVICE mode 7, instead of the SPI device.

in the last anomaly list revision (12-22-2014) i received, this bug was not resolved


the workaround is : use adi_boot_rom(0x40000000,0,0,0,,0x207);


Q : but how do i use this information ? do i need to write in OTP 0x207 as dBootCmd and 0x40000000 at pSource ? how do we activate MDMA ?


thirdly i do not know how to lock the part yet using CLDP. i managed to lock the part using the EE366 app note "program OTP", but i do not know what exactly need to be written in the OTP to perform the locking. once locked i have no mean to dump the OTP memory yet, thus i'm kind of blind



Q :  i know this lock bit at OTP offset 0x48C, but what is the actual  BYTE value to be written ? are there other registers to be set for activating the secure boot and locking the part ?



i wish to bring at your attention that the flash and OTP programming will be performed in mass production


the step are the following:

1> flash programming of the secured application using CLDP and the dxe flash driver, via JTAG

2> writing of the SPIM boot commands, the BLx mode keys, using the CLDP and the dxe OTP driver, via JTAG

3> locking the part using CLDP and the dxe OTP driver, via JTAG


in mass production we cannot open CCES and start a debug session for programming the keys and locking the part.

thus we prefer to use a convenient tool like CLDP, that can be made fully automatable


this is an urgent request

thanks for your support