AnsweredAssumed Answered

bf70x Si rev1.0 how to secure boot SPI Master ? (for mass production)

Question asked by alban on Aug 12, 2015
Latest reply on Oct 30, 2015 by alban

hello

 

i would like to know what do i need to write in otp for BLx secure boot a BF706 Si REV1.0

my application uses a standard flash memory connected to SPI2 and /SPI_SEL2 pin (not the default SS/SEL1 pin)

 

for normal non secure boot i just need to write 0x20211202 at dBootCmd, and the booting process is ok

here is the CLDP command i use :

 

cldp -proc ADSP-BF706 -emu 200 -driver "bf707_otp_driver.dxe" -device otp -cmd prog -file otp_spi2_sel2_boot.bin -format bin -offset 0x288 -numbyte 4 -quiet


 

the binary file contains only the following bytes (LSB first):

  02 12 21 20

 

for performing the SPI boot process at full speed, i need to write an "initcode" that sets the spi clock register at the right speed.

this acts like a first stage boot. this is a very convenient way for setting the CPU and SPI clock speed, turning on the memory. etc

 

for secure booting i have three big problems :

 

first there is no "initcode" available therefore i'm not sure how set the SPI speed for booting at the maximum speed available

Q : is it in the uwClkLower field of the ADI_ROM_BOOT_SPI structure ?

 

secondly due the 19000026 bug we need to boot using the undocumented BCMD_DEVICE mode 7, instead of the SPI device.

in the last anomaly list revision (12-22-2014) i received, this bug was not resolved

 

the workaround is : use adi_boot_rom(0x40000000,0,0,0,,0x207);

 

Q : but how do i use this information ? do i need to write in OTP 0x207 as dBootCmd and 0x40000000 at pSource ? how do we activate MDMA ?

 

thirdly i do not know how to lock the part yet using CLDP. i managed to lock the part using the EE366 app note "program OTP", but i do not know what exactly need to be written in the OTP to perform the locking. once locked i have no mean to dump the OTP memory yet, thus i'm kind of blind

 

 

Q :  i know this lock bit at OTP offset 0x48C, but what is the actual  BYTE value to be written ? are there other registers to be set for activating the secure boot and locking the part ?

 

 

i wish to bring at your attention that the flash and OTP programming will be performed in mass production

 

the step are the following:

1> flash programming of the secured application using CLDP and the dxe flash driver, via JTAG

2> writing of the SPIM boot commands, the BLx mode keys, using the CLDP and the dxe OTP driver, via JTAG

3> locking the part using CLDP and the dxe OTP driver, via JTAG

 

in mass production we cannot open CCES and start a debug session for programming the keys and locking the part.

thus we prefer to use a convenient tool like CLDP, that can be made fully automatable

 

this is an urgent request

thanks for your support

 

Alban

Outcomes