AM6412: Read/Write to Extended OTP from Linux

Anh-Tuan Hoang

Part Number: AM6412

Tool/software:

Hi TI experts,

We would like to leverage the Extended OTP to store the MAC address. We found the Linux driver (ti_sci) that handles TISCI messages for other purposes and we extended this driver to add OTP messages (read/write/lock/status). We created another kernel driver that leverages the new OTP messages and exposes an interface to user space.

We also updated u-boot sec-cfg.yaml (otp_config) to set the write_host_id and host_id to 12 to match the Linux host_id. Also, host_perms were set to 2.

        otp_config:
                subhdr:
                        magic: 0x4081
                        size: 69
                write_host_id : 12
                otp_entry:
                        - #1
                                host_id: 12
                                host_perms: 2
                        - #2
                                host_id: 12
                                host_perms: 2
                        - #3
                                host_id: 12
                                host_perms: 2
                        - #4
                                host_id: 12
                                host_perms: 2
                                ....

The issue that we are running into is that we get a NAK or no response for the OTP messages. The messages seem to be transferred ok over the mailbox and the callback happened, but the response flags were all zeros ((flags = 0x00000000).

1. Any potential issue with approach? We don't plan on storing anything sensitive to the extended OTP.

2. What could be the issue that result in a NAK? How could we confirm/check that the board security configuration is correct on the device?

3. What would be your recommendation moving forward?

Anh-Tuan

2 months ago

0 Hong Guan64 2 months ago

TI__Guru 63015 points

Hi Anh-Tuan,
Is it an option to program the MAC_ID in R5 for your user case?
If yes, here is the FAQ for your reference.
https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1235880/faq-how-to-update-ids-usb-pcie-pid-vid-mac-id-by-programming-extended-otp-on-am6x
Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

It is not a desirable option for our use case as we prefer to not change the process and flow.

Has anyone attempted my approach above? Could it work?

Thanks

Anh-Tuan

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
Here is another e2e for your reference.
https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1411971/am623-extended-otp-api---yocto---application-user-space/5426867#5426867
"There're extended OTP reference driver code in OPTEE, and you'll need to add user space application to interact with the OPTEE extended OTP"
Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

Thanks for the reference, it is something that we would consider as an alternative if the current approach doesn't work, but I like to understand a little more if the current path is viable before giving up on it.

I am hoping that you could help me understand if the current approach is feasible or whether I am missing something.

Thanks

Anh-Tuan

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
As noted in the referenced e2e.
https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1411971/am623-extended-otp-api---yocto---application-user-space/5426867#5426867

"calling the TISCI APIs for the extended OTP WR/RD requires "secure host".
">software-dl.ti.com/.../extended_otp.html

"On virtual "secure host" on AM62x, refer to the link
software-dl.ti.com/.../hosts.html
where, the secure host ID=10 is used for ATF, and the secure host ID=11 is used for OPTEE in Linux SDK."

"But the host-id for Linux kernel is "12" which is not a "secure host".
">git.ti.com/.../k3-am62-main.dtsi

"There're extended OTP reference driver code in OPTEE, and you'll need to add user space application to interact with the OPTEE extended OTP"

In summary, the options for calling the TISCI API for the extended OTP RD/WR is from SPL on R5, or ATF/OPTEE on A53.

Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

Thank you for your response. In my case, I changed the write_host_id and host_id in the sec-cfg.yaml to 12 to match the Linux host ID, that is not sufficient?

Thanks

Anh-Tuan

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
No.

Hong Guan64 said:
"calling the TISCI APIs for the extended OTP WR/RD requires "secure host".
">software-dl.ti.com/.../extended_otp.html

"On virtual "secure host" on AM62x, refer to the link
software-dl.ti.com/.../hosts.html
where, the secure host ID=10 is used for ATF, and the secure host ID=11 is used for OPTEE in Linux SDK."

Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

Thanks, I will look into reading/writing the extended OTP via OPTEE.

Regards,

Anh-Tuan

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
One change is needed in "sec-cfg.yaml" as noted in
https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1411971/am623-extended-otp-api---yocto---application-user-space/5520979#5520979
Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

I created a small optee client for the `opt_keywriting_ta` and I also updated the sec-cfg.yaml to set write_host_id and host_id to 11 (for all entries).

The client could connect the TA properly, but it failed to read the extended OTP MMR. I added some debug messages to the driver and noticed that the acknowledgement flag was not set. I also enabled the trace in board-cfg.yaml, but didn't see anything show up.

Is something else I need to configure? How should proceed in debugging this?

E/TC:? 0 invoke_command:105 Invoking command 0x00
E/TC:? 0 ti_sci_setup_xfer:80 Setup message: type=0x00009022, host=11, flag=0x00000002
E/TC:? 0 ti_sci_get_response:122 Message not acknowledged 0x00000000
otp_client: Invoke command failed with code 0xffff0001 origin 0x4

Thanks

Anh-Tuan

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
Thanks for the update.
Have we tested with moving the "write_host_id" entry after 32 entries of "otp_entry" in "sec-cfg.yaml" as noted in my last reply?
It'd be helpfuel to enable TIFS trace.
https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1411971/am623-extended-otp-api---yocto---application-user-space/5488589#5488589
Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

Moving the `write_host_id` after the 32 otp_entries seems to resolve the issue with no acknowledgement, the MMR reads complete successfully. However, the MMR reads always return 0 even after I tried to write some rows with some values. The row write completes successfully too. I enabled the VPP prior to the writes.

Is there any other configuration needed for row writes beside enabling the VPP?

Do I need to lock the row for the value to retain?

I have enabled the TIFS trace in board-cfg.yaml, but I don't see any trace comes out on UART1. Anything else I need to configure? Does the default devicetree settings for the sk board has the right configuration for the trace to come out on UART1?

debug_cfg:
                subhdr:
                        magic: 0x020C
                        size: 8
                trace_dst_enables : 0x0d
                trace_src_enables : 0x3f

Thanks

Anh-Tuan

0 Anh-Tuan Hoang 1 month ago in reply to Anh-Tuan Hoang

Prodigy 20 points

Seems power cycle the device allows the extended OTP rows to be loaded into the MMR. I still like to get the trace working so any help on that would be greatly appreciated.

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
It is good to know you had the extended OTP read/write via OPTEE working on your setup.
Yes, it is required to power-cycle SoC to autoload/scan the OTP efuse to MMR registers after the OTP write operation.

TIFS trace is dumped from MAIN_UART1 on AM62x
https://software-dl.ti.com/tisci/esd/latest/4_trace/trace.html#trace-uart-allocation
MAIN_UART1 is the COM2 on AM62x-SK board

Best,
-Hong

0 Anh-Tuan Hoang 1 month ago in reply to Hong Guan64

Prodigy 20 points

Hi Hong,

What should be the baud rate for the main uart1? Should I expect ascii messages? I currently see something come out, but mostly all garbage.

Thanks

Anh-Tuan

0 Hong Guan64 1 month ago in reply to Anh-Tuan Hoang

TI__Guru 63015 points

Hi Anh-Tuan,
MAIN_UART1 configuration is the same as MAIN_UART0, baud rate is 115200.
Best,
-Hong

Processors

Processors forum

AM6412: Read/Write to Extended OTP from Linux