• State
  • Replies 3 replies
  • Subscribers 98 subscribers
  • Views 77 views
  • Users 0 members are here
Support feedback
Options
Options
Related

AM623: How to hard reboot after revoking key

Yoong Chean Ooi
Prodigy 70 points
Part Number: AM623

Tool/software:

Hi,

I have implemented OPTEE applicant (user TA and PTA) and successfully revoke the key during the Linux runtime based on this [FAQ] SYSFW API on key revoke in OPTEE on AM62x - Processors forum - Processors - TI E2E support forums.

However, I noticed that the key revision does not get updated after a soft reboot. It only updates after a full power cycle. In my use case, I am trying to use OTA (Yocto SWU update) to revoke the key and update the images. If a hard reboot is required for the key revision to take effect, how can I perform a hard reboot on the AM62x other than by physically power cycling the device?

Thanks.

  • 0
    TI__Guru 68960 points

    Hi Yoong,
    It is good to know you're able to perform key revoke by adding OPTEE applicant (user TA and PTA).
    The physical OTP efuse farm requires one-time SoC Power-On-Reset (POR) to have the OTP efuse auto-scan functional.
    I think it is a common practice to power-cycle any electronic devices after firmware update.
    Best,
    -Hong

  • 0 in reply to Hong Guan64
    Prodigy 70 points

    Hi ,

    Thanks for the clarification.

    May I know is there any way that allow me to perform Power-On-Reset via software or any peripherals (like GPIO, I2C, etc) during the runtime?

    The reason I ask is because the new images with new signing key will be flashed into the eMMC partition and revoked the key when performing the SWU update. The device then needs to automatically reboot and boot up with the new images instead without power-cycle needed from user end. In other word, device need to change the key revision in the OTP efuse before device is booting on the new images.

    Thanks.

    Regards,

    Yoong Chean

  • 0 in reply to Yoong Chean Ooi
    TI__Guru 68960 points

    Hi Yoong,
    One option you may try is using "SW_MAIN_PORz" to see if Main domain PORz triggers efuse scan.
    from AM62x TRM "6.3.5.1.1 SW_MAIN_PORz Reset"
    "Reset Overview
    This reset is a software controlled MAIN domain POR reset defined in CTRLMMR_RST_CTRL and CTRLMMR_MCU_RST_CTRL.
    This software reset will generate a MAIN domain PORz."

    I'm attaching a sample log on using "SW_MAIN_PORz" to trigger Main domain PORz on AM62x-SK.
    /* issue "SW_MAIN_PORz" */
    root@am62xx-evm:~# devmem2 0x43018170 w 0x0002006f
    /* RST_SRC => Main Power On Reset From MAIN CTRL MMR */
    => md.l 0x43018170 3
    43018170: 000200ff 00000000 02000000

    Best,
    -Hong

    Fullscreen am62-sk_mainPOR_reset_kernel.log Download 
    root@am62xx-evm:~# uname -a
Linux am62xx-evm 6.6.58-ti-01497-ga7758da17c28-dirty #1 SMP PREEMPT Wed Nov 27 13:23:15 UTC 2024 aarch64 GNU/Linux
root@am62xx-evm:~# devmem2 0x43018170
/dev/mem opened.
Memory mapped at address 0xffffa7b50000.
Read at address  0x43018170 (0xffffa7b50170): 0x000200FF
root@am62xx-evm:~# devmem2 0x43018174
/dev/mem opened.
Memory mapped at address 0xffffa690c000.
Read at address  0x43018174 (0xffffa690c174): 0x00000000
root@am62xx-evm:~# devmem2 0x43018178
/dev/mem opened.
Memory mapped at address 0xffff9dc7f000.
Read at address  0x43018178 (0xffff9dc7f178): 0x00000000
root@am62xx-evm:~# devmem2 0x43018170 w 0x0002006f
/�
U-Boot SPL 2024.04-ti-g29d0c23d67ee (Nov 29 2024 - 11:41:54 +0000)
SYSFW ABI: 4.0 (firmware rev 0x000a '10.1.8--v10.01.08 (Fiery Fox)')
SPL initial stack usage: 13392 bytes
Trying to boot from MMC2
Authentication passed
Authentication passed
Authentication passed
Authentication passed
Authentication passed
Starting ATF on ARM64 core...

NOTICE:  BL31: v2.11.0(release):v2.11.0-906-g58b25570c9-dirty
NOTICE:  BL31: Built : 04:20:32, Nov  1 2024

U-Boot SPL 2024.04-ti-g29d0c23d67ee (Nov 29 2024 - 11:41:54 +0000)
SYSFW ABI: 4.0 (firmware rev 0x000a '10.1.8--v10.01.08 (Fiery Fox)')
SPL initial stack usage: 1904 bytes
Error (-2): cannot determine file size
Trying to boot from MMC2
Authentication passed
Authentication passed


U-Boot 2024.04-ti-g29d0c23d67ee (Nov 29 2024 - 11:41:54 +0000)

SoC:   AM62X SR1.0 HS-FS
Model: Texas Instruments AM625 SK
EEPROM not available at 0x50, trying to read at 0x51
Reading on-board EEPROM at 0x51 failed -121
DRAM:  2 GiB
Core:  81 devices, 31 uclasses, devicetree: separate
MMC:   mmc@fa10000: 0, mmc@fa00000: 1
Loading Environment from nowhere... OK
In:    serial
Out:   serial
Err:   serial
EEPROM not available at 0x50, trying to read at 0x51
Net:   eth0: ethernet@8000000port@1
Hit any key to stop autoboot:  2  0 
=> md.l 0x43018170 3
43018170: 000200ff 00000000 02000000           ............
=> md.l 0x04518170 3
04518170: 00400fff 00000001 02000000           ..@.........
=>