Difference between revisions of "BELK-TN-011: Lock OTP Areas"

From DAVE Developer's Wiki
Jump to: navigation, search
(Older BSP issue)
(7 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
{{Applies To Bora}}
 
{{Applies To Bora}}
 
{{Applies To BoraX}}
 
{{Applies To BoraX}}
{{Applies To BoraLite}}
 
{{AppliesToBORA_TN}}
 
{{AppliesToBORA_Xpress_TN}}
 
{{AppliesToBORA Lite_TN}}
 
 
{{InfoBoxBottom}}
 
{{InfoBoxBottom}}
 
__FORCETOC__
 
__FORCETOC__
Line 18: Line 14:
 
|-
 
|-
 
|1.0.0
 
|1.0.0
|Sep 2020
+
|
|First release
+
|
 
|}
 
|}
  
 
== Introduction ==
 
== Introduction ==
As described on [[ConfigID_management_(BELK/BXELK)|ConfigID management]] page, these information are stored inside a general-purpose OTP area of the SoC.
+
As decribed on [[ConfigID_management_(BELK/BXELK)|ConfigID management]] page, these informations are stored inside a general purpouse OTP area of the SoC.
  
This technical note shows how to fix lock this OTP area on BORA systems running BSP versions older than [[BELK/BXELK software components#BELK 4.1.2|BELK/BXELK-4.1.2]]
+
This page describes a fix to be done on BORA systems that runs BSP versions older than BELK/BXELK-4.1.2
  
 
=== ConfigID programming ===
 
=== ConfigID programming ===
All Bora SOMs are shipped with ConfgID and UniqueID programmed and locked. The OTP lock ensures that nobody can change this data (unattempted code execution, etc).
+
All the SoM are shipped with ConfgID and UniqueID already programmed and locked. The OTP lock ensure that nothing can change this data (unattempted code execution, etc).
  
It is possibile to execute these operations only using the devel versions of u-boot with the following commands:
+
These operations are permitted only by the devel versions of u-boot with the following commands:
 
<pre>
 
<pre>
 
configid som_configid <16 byte code>
 
configid som_configid <16 byte code>
Line 38: Line 34:
  
 
== Older BSP issue ==
 
== Older BSP issue ==
In older BSP, due to a u-boot limitation, this OTP area is not ''really'' locked and therefore it should be possible to overwrite its value, with possible identification errors during updates.
+
In older BSP, due to an u-boot limitation, this OTP area is not really locked and therefore it is possible to overwrite its value. This can lead to identification errors during updates.
  
Starting from the BELK/BXELK-4.1.2 release this issue has been solved.
+
From the BELK/BXELK-4.1.2 release this functionality is restored and fully tested
  
== Lock OTP area ==
+
== Fix lock of OTP areas ==
It is suggested to update the systems running ''BSP releases'' ''older than'' BELK 4.1.2 performing the following steps:
+
It is recommended to update all the systems that runs older releases to update to the newer one and to perform the follwing fix:
  
* program on internal storage or alternatively boot from uSD using the u-boot devel version belk-4.1.2
+
* program on the board (or boot from a different storage - eg. the uSD) the devel version of u-boot to allow the user to perform the OTP lock
** devel version, for SD, are: [[mirror:bora/belk-4.1.2/belk-4.1.2_borax_mmc_devel_boot.bin|belk-4.1.2_bora_mmc_devel_boot.bin]] and [[mirror:bora/belk-4.1.2/belk-4.1.2_borax_mmc_devel_u-boot.img|belk-4.1.2_bora_mmc_devel_u-boot.img]]
+
* execute the following command <code>configid som_lock 0</code>
** u-boot can be downloaded from our [https://cloud.dave.eu/ws-mirror/bora/belk-4.1.2 mirror server]
+
* program the release version of u-boot to restore the normal operations
** u-boot 4.1.2 gives access to the OTP lock commands
 
* run the command <code>configid som_lock 0</code>
 
* program your u-boot release version to restore the normal operations (''this is not required if previous operations have been executed using an external boot from SD'')
 

Revision as of 14:54, 22 September 2020

HOME SOMs SBCs ToloMEO Embedded Assistant Sale-tag.pngGET A QUOTE Customer-service.pngONLINE HELPDESK
Roadmap IoT Services ML/AI services Embedded Design Services
Info Box
Bora5-small.jpg Applies to Bora
BORA Xpress.png Applies to BORA Xpress


Warning-icon.png This technical note was validated against specific versions of hardware and software. What is described here may not work with other versions. Warning-icon.png

History[edit | edit source]

Version Date Notes
1.0.0

Introduction[edit | edit source]

As decribed on ConfigID management page, these informations are stored inside a general purpouse OTP area of the SoC.

This page describes a fix to be done on BORA systems that runs BSP versions older than BELK/BXELK-4.1.2

ConfigID programming[edit | edit source]

All the SoM are shipped with ConfgID and UniqueID already programmed and locked. The OTP lock ensure that nothing can change this data (unattempted code execution, etc).

These operations are permitted only by the devel versions of u-boot with the following commands: 

configid som_configid <16 byte code>
configid som_uniqueid <32 byte code>
configid som_lock 0

Older BSP issue[edit | edit source]

In older BSP, due to an u-boot limitation, this OTP area is not really locked and therefore it is possible to overwrite its value. This can lead to identification errors during updates.

From the BELK/BXELK-4.1.2 release this functionality is restored and fully tested

Fix lock of OTP areas[edit | edit source]

It is recommended to update all the systems that runs older releases to update to the newer one and to perform the follwing fix:

  • program on the board (or boot from a different storage - eg. the uSD) the devel version of u-boot to allow the user to perform the OTP lock
  • execute the following command configid som_lock 0
  • program the release version of u-boot to restore the normal operations
HOME SOMs SBCs ToloMEO Embedded Assistant Sale-tag.pngGET A QUOTE Customer-service.pngONLINE HELPDESK
Roadmap IoT Services ML/AI services Embedded Design Services
Retrieved from "https://wiki.dave.eu/index.php?title=BELK-TN-011:_Lock_OTP_Areas&oldid=10145"