EricZ Posted January 26, 2018 Posted January 26, 2018 Does armbian builds for Espressobin support u-boot's driver MVEBU_EFUSE_FAKE to fake efuse access? From my understanding efuse is needed to test trusted boot. https://github.com/u-boot/u-boot/commit/a1b6b0a9c1f91756b93e6d804837dc178d79d39e I am testing secure boot(trusted boot) on my 2GB EspressoBIN, using the armada-17.10 versions of u-boot, a3700utils, and atf-marvell. Following the trusted_boot.txt document, I successfully built an untrusted and trusted flash.bin and a u-boot.bin with mvebu efuse enabled. I was able to boot the board with the untrusted boot image and ran the efuse write commands. My board had a loss of power before I burned the trusted boot image using bubt. Now that I have set ‘efuse write BOOT_DEVICE’, mentioned in the trusted_boot.txt doc, I am unable to boot from SATA or SPI to burn the trusted boot image. I am unable to boot anything. Switching the jumper pins has no effect. Is there any alternative options to burn SPINOR with my trusted boot image? Or is my hardware gone? https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.10/doc/mvebu/trusted_boot.txt#L261 Marvell>> efuse write ENCRYPTION 10 Returned EFUSE value after write: ENCRYPTION 10 Marvell>> efuse write AES256_KEY Returned EFUSE value after write: AES256_KEY Marvell>> efuse write BOOT_DEVICE SPINOR Returned EFUSE value after write: BOOT_DEVICE SPINOR (1) Marvell>> efuse write KAK_DIGEST Returned EFUSE value after write: KAK_DIGEST Marvell>> efuse write CSK_INDEX 3 Returned EFUSE value after write: CSK_INDEX 3 Marvell>> efuse write OPER_MODE 2 Returned EFUSE value after write: OPER_MODE 2 Marvell>> efuse DEV_DEPLOY 0 0 - Invalid eFuse ID efuse - efuse - read/Write SoC eFuse entries Usage: efuse Access to SoC eFuse entry values list - Display all supported eFuse entry ids dump - Dump all supported eFuse entries raw - Dump all eFuses in raw format read id - Read eFuse entry "id" write id val - Write "val" to eFuse entry "id" Marvell>> efuse write DEV_DEPLOY 0 efuse_write: Invalid value 0, expected 1 DEV_DEPLOY === ERROR WRITING EFUSE VALUE === Marvell>> efuse write DEV_DEPLOY 1 Returned EFUSE value after write: DEV_DEPLOY DEPLOYED (1) Any information would be helpful! Thank you.
Igor Posted January 26, 2018 Posted January 26, 2018 4 hours ago, EricZ said: Is there any alternative options to burn SPINOR with my trusted boot image? Or is my hardware gone? https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.06/doc/mvebu/uart_boot.txt According to Marvell engineers, it is "Not the funniest process, but you still will not need to setup JTAG session."
Recommended Posts