EricZ Posted January 26, 2018 Share Posted January 26, 2018 Does armbian builds for Espressobin support u-boot's driver MVEBU_EFUSE_FAKE to fake efuse access? From my understanding efuse is needed to test trusted boot. https://github.com/u-boot/u-boot/commit/a1b6b0a9c1f91756b93e6d804837dc178d79d39e I am testing secure boot(trusted boot) on my 2GB EspressoBIN, using the armada-17.10 versions of u-boot, a3700utils, and atf-marvell. Following the trusted_boot.txt document, I successfully built an untrusted and trusted flash.bin and a u-boot.bin with mvebu efuse enabled. I was able to boot the board with the untrusted boot image and ran the efuse write commands. My board had a loss of power before I burned the trusted boot image using bubt. Now that I have set ‘efuse write BOOT_DEVICE’, mentioned in the trusted_boot.txt doc, I am unable to boot from SATA or SPI to burn the trusted boot image. I am unable to boot anything. Switching the jumper pins has no effect. Is there any alternative options to burn SPINOR with my trusted boot image? Or is my hardware gone? https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.10/doc/mvebu/trusted_boot.txt#L261 Marvell>> efuse write ENCRYPTION 10 Returned EFUSE value after write: ENCRYPTION 10 Marvell>> efuse write AES256_KEY Returned EFUSE value after write: AES256_KEY Marvell>> efuse write BOOT_DEVICE SPINOR Returned EFUSE value after write: BOOT_DEVICE SPINOR (1) Marvell>> efuse write KAK_DIGEST Returned EFUSE value after write: KAK_DIGEST Marvell>> efuse write CSK_INDEX 3 Returned EFUSE value after write: CSK_INDEX 3 Marvell>> efuse write OPER_MODE 2 Returned EFUSE value after write: OPER_MODE 2 Marvell>> efuse DEV_DEPLOY 0 0 - Invalid eFuse ID efuse - efuse - read/Write SoC eFuse entries Usage: efuse Access to SoC eFuse entry values list - Display all supported eFuse entry ids dump - Dump all supported eFuse entries raw - Dump all eFuses in raw format read id - Read eFuse entry "id" write id val - Write "val" to eFuse entry "id" Marvell>> efuse write DEV_DEPLOY 0 efuse_write: Invalid value 0, expected 1 DEV_DEPLOY === ERROR WRITING EFUSE VALUE === Marvell>> efuse write DEV_DEPLOY 1 Returned EFUSE value after write: DEV_DEPLOY DEPLOYED (1) Any information would be helpful! Thank you. Link to comment Share on other sites More sharing options...
Igor Posted January 26, 2018 Share Posted January 26, 2018 4 hours ago, EricZ said: Is there any alternative options to burn SPINOR with my trusted boot image? Or is my hardware gone? https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2017.03-armada-17.06/doc/mvebu/uart_boot.txt According to Marvell engineers, it is "Not the funniest process, but you still will not need to setup JTAG session." Link to comment Share on other sites More sharing options...
Recommended Posts