nareshrkumar
New ContributorJoined 5 years ago
User Profile
New Contributor
User Widgets
Contributions
Re: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Christian & Baptiste & Théo I have got a response from the team that they received your NDA and currently, it is being validated. The team has been notified about the urgency and I have been informed, they will respond to you at the earliest; it could be as early as this week. Thank you for your patience Naresh1.8KViews0likes12CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Christian & Baptiste & Théo I have got confirmation from my team that they have initiated communication via email to help you with NDA and sharing the relevant fuse flashing information accordingly. I believe you should have received the email by now. Hope this helps! Kind Regards Naresh3.4KViews0likes16CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Christian & Baptiste & Théo I got information saying, we need NDA to share the secure fuse flashing information. If you don't mind, can you please share your company name and whether it has NDA with Altera? Meanwhile, I have asked for a contact at Altera to connect with your team on email and help you with the NDA and sharing of fuse information. Thank you for your patience Naresh3.5KViews0likes17CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Christian & Baptiste & Théo Thank you for your response. Your understanding with respect to Question 1 is correct. Regarding your further questions related to flashing hash and fuse bits, I have already informed the concerned people at Altera. I am waiting for their response, once I have I will share it at the earliest. Kind Regards Naresh3.8KViews0likes18CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Christian & Baptiste & Théo Thanks for sharing the information. As you might already know A10 Secure boot supports both authentication and encryption use cases. We can use one of them or both of them based on the security needs. Now, a) Image Authentication and Verification key can be sourced in three ways, (options here refer to python script ones): User option --> primarily used for testing purposes, volatile and reprogrammable; public key hash check is not performed by Secure Manager in HPS Fuse option --> Key Authorization Key (KAK) hash is programmed in User Access Fuses (UAF), non-volatile and one time programmable (OTP) FPGA option --> fetched from FPGA OCRAM Note: Need to use “sign” option with the python tool for image authentication use cases b) Image Encryption and Decryption key can be stored as: Volatile --> external battery source must be connected to VccBat to retain the key during reset, reprogrammable Non-volatile --> fuses blown and OTP Note: Need to use “encrypt” option with the python tool for image encryption use cases You have mentioned you are using "sign" and "fuse" options with the python tool, so I am confused why you are loading ekp file to the board? If your intention is to use authentication --> fuse option described above, you need to copy SHA256 of the public key to a text file and load it to the board. The KAK key hash has a defined format by Altera. I need to check with the team to share this information, please let me know if this is your requirement. Here are some documentation resources which might help you: AN 759: Using Secure Boot in Intel® Arria® 10 SoC Devices A10 Technical Reference Manual --> refer to Chapter 7 SoC Security Kind Regards Naresh4.2KViews0likes20CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Theo, Christian and Baptiste Thank you for the wait. I have collected the information relevant to various use cases for Secure Boot in A10 but I need the below information to narrow it to your use case and help with the same. My questions: 1. What is your objective with the Secure Boot in A10, is it for image authentication, encryption or both? 2. Also, can you please share all the steps you have run for the "fuse" use case? Thanks Naresh4.5KViews0likes22CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Theo, Christian and Baptiste Thank you for the information shared. As of today, I am not aware of any known issues with a Quartus version. As the issue involves multiple components, U-Boot, Quartus, programmer and signing tool etc., I am working with different teams internally to get definitive information. Please give me some more time, I will update you on the status. Thanks Naresh4.9KViews0likes24CommentsRe: Arria10 Secure Boot : unable to boot SPL FUSE
Hi Christian Immediately after programming the volatile fuses, the board resets (the power supply current drops from 1A to 0.8A, and then returns to 1A), and the fan stops and restarts. Preliminary impressions of the issue are, since the board resets after programming the volatile fuses, the saved hash is also lost. Hence, the hash comparison step fails, leading to no prints on the console. So, basically we need to avoid reset once the fuse is flashed, this I believe is happening because reset is initiated by the Quartus tool or your programmer. There are 2 points for us to check, one with Quartus tool and the other with your programmer: From my end, I am checking whether Quartus is initiating the reset, and if there is a way to avoid it. I believe you are using JTAG as your programmer, can you please check if the programmer is initiating the reset? Thanks Naresh5.5KViews0likes27Comments