New ContributorArria10 Secure Boot : unable to boot SPL FUSE
On the Arria10, a signed SPL using the FUSE method does not boot at all, but it does boot when using the USER method. The behavior is the same as if we had not programmed the fuses.
Details :
Using the alt_authtool.py utility found in the repository, the SPL is signed.
The tool accepts the following options:
- fuse: embed root pubkey in image. BootROM verifies its hash against device fuses.
- fpga: fetch trusted root pubkey from location in FPGA memory.
- user: embed root pubkey in image. BootROM does not verify.
read EC key
Private-Key: (256 bit)
priv:
9e:e1:55:ec:b6:be:bd:15:22:80:73:3a:66:ee:07:
fa:58:26:1f:d0:13:c8:e5:6a:b0:05:bc:23:f7:dc:
58:46
pub:
04:0d:b3:cf:29:e9:54:60:7a:1c:d2:99:ca:5e:dd:
d0:72:98:0c:5f:89:33:2c:16:35:24:4f:65:ad:ba:
23:45:9d:ec:5e:22:06:9f:b6:b2:bd:d0:19:8c:53:
aa:af:20:1c:df:72:0f:02:e9:44:b0:86:1a:d5:b5:
7a:2c:81:65:dd
ASN1 OID: prime256v1
NIST CURVE: P-256
First, we generate the SPL using the user option, then follow the Application Note, and the Arria10 board boots correctly.
python3 -B -E $(which alt_authtool.py) sign -t user -k ${ROOT_KEY_PEM} -i ${DEPLOYDIR}/u-boot-spl-public-key.sfp -o ${DEPLOYDIR}/u-boot-spl-public-key-signed.sfp --fuseout ${DEPLOYDIR}/u-boot-spl-public-key-signed.fuse
The following text is displayed:
SHA256 digest of root public key: 3dfe63cab8b3657db2ebdeaca234f0d6ec3744a3905d7e04dfa63a5a6721dfe7
==> The SPL with USER option boots correctly.
Next, we generate the SPL using the fuse option. With this, the FPGA should only be able to boot if the fuses are programmed (volatile or non-volatile). When alt_authtool.py is executed, it displays the SHA256 hash of the public key. We use this public key to construct a file containing:
key1 3DFE63CAB8B3657DB2EBDEACA234F0D6EC3744A3905D7E04DFA63A5A6721DFE7
Using this key file, we generate an EKP file with Quartus (compressed into a zip and attached to the present message).
In the end, using the Quartus Prime Programmer, we program the Arria10 board with EKP file (this takes less than one second).
Immediately after programming the volatile fuses, the board resets (the power supply current drops from 1A to 0.8A, and then returns to 1A), and the fan stops and restarts.
==> However, on the serial console, the SPL signed with the FUSE method does not display any messages, and neither U-Boot nor the kernel is loaded.
On the other hand, the SPL signed with the USER method is still able to boot, even with the volatile fuses programmed (boot messages appear, and both U-Boot and the kernel are loaded).
Question:
Can you help us to solve this boot issue with the FUSE method ? The behavior is like volatile fuses are not programmed !
If you need more information and details, please tell us.
Thanks in advance.
Christian & Baptiste
