News:

Attention: For security reasons,please choose a user name *different* from your login name.
Also make sure to choose a secure password and change it regularly.

Main Menu

TE0720 - secure boot works from SD card, Fails from qSPI

Started by mgillott, October 13, 2022, 05:28:18 PM

Previous topic - Next topic

mgillott

Hi

TE0720 module with a custom carrier PCB

I have a BOOT.BIN file created from XAPP1175 Secure FSBL, including Petalinux u-boot

My TE0720-03-62133 module has RSA and AES efuses set for secure boot

This arrangement will boot successfully from SD card.

I burn the same BOOT.BIN to qSPI flash, select qSPI boot mode. System hangs after power up.

Both SD card and qSPI boot modes work correctly for an unsecured system, so I dont believe its the hardware.

Has anyone come across this issue ?

Thanks in advance
Malc

JH

Hi,

sorry, I didn't use secured boot until know, so I cant help much.
Did you checked this document:
https://docs.xilinx.com/v/u/en-US/xapp1175_zynq_secure_boot
It looks like Xilinx used QSPI secured boot there, see page 20/21.

do you see something on boot log or nothing? Maybe you can enable/disable boot options also and you has disabled QSPI boot. I know that JTAG can be disabled, maybe boot modes too...
Check also:
https://support.xilinx.com/s/article/54827?language=en_US

And write also one time to the xilinx forum. it's more a general zynq question and community is much bigger there.
br
John

mgillott

Hi John, thanks for your input

The problem appears to be that the BOOTROM cannot read the first few words in the qSPI flash after POR / boot.

I'm guessing this may be a qSPI  initialization or a power-up latency problem ?

Since the BOOTROM searches the qSPI for a valid boot image, I just flashed the image at a higher address (0x8000) in the qSPI and now it boots securely from the qSPI

Thanks
Malc

JH

QuoteI'm guessing this may be a qSPI  initialization or a power-up latency problem ?
but why only on secured boot?
Can you hold reset button during power up and release later? In this case  you should simple add more delay.
QuoteSince the BOOTROM searches the qSPI for a valid boot image, I just flashed the image at a higher address (0x8000) in the qSPI and now it boots securely from the qSPI
hm strange, another idea is that with secured files the entry points are different and it does not recognize flash has a valid files...but only Xilinx can know that. At least you have a solution for now with the offset. Thanks to share this notes here.
br
John