Author Topic: TE0720 - secure boot works from SD card, Fails from qSPI  (Read 453 times)

mgillott

  • Active Member
  • *
  • Posts: 6
TE0720 - secure boot works from SD card, Fails from qSPI
« on: October 13, 2022, 05:28:18 PM »
Hi

TE0720 module with a custom carrier PCB

I have a BOOT.BIN file created from XAPP1175 Secure FSBL, including Petalinux u-boot

My TE0720-03-62133 module has RSA and AES efuses set for secure boot

This arrangement will boot successfully from SD card.

I burn the same BOOT.BIN to qSPI flash, select qSPI boot mode. System hangs after power up.

Both SD card and qSPI boot modes work correctly for an unsecured system, so I dont believe its the hardware.

Has anyone come across this issue ?

Thanks in advance
Malc

JH

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2001
Re: TE0720 - secure boot works from SD card, Fails from qSPI
« Reply #1 on: October 14, 2022, 07:10:40 AM »
Hi,

sorry, I didn't use secured boot until know, so I cant help much.
Did you checked this document:
https://docs.xilinx.com/v/u/en-US/xapp1175_zynq_secure_boot
It looks like Xilinx used QSPI secured boot there, see page 20/21.

do you see something on boot log or nothing? Maybe you can enable/disable boot options also and you has disabled QSPI boot. I know that JTAG can be disabled, maybe boot modes too...
Check also:
https://support.xilinx.com/s/article/54827?language=en_US

And write also one time to the xilinx forum. it's more a general zynq question and community is much bigger there.
br
John

mgillott

  • Active Member
  • *
  • Posts: 6
Re: TE0720 - secure boot works from SD card, Fails from qSPI
« Reply #2 on: October 17, 2022, 05:19:41 PM »
Hi John, thanks for your input

The problem appears to be that the BOOTROM cannot read the first few words in the qSPI flash after POR / boot.

I'm guessing this may be a qSPI  initialization or a power-up latency problem ?

Since the BOOTROM searches the qSPI for a valid boot image, I just flashed the image at a higher address (0x8000) in the qSPI and now it boots securely from the qSPI

Thanks
Malc

JH

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2001
Re: TE0720 - secure boot works from SD card, Fails from qSPI
« Reply #3 on: October 18, 2022, 09:15:29 AM »
Quote
I'm guessing this may be a qSPI  initialization or a power-up latency problem ?
but why only on secured boot?
Can you hold reset button during power up and release later? In this case  you should simple add more delay.
Quote
Since the BOOTROM searches the qSPI for a valid boot image, I just flashed the image at a higher address (0x8000) in the qSPI and now it boots securely from the qSPI
hm strange, another idea is that with secured files the entry points are different and it does not recognize flash has a valid files...but only Xilinx can know that. At least you have a solution for now with the offset. Thanks to share this notes here.
br
John