UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant mberemand
Participant
617 Views
Registered: ‎10-22-2018

FSBL handoff succeeds but nothing happens. Can't debug.

I'm working with a Zynq ZC702 with the RSA eFUSE bits programmed and an AES key stored in BBRAM. I compiled the default FSBL with RSA_SUPPORT and FSBL_DEBUG_INFO defined and wrote a .bif file that looks like this:

all:
{
   [aeskeyfile] AESKey.nky
   [pskfile] RSAPSK.pem
   [sskfile] RSASSK.pem
   [bootloader, encryption=aes, authentication=rsa] simple_fsbl.elf
   [encryption=aes, authentication=rsa] download.bit
   [encryption=aes, authentication=rsa, load=0x10000000] app0.elf
   [encryption=aes, authentication=rsa, load=0x20000000] app1.elf
}

(My intent is to start executing app0 on CPU0 at address 0x10000000 and load app1 at 0x20000000 to be started on CPU1 after a SEV from CPU0. Let me know if I need to change something in the .bif file for this to work.)

It successfully loaded and authenticated each partition and the last thing printed to UART was:

Handoff Address: 0x10000000
In FsblHookBeforeHandoff function 
SUCCESSFUL_HANDOFF
FSBL Status = 0x1

But the first line in main of app0 is a xil_printf to verify that the handoff actually succeeded, and that doesn't happen. As far as I can tell my apps don't actually start. So I tried debugging it. With the board in JTAG boot mode, I started debugging the FSBL from the XSDK (2017.2), manually changing the boot mode to SD at the appropriate breakpoint. The "RecreatePaddingAndCheck" function in rsa.c fails. I get the following output:

Boot mode is SD
SD: rc= 0
SD Init Done 
Flash Base Address: 0xE0100000
Reboot status register: 0x60400002
Multiboot Register: 0x0000C000
Image Start Address: 0x00000000
Partition Header Offset:0x00000C80
Partition Count: 4
RSA enabled for Chip
Partition SPK Signature Authentication failed
Partition Header signature Failed
FSBL Status = 0xA00E

I can't debug the problem with the handoff until I get past RSA authentication. Is there something else I need to do in order for RSA authentication to work while debugging the FSBL?

EDIT: I defined FSBL_DEBUG_RSA and compared the output between running the FSBL in real SD boot mode and running it from the SDK via JTAG debugging. Output from the debugging run says the SPK decrypted hash is all zeros.

SPK Decrypted Hash START
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000

 SPK Decrypted Hash END
Partition SPK Signature Authentication failed
Partition Header signature Failed
FSBL Status = 0xA00E

What does this imply? That it can't read from EFUSE during this mode?

Tags (5)
0 Kudos
5 Replies
Xilinx Employee
Xilinx Employee
558 Views
Registered: ‎10-11-2011

Re: FSBL handoff succeeds but nothing happens. Can't debug.

I am not surprsed the boot the authenticated boot is failing in JTAG boot mode.

May I suggest a diferent approach?

Have you try to boot non-secure first? That will give you the easy JTAG access for debug.

Also, try to boot app0.elf ONLY. Does that work?

NOTE: If the .elf are linked against 0x1000000 and 0x2000000 you should not need to specify the load address.

 

0 Kudos
Participant mberemand
Participant
519 Views
Registered: ‎10-22-2018

Re: FSBL handoff succeeds but nothing happens. Can't debug.

The board's EFUSE bit to enforce RSA authentication was set long before I got a chance to work with it, so I can't test an unsigned boot. AES encryption is not enforced and I currently have that key in BBRAM.

app0.elf runs as expected when debugged over JTAG by itself.

During JTAG boot, it seems to me that the FSBL should have enough information to authenticate the partitions from the SD card and can verify the PPK against its hash in EFUSE. Is it failing because the FSBL itself wasn't authenticated? It's not clear to me why I can't debug signed boot over JTAG.

0 Kudos
Xilinx Employee
Xilinx Employee
502 Views
Registered: ‎10-11-2011

Re: FSBL handoff succeeds but nothing happens. Can't debug.

Can you please provide the full detailed log while booting this image?

all:
{
   [pskfile] RSAPSK.pem
   [sskfile] RSASSK.pem
   [bootloader, authentication=rsa] simple_fsbl.elf
   [authentication=rsa] download.bit
   [authentication=rsa] app0.elf
}

0 Kudos
Visitor jovertoom
Visitor
129 Views
Registered: ‎06-14-2018

Re: FSBL handoff succeeds but nothing happens. Can't debug.

Did you manage to resolve this? I've got a similar problem.

0 Kudos
Xilinx Employee
Xilinx Employee
112 Views
Registered: ‎10-11-2011

Re: FSBL handoff succeeds but nothing happens. Can't debug.

Maybe you can share the UART output of yuor boot (with FSBL detailed debug enabled).

If nothing comes out of the UART you need to use VIVADO HW Manager and read these two JTAG registers:

JTAG_STATUS

ERROR_STATUS

 

0 Kudos