cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Participant
Participant
11,026 Views
Registered: ‎03-11-2014

Secure boot Software Reset

Jump to solution

Hi All

 

Is it posible in any way to allow a system reset when booted in secure boot mode?

 

Our setup on Zynq 7020

1) eFuse AES key set

2) eFuse AES only set

3) encrypted FSBL in QSPI flash

4) Fully encrypted boot.bin including linux ramdisk loaded

 

We need a method to reboot the system from linux once running, any attempt made results in a secure lockdown.

 

What I would like to happen is basicaly a software triggered Power On Reset.

 

Is this posible from within the Zynq?

 

I haven't managed to find anything in the Technical Reference Manual

 

Regards

Alex

 

 

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Community Manager
Community Manager
19,349 Views
Registered: ‎07-23-2012
To trigger fallback or multibot in secure boot mode with EFUSE, you have to comment out the system reset section in FSBL.

Please refer to "Secure Fallback Flow with eFUSE" section of http://www.xilinx.com/support/documentation/user_guides/ug821-zynq-7000-swdev.pdf for details on how to do this.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.

View solution in original post

0 Kudos
9 Replies
Highlighted
Community Manager
Community Manager
11,004 Views
Registered: ‎07-23-2012
Do you want to reset some sections of PS or the whole system?

PS_SRST_B or SOFT_RST resets the whole system but the boot mode pins are not sampled after this.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Highlighted
Participant
Participant
10,931 Views
Registered: ‎03-11-2014

I need a way to resets the whole system but PS_SRST_B and SOFT_RST result in a secure lockdown when using secure boot.

 

Is this the intended functionality when using secure boot?

 

0 Kudos
Highlighted
Community Manager
Community Manager
10,908 Views
Registered: ‎07-23-2012
Yes, as mentioned above the mode pins won't be sampled after PS_SRST_B/SOFT_RST.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Highlighted
Participant
Participant
10,889 Views
Registered: ‎03-11-2014

Hi Smarell

 

Could you please be clearer

 

You have said nothing about secure boot and lockdown.

 

Should I be able to use PS_SRST_B/SOFT_RST from a secure boot without going into lockdown?

 

Regards

Alex

0 Kudos
Highlighted
Participant
Participant
10,643 Views
Registered: ‎03-11-2014

I want to re-trigger the FSBL on a Zynq7020 after booting into a secure image using only software. Writing a 1 to register (PSS_RST_CTRL) results in a secure lockdown.

 

My FSBL is:

 

the_ROM_image:
{
  [aeskeyfile] aes.nky
  [encryption=aes, bootloader]FSBL.elf
}

 

using the efuse AES key

 

After booting the FSBL shows this:

 

"User not allowed to do any system resets"

 

This is from Xilinx's default FSBL

 

Now once I have fully booted into linux, I want to reboot the device all the testing I have done results in secure lockdown. Now this may be the intended operation for a secure boot and it is imposible to do what I want without externaly triggering a Power On Reset.

 

If anyone knows if this is possible please let me know.

0 Kudos
Highlighted
Community Manager
Community Manager
19,350 Views
Registered: ‎07-23-2012
To trigger fallback or multibot in secure boot mode with EFUSE, you have to comment out the system reset section in FSBL.

Please refer to "Secure Fallback Flow with eFUSE" section of http://www.xilinx.com/support/documentation/user_guides/ug821-zynq-7000-swdev.pdf for details on how to do this.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.

View solution in original post

0 Kudos
Highlighted
Participant
Participant
10,614 Views
Registered: ‎03-11-2014

Hi Smarell

 

I have multiboot and fallback working on my secure boot.

 

As I understand it your suggestion is to basicaly handoff back to the FSBL (still in the on chip memory) from Linux?

 

Regards

Alex

0 Kudos
Highlighted
Community Manager
Community Manager
10,467 Views
Registered: ‎07-23-2012
Yes, thats correct.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Highlighted
Participant
Participant
817 Views
Registered: ‎02-16-2015

Hi... i need a similar functionality... executing the FSBL after fallback but not on a secure boot scenario.. any idea how i can do this?

 

Thanks.

0 Kudos