UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Observer alextennant
Observer
10,525 Views
Registered: ‎03-11-2014

Secure boot Software Reset

Jump to solution

Hi All

 

Is it posible in any way to allow a system reset when booted in secure boot mode?

 

Our setup on Zynq 7020

1) eFuse AES key set

2) eFuse AES only set

3) encrypted FSBL in QSPI flash

4) Fully encrypted boot.bin including linux ramdisk loaded

 

We need a method to reboot the system from linux once running, any attempt made results in a secure lockdown.

 

What I would like to happen is basicaly a software triggered Power On Reset.

 

Is this posible from within the Zynq?

 

I haven't managed to find anything in the Technical Reference Manual

 

Regards

Alex

 

 

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Xilinx Employee
Xilinx Employee
18,848 Views
Registered: ‎07-23-2012

Re: Secure boot Software Reset

Jump to solution
To trigger fallback or multibot in secure boot mode with EFUSE, you have to comment out the system reset section in FSBL.

Please refer to "Secure Fallback Flow with eFUSE" section of http://www.xilinx.com/support/documentation/user_guides/ug821-zynq-7000-swdev.pdf for details on how to do this.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
9 Replies
Xilinx Employee
Xilinx Employee
10,503 Views
Registered: ‎07-23-2012

Re: Secure boot Software Reset

Jump to solution
Do you want to reset some sections of PS or the whole system?

PS_SRST_B or SOFT_RST resets the whole system but the boot mode pins are not sampled after this.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Observer alextennant
Observer
10,430 Views
Registered: ‎03-11-2014

Re: Secure boot Software Reset

Jump to solution

I need a way to resets the whole system but PS_SRST_B and SOFT_RST result in a secure lockdown when using secure boot.

 

Is this the intended functionality when using secure boot?

 

0 Kudos
Xilinx Employee
Xilinx Employee
10,407 Views
Registered: ‎07-23-2012

Re: Secure boot Software Reset

Jump to solution
Yes, as mentioned above the mode pins won't be sampled after PS_SRST_B/SOFT_RST.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Observer alextennant
Observer
10,388 Views
Registered: ‎03-11-2014

Re: Secure boot Software Reset

Jump to solution

Hi Smarell

 

Could you please be clearer

 

You have said nothing about secure boot and lockdown.

 

Should I be able to use PS_SRST_B/SOFT_RST from a secure boot without going into lockdown?

 

Regards

Alex

0 Kudos
Observer alextennant
Observer
10,142 Views
Registered: ‎03-11-2014

Re: Secure boot Software Reset

Jump to solution

I want to re-trigger the FSBL on a Zynq7020 after booting into a secure image using only software. Writing a 1 to register (PSS_RST_CTRL) results in a secure lockdown.

 

My FSBL is:

 

the_ROM_image:
{
  [aeskeyfile] aes.nky
  [encryption=aes, bootloader]FSBL.elf
}

 

using the efuse AES key

 

After booting the FSBL shows this:

 

"User not allowed to do any system resets"

 

This is from Xilinx's default FSBL

 

Now once I have fully booted into linux, I want to reboot the device all the testing I have done results in secure lockdown. Now this may be the intended operation for a secure boot and it is imposible to do what I want without externaly triggering a Power On Reset.

 

If anyone knows if this is possible please let me know.

0 Kudos
Xilinx Employee
Xilinx Employee
18,849 Views
Registered: ‎07-23-2012

Re: Secure boot Software Reset

Jump to solution
To trigger fallback or multibot in secure boot mode with EFUSE, you have to comment out the system reset section in FSBL.

Please refer to "Secure Fallback Flow with eFUSE" section of http://www.xilinx.com/support/documentation/user_guides/ug821-zynq-7000-swdev.pdf for details on how to do this.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Observer alextennant
Observer
10,113 Views
Registered: ‎03-11-2014

Re: Secure boot Software Reset

Jump to solution

Hi Smarell

 

I have multiboot and fallback working on my secure boot.

 

As I understand it your suggestion is to basicaly handoff back to the FSBL (still in the on chip memory) from Linux?

 

Regards

Alex

0 Kudos
Xilinx Employee
Xilinx Employee
9,966 Views
Registered: ‎07-23-2012

Re: Secure boot Software Reset

Jump to solution
Yes, thats correct.
-----------------------------------------------------------------------------------------------
Please mark the post as "Accept as solution" if the information provided answers your query/resolves your issue.

Give Kudos to a post which you think is helpful.
0 Kudos
Observer jqsam1
Observer
316 Views
Registered: ‎02-16-2015

Re: Secure boot Software Reset

Jump to solution

Hi... i need a similar functionality... executing the FSBL after fallback but not on a secure boot scenario.. any idea how i can do this?

 

Thanks.

0 Kudos