User`s guide

Secure Boot with i.MX28 HAB Version 4, Rev. 1

24 Freescale Semiconductor

Manage the electrical fuses

On Windows (Keygen.exe), cryptographically secure RNG APIs in the OS are used to generate the random

key.

On Linux (Keygen), /dev/random is used to generate the random key.

6.4 Recommendations on i.MX28 fuse configuration

During production, it is suggested to change the SEC_CONFIG of the chip to Closed configuration only

once the programming, provisioning, validation and other pre-production steps are working successfully

in Open configuration. When only secure boot is allowed, every boot image whatever the boot mode is,

must be signed and authenticated correctly prior its execution so it is easier to fix any issues encountered

with a chip still in Open configuration.

Some important boot parameters are set through the fuses. The fact that a fuse is only One Time

Programmable is sufficient to prevent the change of a 1-bit parameter, but is not sufficient to prevent the

modification of a larger value such as the hash of the SRK Table. Therefore lock fuses are dedicated to

protect such information. It is recommended to blow these fuses once the value is programmed and verified

to be functional.

For instance, with the i.MX28, once the SRK_HASH[255:0] is programmed, the fuse SRK LOCK bit

must be programmed to disable any modification of the reference digest for the super toot key table.

For a description of the lock fuses, refer to Programming_OTP_Bits.pdf available with

[IMX_OTP_TOOLS] package, listed in Section 1.5, “References.”

6.5 Programming SRK Hash fuses

This section will explain how tools provided with IMX_CST_TOOL and IMX_OTP_TOOLS packages

should be used to programming SRK Hash fuses.

Figure 7. Fuse programming tools on i.MX28

Srktool is used to generate the HAB v4 SRK Table; the tool also outputs the cryptographic hash of the SRK

Table in a binary file (srk_fuses.bin).