• State Not Answered
  • Replies 6 replies
  • Subscribers 25 subscribers
  • Views 359 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 285934
Options

CONFIG_HW_UNIQUE_KEY_LOAD does not work with CONFIG_DISABLE_FLASH_PATCH

user91845

I am using nRF Connect SDK 1.9.0 and the NRF52840.

When building samples/keys/hw_unique_key you get this warning:

----------------------------------------------------------
--- WARNING: To maintain the integrity of secure boot, ---
--- enable CONFIG_DISABLE_FLASH_PATCH in production. ---
----------------------------------------------------------

If you turn on CONFIG_DISABLE_FLASH_PATCH for b0, it breaks the sample and you can never boot. This is because CONFIG_HW_UNIQUE_KEY_LOAD only allows one boot for the application to load the HUK. CONFIG_DISABLE_FLASH_PATCH needs to reboot b0 when running the first time. This means we can never boot to the app.

So what is the best solution, should you use CONFIG_DISABLE_FLASH_PATCH in production and not use CONFIG_HW_UNIQUE_KEY_LOAD?

The sample works without CONFIG_HW_UNIQUE_KEY_LOAD, so what is the benefit of using CONFIG_HW_UNIQUE_KEY_LOAD?

Is there a fix that can be made to allow both CONFIG_DISABLE_FLASH_PATCH and CONFIG_HW_UNIQUE_KEY_LOAD?

Parents Reply Children
  • 0 in reply to user91845

    Hi,

    When I test with this change it works on my end, using both SDK 1.9.0 and 1.9.1. Have you made any other changes as well? Can you elaborate on how you test?

  • 0 in reply to user7377

    nrfjprog --deviceversion

    NRF52840_xxAA_REV1

    You need to ensure you start with a completely blank device or you will not see the issue:

    nrfjprog -e
    Erasing user available code and UICR flash areas.
    Applying system reset.

    This is the entire diff of the nrf folder:

    diff --git a/samples/keys/hw_unique_key/child_image/b0.conf b/samples/keys/hw_unique_key/child_image/b0.conf
index 180ca7ccc..0e3e38615 100644
--- a/samples/keys/hw_unique_key/child_image/b0.conf
+++ b/samples/keys/hw_unique_key/child_image/b0.conf
@@ -4,4 +4,5 @@
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
+CONFIG_DISABLE_FLASH_PATCH=y
 CONFIG_HW_UNIQUE_KEY_LOAD=y

    My build command, executed from the nrf folder:

    west build -p -b nrf52840dk_nrf52840 -d build samples/keys/hw_unique_key

    Flash the code:

    west flash -d build   

    Output of the DVK on the serial console:

    First boot, expecting app to write HUK.
    Error: Hardware Unique Key not present.

  • 0 in reply to user91845

    Ah, you are right. No idea why I did not see this before. I am not able to answer this right now but I am checking with the team working on this and will get back to you.

  • 0 in reply to user7377

    Hi,

    I am sorry for the late update. What is happening is essentially this:

    1. (b0 PRE_KERNEL2) Bootloader sees that a key is not written, and writes its own flag in flash to keep track of this. It now assumes the app will be booted and will write a HUK.
    2. (b0 POST_KERNEL) Flash patch is disabled and the device is rebooted for the configuration to take effect.
    3. (b0 PRE_KERNEL2) Bootloader sees that a key is not written, and that it has written the flag. It assumes the app was unsuccessful in writing a HUK so it throws an error.

    The team is made aware of this now and will look into hw to do handle this properly.

Related
Terms of service