search

raspberrypi / rp2350_hacking_challenge

132 stars 7 forks source link

OTP_DATA_PAGE1_LOCK1 set BL lock error #2

Open maximus64 opened 2 months ago

maximus64 commented 2 months ago

Followed the instruction to lock chip but encounter error when burn lock for OTP_DATA_PAGE1_LOCK1 and OTP_DATA_PAGE2_LOCK1

ERROR: Cannot clear bits in OTP row(s): current value 040404, new value 101010

With fresh Pico 2 board, this value already programmed to 0x040404 and when run ./lock_chip.sh it refuse to burn since bit 3 is already set.

I think the script need to update to follow:

# Lock writes to PAGE1
picotool otp set --raw OTP_DATA_PAGE1_LOCK1 0x141414
picotool otp set --raw OTP_DATA_PAGE2_LOCK1 0x141414

So what is the actual OTP lock configuration of the Golden unit? is it will be 0x141414 or 0x101010?

Log:

$ ./lock_chip.sh 
Are you sure you want to fully lock down the chip?
Please type PLEASE LOCK to continue
PLEASE LOCK
ROW 0x0040  OLD_VALUE=0x000001: OTP_DATA_CRIT1
        "Page 1 critical boot flags (RBIT-8)"
    field DEBUG_DISABLE (bit 2)
ROW 0x004b  OLD_VALUE=0x000001: OTP_DATA_BOOT_FLAGS1
        "Disable/Enable boot paths/features in the RP2350 mask ROM. Disables always supersede enables. Enables are provided where there are other
        configurations in OTP that must be valid. (RBIT-3)"
    field KEY_INVALID (bits 8-11)
ROW 0x0040  OLD_VALUE=0x000005: OTP_DATA_CRIT1
        "Page 1 critical boot flags (RBIT-8)"
    field GLITCH_DETECTOR_ENABLE (bit 4)
ROW 0x0040  OLD_VALUE=0x000015: OTP_DATA_CRIT1
        "Page 1 critical boot flags (RBIT-8)"
    field GLITCH_DETECTOR_SENS (bits 5-6)
ROW 0x0f83  OLD_VALUE=0x040404: OTP_DATA_PAGE1_LOCK1
        "Lock configuration MSBs for page 1 (rows 0x40 through 0x7f). Locks are stored with 3-way majority vote encoding, so that bits can be set
        independently. This OTP location is always readable, and is write-protected by its own permissions."
ERROR: Cannot clear bits in OTP row(s): current value 040404, new value 101010

ROW 0x0f85  OLD_VALUE=0x040404: OTP_DATA_PAGE2_LOCK1
        "Lock configuration MSBs for page 2 (rows 0x80 through 0xbf). Locks are stored with 3-way majority vote encoding, so that bits can be set
        independently. This OTP location is always readable, and is write-protected by its own permissions."
ERROR: Cannot clear bits in OTP row(s): current value 040404, new value 101010
polhenarejos commented 2 months ago

I confirm that picotool otp get OTP_DATA_PAGE1_LOCK1 and picotool otp get OTP_DATA_PAGE2_LOCK1 both return 0x040404 on a fresh new RP2350.

This is expected from the datasheet:

The main controls for the bootrom are stored in BOOT_FLAGS0 and BOOT_FLAGS1. These are both in page 1 of OTP, which has the following default permissions on a blank device: • Read-write for Secure (S) • Read-write for bootloader (BL) • Read-only for Non-secure (NS)

which is equivalent to 0x4.

Boot key hashes are stored in page 2 of OTP, starting from BOOTKEY0_0. There is space for up to four boot key hashes in this page

Here, the datasheet does not say anything related with PAGE2_LOCK1 default permission, but it seems it uses the same: RW for S, RW for BL and RO for NS. So, NS cannot write BOOTKEYs.

abdalrahimnaser commented 2 months ago

Hey guys, would you be interested in teaming up to tackle this challenge?

polhenarejos commented 2 months ago

Sure, what would you need?