Forums - Cannot flash signed image into QCA4020 board with USB

6 posts / 0 new
or Register
Last post
Cannot flash signed image into QCA4020 board with USB
yanggh0703
Join Date: 12 Jul 18
Posts: 3
Posted: Tue, 2018-10-16 18:52
Top

Hi,

There is a problem about Secure boot. In the sixth step, I get a error when flash the signed images. My operation steps  are as follows: 

(1) Firstly, Configure the file target\quartz\mfg\OTP\tools\otp_config.xml based on "80-ya121-144_a_enable_secure_boot_on_qca402xcdb2x_1.pdf":

<otp_descriptor>

<firmware_region_write_disable>0</firmware_region_write_disable>

<model_id>0x0</model_id>

<pk_hash>de5480d49ed1cbe0813755f06324fce56e3eb391a9a40ffba8df9fd16c717744</pk_hash>

<!-- <otp_encryp_key>0102030405060708090a0b0c0d0e0f00</otp_encryp_key>  -->

<otp_profile>development</otp_profile>

</otp_descriptor>

(2)Compile OTP

    Execute the command "build.bat t 4020 cdb" at target\quartz\mfg\OTP\build\gcc.

(3)Flash the OTP programmer image at \target\quartz\mfg\OTP\build\gcc with the python script qflash.py, then I can get the "OTP update success" message appearing on the serial console.

    It indates secure boot is enabled.

(4)Modify the script \target\quartz\demo\QCLI_demo\build\gcc\build.bat

SET SECBOOT=true

...

IF /I "%BOARD_VARIANT%" == "CDB" (

    python %SectoolsQdnDir%\sectools.py iot -p 4020 -g m4 -i %OUTDIR%\%PROJECT%.elf -k %SectoolsCertsDir%\qpsa_rootca.key -c %SectoolsCertsDir%\qpsa_rootca.cer --cfg_oem_id=0xffff --cfg_model_id=0x0000 -o . -s

    python %SectoolsQdnDir%\sectools.py iot -p 4020 -g m0 -i %RootDir%\bin\cortex-m0\threadx\ioe_ram_m0_threadx_ipt.mbn -k %SectoolsCertsDir%\qpsa_rootca.key -c %SectoolsCertsDir%\qpsa_rootca.cer --cfg_oem_id=0xffff --cfg_model_id=0x0000 -o . -s

    python %SectoolsQdnDir%\sectools.py iot -p 4020 -g kf -i %RootDir%\bin\wlan\wlan_fw_img.bin -k %SectoolsCertsDir%\qpsa_rootca.key -c %SectoolsCertsDir%\qpsa_rootca.cer --cfg_oem_id=0xffff --cfg_model_id=0x0000 -o . -s

(5)Execute the command "build.bat t 4020 cdb",then I can get the following files:

   target/quartz/demo/QCLI_demo/build/gcc/

                                   ---------------4020

                                                                ---------------m4

                                                                ---------------m0

                                                                ---------------kf

(6)Flash signed images, But I get a error. The log is as follows:

/***************************log*****************************

D:\flamingo\QCA4020\test_secure_boot\secure_boot\target\quartz\demo\QCLI_demo\build\gcc>python D:\flamingo\QCA4020\test_secure_boot\secure_boot\target\build\tools\flash\qflash.py --comm 4 --app 4020

qflash.py Info: Generate partition table...

qflash.py Info: Generate FWD table...

[2018-10-16 15:39:30,233] INFO: Checking for files to add to the image for Firmware Descriptor Table 0 File:gen_fwd_table.py:654 Function:fen_xml_program

[2018-10-16 15:39:30,240] INFO: DoneGenerating XML file to pragram. File:gen_fwd_table.py:692 Function:gen_xml_program

qflash.py Info: Download device programmer...

qflash,py Info: Check for QLoader port in Device Manager.

qflash,py Info: Need to reset device?

qflash,py Error: QSaharaServer failed to load Device Programmer.

************************************************************/

    From the log, there is an except at subprocess.check_output(cmd_string, shell=need_shell)  which loads device programmer.

    When I don't flash the OTP, the issue will not happen.

    So the questions is:

1. Can I flash the signed image using USB as normal?

2. Is there any problem with my steps? Could you kindly help us to check my steps and pointout what error happened? Thank you so much!

 

  • Up0
  • Down0
Re: Cannot flash signed image into QCA4020 board with USB
jaydenk
Join Date: 21 Jun 18
Posts: 64
Posted: Thu, 2018-10-18 00:12
Top

Hi yanggh0703,

If we want to flash the signed image via USB, we also need to sign device programmer image.

Instead, we can try to flash the signed image via openocd like what secure boot document explained.

Can you try to flash the signed image through openocd?

Thanks
BR,
Jayden

  • Up0
  • Down0
Re: Cannot flash signed image into QCA4020 board with USB
mistry Moderator
Join Date: 18 Apr 18
Posts: 56
Posted: Thu, 2018-10-18 15:47
Top
Thanks Jayden, They can flash the image using JTAG. Are there any instructions on how to sign the device programmer image in case anyone wants to flash using USB? Best Regards, Rajan.
  • Up0
  • Down0
Re: Cannot flash signed image into QCA4020 board with USB
yanggh0703
Join Date: 12 Jul 18
Posts: 3
Posted: Wed, 2018-10-24 05:54
Top

Hi Jayden,

Thanks. We can use flash the signed image through openocd. Thses days, we try to flash signed image using USB.

According to your opinion, we try  to sign device programmer image. Our steps as follows:

(1)Add a sentence to the script build.bat at  target\quartz\demo\QCLI_demo\build\gcc. 

python %SectoolsQdnDir%\sectools.py iot -p 4020 -g fire_hose -i D:\flamingo\QCA4020\test_secure_boot\secure_boot\target\build\tools\flash\prog_spinor_firehose_qca4020_lite_m4_threadx.mbn -k %SectoolsCertsDir%\qpsa_rootca.key -c %SectoolsCertsDir%\qpsa_rootca.cer --cfg_oem_id=0xffff --cfg_model_id=0x0000 -o . -s

 

(2)Add the following statement to the file 4020_iot.xml at target\sectools\qdn\config\4020.

<image sign_id="fire_hose" name="fire_hose.mbn" image_type="elf_has_ht">
    <general_properties_overrides>
        <sw_id>0x0000000000000007< /sw_id>
    < /general_properties_overrides>
< /image>
 
(3)Execute the command "build.bat t 4020 cdb",then I can get the following files:

   target/quartz/demo/QCLI_demo/build/gcc/

                                   ---------------4020

                                                                ---------------m4

                                                                ---------------m0

                                                                ---------------kf

                                                                ---------------fire_hose

 

(4)Modify the script qflash.py at target\build\tools\flash.

#validate_file(os.path.join(SDK_flash_tools, "prog_spinor_firehose_qca4020_lite_m4_threadx.mbn"))

validate_file(os.path.join("D:\\flamingo\\QCA4020\\test_secure_boot\\secure_boot\\target\\quartz\\demo\\QCLI_demo\\build\\gcc\\4020\\fire_hose", "prog_spinor_firehose_qca4020_lite_m4_threadx.mbn"))
 
#windows_dev_prog_name = fixpath(os.path.join(SDK_flash_tools, "prog_spinor_firehose_qca4020_lite_m4_threadx.mbn"))
windows_dev_prog_name = fixpath(os.path.join("D:\\flamingo\\QCA4020\\test_secure_boot\\secure_boot\\target\\quartz\\demo\\QCLI_demo\\build\\gcc\\4020\\fire_hose", "prog_spinor_firehose_qca4020_lite_m4_threadx.mbn")
 

(5)Flash signed images, and I get the error too. The log is as follows:

/***************************log*****************************

D:\flamingo\QCA4020\test_secure_boot\secure_boot\target\quartz\demo\QCLI_demo\build\gcc>python D:\flamingo\QCA4020\test_secure_boot\secure_boot\target\build\tools\flash\qflash.py --comm 4 --app 4020

qflash.py Info: Generate partition table...

qflash.py Info: Generate FWD table...

[2018-10-16 15:39:30,233] INFO: Checking for files to add to the image for Firmware Descriptor Table 0 File:gen_fwd_table.py:654 Function:fen_xml_program

[2018-10-16 15:39:30,240] INFO: DoneGenerating XML file to pragram. File:gen_fwd_table.py:692 Function:gen_xml_program

qflash.py Info: Download device programmer...

qflash,py Info: Check for QLoader port in Device Manager.

qflash,py Info: Need to reset device?

qflash,py Error: QSaharaServer failed to load Device Programmer.

********************************************************/

    From the log, fail to load device programmer, too.

    Is there any problem with my steps? Could you kindly help us to check my steps and pointout what error happened? Thank you so much!

 
  • Up0
  • Down0
Re: Cannot flash signed image into QCA4020 board with USB
jaydenk
Join Date: 21 Jun 18
Posts: 64
Posted: Wed, 2018-10-24 15:15
Top

Hi yanggh0703,

Thanks for your trial.

Device programmer image is also kind of m4 image.
For signing device programmer, can you try just to use "-g m4" instead of yours?

python %SectoolsQdnDir%\sectools.py iot -p 4020 -g m4 -i D:\flamingo\QCA4020\test_secure_boot\secure_boot\target\build\tools\flash\prog_spinor_firehose_qca4020_lite_m4_threadx.mbn -k %SectoolsCertsDir%\qpsa_rootca.key -c %SectoolsCertsDir%\qpsa_rootca.cer --cfg_oem_id=0xffff --cfg_model_id=0x0000 -o . -s

Thanks
BR,
Jayden

  • Up0
  • Down0
Re: Cannot flash signed image into QCA4020 board with USB
yanggh0703
Join Date: 12 Jul 18
Posts: 3
Posted: Thu, 2018-10-25 05:12
Top

 Hi Jayden,

Thanks for your help. We can flash the signed image.

  • Up0
  • Down0
or Register

Opinions expressed in the content posted here are the personal opinions of the original authors, and do not necessarily reflect those of Qualcomm Incorporated or its subsidiaries (“Qualcomm”). The content is provided for informational purposes only and is not meant to be an endorsement or representation by Qualcomm or any other party. This site may also provide links or references to non-Qualcomm sites and resources. Qualcomm makes no representations, warranties, or other commitments whatsoever about any non-Qualcomm sites or third-party resources that may be referenced, accessible from, or linked to this site.