wen/luban-lite-t3e-pro
1
0
Fork 0
mirror of https://gitee.com/Vancouver2017/luban-lite-t3e-pro.git synced 2025-12-17 11:58:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9ff0846ba3c9a72ab92b47ed32fa33b1957f7b35
luban-lite-t3e-pro/doc/topics/sdk/secure/firmware_encryption_with_spienc.html

335 lines
46 KiB
HTML
Raw Normal View History

first commit
2025-09-30 11:56:06 +08:00
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-cn" lang="zh-cn" data-whc_version="26.0">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="description" content="本节以 D13x 系列芯片为例,演示固件加密的具体流程。关于 eFuse 烧录区域,可参考对应用户手册。 完成本节所有操作后,编译镜像直接使用 AiBurn 工具进行烧录即可。 配置 BROM 中的 SPI_ENC_EN 比特位 使能 BROM 中 SPI_ENC 功能,在开发板平台命令行执行下列命令,烧录下列 eFuse 信息中的 SPI_ENC_EN 比特位: efuse writehex ..."/><meta name="DC.rights.owner" content="(C) 版权 2025"/><meta name="copyright" content="(C) 版权 2025"/><meta name="generator" content="DITA-OT"/><meta name="DC.type" content="topic"/><meta name="DC.relation" content="../../../topics/sdk/secure/chapter-secure.html"/><meta name="DC.relation" content="../../../topics/sdk/secure/chapter-secure.html"/><meta name="DC.relation" content="../../../topics/sdk/secure/hw_authorization.html"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.date.modified" content="2024-01-15"/><meta name="DC.format" content="HTML5"/><meta name="DC.identifier" content="id"/><meta name="DC.language" content="zh-CN"/><title>固件加密-SPIENC</title><!-- Build number 2023110923. --><meta name="wh-path2root" content="../../../"/><meta name="wh-toc-id" content="id-d5856e1818"/><meta name="wh-source-relpath" content="topics/sdk/secure/firmware_encryption_with_spienc.dita"/><meta name="wh-out-relpath" content="topics/sdk/secure/firmware_encryption_with_spienc.html"/>
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/commons.css?buildId=2023110923"/>
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/topic.css?buildId=2023110923"/>
<script src="../../../webhelp/app/options/properties.js?buildId=20250121171154"></script>
<script src="../../../webhelp/app/localization/strings.js?buildId=2023110923"></script>
<script src="../../../webhelp/app/search/index/keywords.js?buildId=20250121171154"></script>
<script defer="defer" src="../../../webhelp/app/commons.js?buildId=2023110923"></script>
<script defer="defer" src="../../../webhelp/app/topic.js?buildId=2023110923"></script>
<link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-styles-web.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/notes.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-common.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-images.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/footnote.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-web-watermark.css?buildId=2023110923"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/topic-body-list.css?buildId=2023110923"/></head>
<body id="id" class="wh_topic_page frmBody">
<a href="#wh_topic_body" class="sr-only sr-only-focusable">
跳转到主要内容
</a>
<header class="navbar navbar-default wh_header">
<div class="container-fluid">
<div class="wh_header_flex_container navbar-nav navbar-expand-md navbar-dark">
<div class="wh_logo_and_publication_title_container">
<div class="wh_logo_and_publication_title">
<a href="http://www.artinchip.com" class=" wh_logo d-none d-sm-block "><img src="../../../company-logo-white.png" alt="RTOS SDK 使用指南SDK 指南文件"/></a>
<div class=" wh_publication_title "><a href="../../../index.html"><span class="booktitle"><span class="ph mainbooktitle">RTOS SDK 使用指南</span><span class="ph booktitlealt">SDK 指南文件</span></span></a></div>
</div>
</div>
<div class="wh_top_menu_and_indexterms_link collapse navbar-collapse" id="wh_top_menu_and_indexterms_link">
</div>
</div>
</div>
</header>
<div class=" wh_search_input navbar-form wh_topic_page_search search " role="form">
<form id="searchForm" method="get" role="search" action="../../../search.html"><div><input type="search" placeholder="搜索 " class="wh_search_textfield" id="textToSearch" name="searchQuery" aria-label="搜索查询" required="required"/><button type="submit" class="wh_search_button" aria-label="搜索"><span class="search_input_text">搜索</span></button></div></form>
</div>
<div class="container-fluid" id="wh_topic_container">
<div class="row">
<nav class="wh_tools d-print-none navbar-expand-md" aria-label="Tools">
<div data-tooltip-position="bottom" class=" wh_breadcrumb "><ol class="d-print-none"><li><span class="home"><a href="../../../index.html"><span>主页</span></a></span></li><li><div class="topicref" data-id="concept_rcx_czh_pzb"><div class="title"><a href="../../../topics/sdk/chapter-app.html">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用包括系统更新、OTA、安全方案等。</p></div></div></div></li><li><div class="topicref" data-id="id"><div class="title"><a href="../../../topics/sdk/secure/chapter-secure.html">安全方案</a></div></div></li><li class="active"><div class="topicref" data-id="id"><div class="title"><a href="../../../topics/sdk/secure/firmware_encryption_with_spienc.html">固件加密-SPIENC</a></div></div></li></ol></div>
<div class="wh_right_tools">
<button class="wh_hide_highlight" aria-label="切换搜索突出显示" title="切换搜索突出显示"></button>
<button class="webhelp_expand_collapse_sections" data-next-state="collapsed" aria-label="折叠截面" title="折叠截面"></button>
<div class=" wh_navigation_links "><span id="topic_navigation_links" class="navheader">
<span class="navprev"><a class="- topic/link link" href="../../../topics/sdk/secure/chapter-secure.html" title="安全方案" aria-label="上一主题: 安全方案" rel="prev"></a></span>
<span class="navnext"><a class="- topic/link link" href="../../../topics/sdk/secure/hw_authorization.html" title="硬件授权认证" aria-label="下一主题: 硬件授权认证" rel="next"></a></span> </span></div>
<div class=" wh_print_link print d-none d-md-inline-block "><button onClick="window.print()" title="打印此页" aria-label="打印此页"></button></div>
<button type="button" id="wh_toc_button" class="custom-toggler navbar-toggler collapsed wh_toggle_button navbar-light" aria-expanded="false" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc">
<span class="navbar-toggler-icon"></span>
</button>
</div>
</nav>
</div>
<div class="wh_content_area">
<div class="row">
<nav id="wh_publication_toc" class="col-lg-3 col-md-3 col-sm-12 d-md-block d-none d-print-none" aria-label="Table of Contents Container">
<div id="wh_publication_toc_content">
<div class=" wh_publication_toc " data-tooltip-position="right"><span class="expand-button-action-labels"><span id="button-expand-action" role="button" aria-label="Expand"></span><span id="button-collapse-action" role="button" aria-label="Collapse"></span><span id="button-pending-action" role="button" aria-label="Pending"></span></span><ul role="tree" aria-label="Table of Contents"><li role="treeitem"><div data-tocid="revinfo_linux-d5856e989" class="topicref" data-id="revinfo_linux" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/revinfo/revinfo_rtos.html" id="revinfo_linux-d5856e989-link">修订记录</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1003" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1003-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/env/sdk-compile.html" id="id-d5856e1003-link">SDK 编译</a><div class="wh-tooltip"><p class="shortdesc">介绍不同编译环境下 SDK 的详细编译流程。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1152" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1152-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/advanced/sdk-usage.html" id="id-d5856e1152-link">使用指南</a><div class="wh-tooltip"><p class="shortdesc">系统镜像、编译选项、开发板、应用等相关的详细使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="concept_rcx_czh_pzb-d5856e1416" class="topicref" data-id="concept_rcx_czh_pzb" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action concept_rcx_czh_pzb-d5856e1416-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/chapter-app.html" id="concept_rcx_czh_pzb-d5856e1416-link">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用包括系统更新、OTA、安全方案等。</p></div></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem"><div data-tocid="id-d5856e1431" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/usb/udisk.html" id="id-d5856e1431-link">挂载 U 盘 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1443" class="topicref" data-id="id" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/sdmc/sdcard.html" id="id-d5856e1443-link">挂载 SD 卡</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1455" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1455-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/burnsys/burnsys_user_guide.html" id="id-d5856e1455-link">系统更新</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1553" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1553-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ota/ota_guide.html" id="id-d5856e1553-link">OTA 方案</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d5856e1657" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d5856e1657-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/xip/xip_user_guide.html" id="id-d5856e1657-link">XIP 方案 </a></div></div></li><li role="treeitem"><div data-tocid="id-d5856e1734" class="topicr
</div>
</nav>
<div class="col-lg-7 col-md-9 col-sm-12" id="wh_topic_body">
<button id="wh_close_publication_toc_button" class="close-toc-button d-none" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc" aria-expanded="true">
<span class="close-toc-icon-container">
<span class="close-toc-icon"></span>
</span>
</button>
<button id="wh_close_topic_toc_button" class="close-toc-button d-none" aria-label="Toggle topic table of content" aria-controls="wh_topic_toc" aria-expanded="true">
<span class="close-toc-icon-container">
<span class="close-toc-icon"></span>
</span>
</button>
<div class=" wh_topic_content body "><main role="main"><article class="- topic/topic topic" role="article" aria-labelledby="ariaid-title1"><span class="edit-link" style="font-size:12px; opacity:0.6; text-align:right; vertical-align:middle"><a target="_blank" href="http://172.16.35.88/tasks/jdssno1uvvbf2mltu9kb9v3if05d5gopuakboe8hlud18rma/edit/F:/aicdita/aicdita-cn/topics/sdk/secure/firmware_encryption_with_spienc.dita">Edit online</a></span><h1 class="- topic/title title topictitle1" id="ariaid-title1">固件加密-SPIENC</h1><div class="date inPage">15 Jan 2024</div><div style="color: gray;">
Read time: 3 minute(s)
</div><div class="- topic/body body"><p class="- topic/p p" data-ofbid="d241107e19__20250121171659">本节以 D13x
系列芯片为例,演示固件加密的具体流程。关于
eFuse
烧录区域,可参考对应用户手册。</p><p class="- topic/p p" data-ofbid="d241107e25__20250121171659">完成本节所有操作后,编译镜像直接使用 AiBurn 工具进行烧录即可。</p><section class="- topic/section section" data-ofbid="d241107e27__20250121171659"><h2 class="- topic/title title sectiontitle">配置 BROM 中的 SPI_ENC_EN 比特位</h2><p class="- topic/p p" data-ofbid="d241107e30__20250121171659">使能 BROM 中 SPI_ENC
功能,在开发板平台命令行执行下列命令,烧录下列 eFuse 信息中的 SPI_ENC_EN
比特位:</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_b55_14t_vcc" data-ofbid="id__pre_b55_14t_vcc">efuse writehex <span class="hl-number">0x38</span> <span class="hl-number">00000800</span></pre>
上述命令会在地址 0x38 处设置 SPI_ENC_EN 比特位为 1。<div class="table-container"><table class="- topic/table table frame-all" data-ofbid="d241107e35__20250121171659" data-cols="8"><caption></caption><colgroup><col style="width:13.885647607934654%"/><col style="width:11.785297549591599%"/><col style="width:11.90198366394399%"/><col style="width:12.135355892648775%"/><col style="width:11.668611435239207%"/><col style="width:11.668611435239207%"/><col style="width:11.90198366394399%"/><col style="width:15.052508751458577%"/></colgroup><thead class="- topic/thead thead"><tr class="- topic/row"><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__1">用途</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__2">位数</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__3">地址</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__4">禁止位</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__5">禁写</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__6">禁读</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__entry__7">归属</th><th class="- topic/entry entry colsep-0 rowsep-1" id="id__entry__8">备注</th></tr></thead><tbody class="- topic/tbody tbody"><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__1">SECURE</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__2">64</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__3">38~3F</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__4">14~15</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__5">V</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__6">-</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__entry__7">CSTM</td><td class="- topic/entry entry colsep-0 rowsep-0" headers="id__entry__8">安全和调试功能开关</td></tr></tbody></table></div></section><section class="- topic/section section" id="id__secure" data-ofbid="id__secure"><h2 class="- topic/title title sectiontitle">SECURE 区域定义</h2>
<div class="table-container"><table class="- topic/table table frame-all" data-ofbid="d241107e86__20250121171659" data-cols="3"><caption></caption><colgroup><col style="width:16.33986928104575%"/><col style="width:34.64052287581699%"/><col style="width:49.01960784313725%"/></colgroup><thead class="- topic/thead thead"><tr class="- topic/row"><th class="- topic/entry entry colsep-1 rowsep-1" id="id__secure__entry__1">比特位</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__secure__entry__2">名称</th><th class="- topic/entry entry colsep-0 rowsep-1" id="id__secure__entry__3">描述</th></tr></thead><tbody class="- topic/tbody tbody"><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">31:25</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2"><em class="+ topic/ph hi-d/i ph i">-</em>
</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3"><em class="+ topic/ph hi-d/i ph i">-</em>
</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">24</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2">PBP_ENC_EN</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3">BROM 读取使用,使能 PBP 程序加密功能</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">23:20</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2"><em class="+ topic/ph hi-d/i ph i">-</em>
</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3"><em class="+ topic/ph hi-d/i ph i">-</em>
</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">19</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2">SPI_ENC_EN</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3">BROM 读取使用,使能 SPI 总线数据加密功能</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">18</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2"><em class="+ topic/ph hi-d/i ph i">-</em>
</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3"><em class="+ topic/ph hi-d/i ph i">-</em>
</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">17</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2">ENCRYPT_BOOT_EN</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3">BROM 读取使用,使能固件加密启动功能</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">16</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2">SECURE_BOOT_EN</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3">BROM 读取使用,使能安全启动功能</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__1">15:1</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__secure__entry__2"><em class="+ topic/ph hi-d/i ph i">-</em>
</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__secure__entry__3"><em class="+ topic/ph hi-d/i ph i">-</em>
</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__secure__entry__1">0</td><td class="- topic/entry entry colsep-1 rowsep-0" headers="id__secure__entry__2">JTAG_LOCK</td><td class="- topic/entry entry colsep-0 rowsep-0" headers="id__secure__entry__3">逻辑组合后连接到 CPU 屏蔽 TDO关闭 JTAG 调试功能,在安全方案中烧录为 1</td></tr></tbody></table></div>
<p class="- topic/p p" data-ofbid="d241107e180__20250121171659">具体 eFuse 区域的地址,请参考芯片的数据手册。</p>
</section><div class="- topic/div div section" id="id__spi-enc-en"></div><section class="- topic/section section" id="id__bootloader" data-ofbid="id__bootloader"><h2 class="- topic/title title sectiontitle">
BootLoader
中启用 SPIENC
驱动</h2>
<ol class="- topic/ol ol" id="id__ol_kgv_44t_vcc" data-ofbid="id__ol_kgv_44t_vcc"><li class="- topic/li li" data-ofbid="d241107e190__20250121171659"><span class="- topic/ph ph">Luban-Lite</span> 根目录下执行 <code class="+ topic/ph pr-d/codeph ph codeph">bm</code>,进入 BootLoader 的 menuconfig
功能配置界面。<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_sbs_r4t_vcc" data-ofbid="id__codeblock_sbs_r4t_vcc">bm</pre></li><li class="- topic/li li" data-ofbid="d241107e200__20250121171659">进入 menuconfig
功能配置界面,按如下选择启用
QSPI0 的加密功能,配置只打开了 QSPI0 的加密使能作为示例:
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_mqg_54t_vcc" data-ofbid="id__pre_mqg_54t_vcc">Board options ---&gt;
[*] Using Spienc
[*] Enc qspi0
</pre>
</li><li class="- topic/li li" data-ofbid="d241107e205__20250121171659">如果需要,进入 menuconfig
功能配置界面设置
Tweak 值,否则可略过。<p class="- topic/p p" data-ofbid="d241107e207__20250121171659">SPIENC 中的 Tweak 可以影响 COUNTER 的生成,进而改变加密的结果。
如果需要让在不同的产品对相同的数据有不同的加密结果,则可以进入 menuconfig 的功能配置界面调整该值。
</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_xlw_v4t_vcc" data-ofbid="id__pre_xlw_v4t_vcc">Board options ---&gt;
[*] Using spienc ---&gt;
(<span class="hl-number">0</span>) set qspi0 tweak
</pre><p class="- topic/p p" data-ofbid="d241107e211__20250121171659">完成以上配置之后, BootLoader SPI_ENC 驱动将被使能, SPI NOR / SPI NAND
驱动在数据访问时将自动进行数据加解密。</p></li></ol>
</section><section class="- topic/section section" id="id__section_ydv_fk4_fdc" data-ofbid="id__section_ydv_fk4_fdc"><h2 class="- topic/title title sectiontitle">在 RTOS 中启用
SPIENC
驱动
</h2>
<div class="- topic/p p" data-ofbid="d241107e219__20250121171659">
<ol class="- topic/ol ol" id="id__ol_sg2_hk4_fdc" data-ofbid="id__ol_sg2_hk4_fdc"><li class="- topic/li li" data-ofbid="d241107e222__20250121171659"><span class="- topic/ph ph">Luban-Lite</span> 根目录下执行以下命令,进入 RTOS 的 menuconfig
功能配置界面:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_wg2_hk4_fdc" data-ofbid="id__codeblock_wg2_hk4_fdc">scons --menuconfig</pre></li><li class="- topic/li li" data-ofbid="d241107e229__20250121171659">在功能配置界面,按如下选择启用 QSPI0 的加密功能,配置只打开了 QSPI0 的加密使能作为示例:
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_xg2_hk4_fdc" data-ofbid="id__codeblock_xg2_hk4_fdc">Board options ---&gt;
[*] Using Spienc
[*] Enc qspi0
</pre>
</li><li class="- topic/li li" data-ofbid="d241107e234__20250121171659">如果需要,进入 menuconfig 功能配置界面设置 Tweak 值,否则可略过。<p class="- topic/p p" data-ofbid="d241107e236__20250121171659">SPIENC 中的 Tweak 可以影响 COUNTER
的生成,进而改变加密的结果。 如果需要让在不同的产品对相同的数据有不同的加密结果,则可以进入 menuconfig
的功能配置界面调整该值。</p><pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__codeblock_yg2_hk4_fdc" data-ofbid="id__codeblock_yg2_hk4_fdc">Board options ---&gt;
[*] Using spienc ---&gt;
(<span class="hl-number">0</span>) set qspi0 tweak
</pre><p class="- topic/p p" data-ofbid="d241107e240__20250121171659">完成以上配置之后, RTOS SPI_ENC 驱动将被使能, SPI NOR/ SPI NAND
驱动在数据访问时将自动进行数据加解密。</p></li></ol>
</div>
</section><section class="- topic/section section" id="id__section_f14_vj4_fdc" data-ofbid="id__section_f14_vj4_fdc"><h2 class="- topic/title title sectiontitle">配置密钥及所需的
KEY 和 COUNTER 值</h2>
<div class="- topic/p p" data-ofbid="d241107e249__20250121171659">SPI_ENC 模块使用 AES-128-CTR 算法对 SPI 总线数据进行加解密,该算法在计算时的密钥有两部分:<ul class="- topic/ul ul simple" id="id__ul_w5w_vj4_fdc" data-ofbid="id__ul_w5w_vj4_fdc"><li class="- topic/li li" data-ofbid="d241107e252__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e254__20250121171659">128 bit AES 密钥(KEY)</p>
</li><li class="- topic/li li" data-ofbid="d241107e257__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e259__20250121171659">128 bit 数据块的 COUNTER 值</p>
</li></ul></div>
<div class="- topic/p p" data-ofbid="d241107e263__20250121171659">其中 KEY 直接使用 eFuse 中的 <code class="+ topic/ph pr-d/codeph ph codeph">SPI_ENC_KEY</code> COUNTER 值则由几部分共同产生:<ul class="- topic/ul ul simple" id="id__ul_kdh_wj4_fdc" data-ofbid="id__ul_kdh_wj4_fdc"><li class="- topic/li li" data-ofbid="d241107e269__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e271__20250121171659">eFuse 中的 <code class="+ topic/ph pr-d/codeph ph codeph">SPI_ENC_NONCE</code></p>
</li><li class="- topic/li li" data-ofbid="d241107e276__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e278__20250121171659">memuconfig 中配置的 <code class="+ topic/ph pr-d/codeph ph codeph">tweak</code></p>
</li><li class="- topic/li li" data-ofbid="d241107e283__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e285__20250121171659">访问数据所在的地址 <code class="+ topic/ph pr-d/codeph ph codeph">address</code></p>
</li></ul></div>
<figure class="- topic/fig fig fignone" id="id__id2" data-ofbid="id__id2"><br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="id__image_inr_wj4_fdc" src="../../../images/secure/spienc_counter_value1.png" alt="spienc_counter_value1"/></div><br/><figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label"><span class="fig--title-label-number"> 1</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">COUNTER 值的生成</span></figcaption></figure>
<div class="- topic/p p" data-ofbid="d241107e298__20250121171659">因此在使用 SPI_ENC 时,需要设置以下的 eFuse 信息:<div class="table-container"><table class="- topic/table table frame-all" id="id__table_unx_wj4_fdc" data-ofbid="id__table_unx_wj4_fdc" data-cols="8"><caption class="- topic/title title tablecap" data-caption-side="top" data-is-repeated="true"><span class="table--title-label"><span class="table--title-label-number"> 1</span><span class="table--title-label-punctuation">. </span></span><span class="table--title"></span></caption><colgroup><col style="width:13.924050632911392%"/><col style="width:10.654008438818565%"/><col style="width:11.181434599156118%"/><col style="width:11.181434599156118%"/><col style="width:10.548523206751053%"/><col style="width:10.548523206751053%"/><col style="width:10.864978902953586%"/><col style="width:21.097046413502106%"/></colgroup><thead class="- topic/thead thead"><tr class="- topic/row"><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__1">用途</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__2">位数</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__3">地址</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__4">禁止位</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__5">禁写</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__6">禁读</th><th class="- topic/entry entry colsep-1 rowsep-1" id="id__table_unx_wj4_fdc__entry__7">归属</th><th class="- topic/entry entry colsep-0 rowsep-1" id="id__table_unx_wj4_fdc__entry__8">备注</th></tr></thead><tbody class="- topic/tbody tbody"><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__1">DIS RD</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__2">64</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__3">0~7</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__4">0~1</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__5">V</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__6">-</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__7">CSTM</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__table_unx_wj4_fdc__entry__8">eFuse 读禁止配置区域</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__1">DIS WR</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__2">64</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__3">8~F</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__4">2~3</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__5">-</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__6">-</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__7">-</td><td class="- topic/entry entry colsep-0 rowsep-1" headers="id__table_unx_wj4_fdc__entry__8">eFuse 写禁止配置区域</td></tr><tr class="- topic/row"><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__1">SPI ENC KEY</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__2">128</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__3">A0~AF</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__4">40~43</td><td class="- topic/entry entry colsep-1 rowsep-1" headers="id__table_unx_wj4_fdc__entry__5">V</td><td class="- topic/entry entry colsep-1 rowsep
<p class="- topic/p p" data-ofbid="d241107e400__20250121171659">具体 eFuse 区域的地址,请参考芯片的数据手册。</p>
</section><section class="- topic/section section" id="id__spi-enc-key" data-ofbid="id__spi-enc-key"><h2 class="- topic/title title sectiontitle">烧写 SPI_ENC KEY</h2>
<strong class="+ topic/ph hi-d/b ph b">到 eFuse
</strong><ol class="- topic/ol ol" id="id__ol_rxg_fqt_vcc" data-ofbid="id__ol_rxg_fqt_vcc"><li class="- topic/li li" data-ofbid="d241107e410__20250121171659">主机端执行 <code class="+ topic/ph pr-d/codeph ph codeph">opensslrand-hex16</code> 生成 SPI_ENC KEY。
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_g2b_gqt_vcc" data-ofbid="id__pre_g2b_gqt_vcc"><span class="hl-number">52e0</span>ef932d755b69f7a93dd7485748d8
</pre>
</li><li class="- topic/li li" data-ofbid="d241107e418__20250121171659">
<div class="- topic/p p" data-ofbid="d241107e420__20250121171659">在开发板平台命令行执行下列命令,烧录 SPI_ENC KEY 到 eFuse 中。
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_cnl_gqt_vcc" data-ofbid="id__pre_cnl_gqt_vcc">efuse writehex <span class="hl-number">0xA0</span> <span class="hl-number">52e0</span>ef932d755b69f7a93dd7485748d8
</pre>
</div>
</li><li class="- topic/li li" data-ofbid="d241107e426__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e428__20250121171659">禁止 SPI_ENC KEY 读写</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_vvr_gqt_vcc" data-ofbid="id__pre_vvr_gqt_vcc">efuse writehex <span class="hl-number">0x04</span> <span class="hl-number">000f</span>0000
efuse writehex <span class="hl-number">0x0c</span> <span class="hl-number">000f</span>0000
</pre>
</li></ol>
</section><section class="- topic/section section" id="id__spi-enc-nonce" data-ofbid="id__spi-enc-nonce"><h2 class="- topic/title title sectiontitle">烧写 SPI_ENC
NONCE 到 eFuse
</h2>
<ol class="- topic/ol ol" id="id__ol_of4_3qt_vcc" data-ofbid="id__ol_of4_3qt_vcc"><li class="- topic/li li" data-ofbid="d241107e441__20250121171659">主机端执行 <code class="+ topic/ph pr-d/codeph ph codeph">opensslrand-hex8</code> 生成 SPI_ENC NONCE。
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_z1w_3qt_vcc" data-ofbid="id__pre_z1w_3qt_vcc">bb99eb4ababc43dc
</pre>
</li><li class="- topic/li li" data-ofbid="d241107e449__20250121171659">
<div class="- topic/p p" data-ofbid="d241107e451__20250121171659">在开发板平台命令行执行下列命令,烧录 SPI_ENC NONCE 到 eFuse 中。
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_ij2_jqt_vcc" data-ofbid="id__pre_ij2_jqt_vcc">efuse writehex <span class="hl-number">0xB0</span> bb99eb4ababc43dc
</pre>
</div>
</li><li class="- topic/li li" data-ofbid="d241107e457__20250121171659">
<p class="- topic/p p" data-ofbid="d241107e459__20250121171659">禁止 SPI_ENC NONCE 读写</p>
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="id__pre_hdz_jqt_vcc" data-ofbid="id__pre_hdz_jqt_vcc">efuse writehex <span class="hl-number">0x04</span> <span class="hl-number">00300000</span>
efuse writehex <span class="hl-number">0x0c</span> <span class="hl-number">00300000</span>
</pre>
</li></ol>
</section></div></article></main></div>
</div>
<nav role="navigation" id="wh_topic_toc" aria-label="On this page" class="col-lg-2 d-none d-lg-block navbar d-print-none">
<div id="wh_topic_toc_content">
<div class=" wh_topic_toc "><div class="wh_topic_label">在本页上</div><ul><li class="section-item"><div class="section-title"><a href="#id__secure" data-tocid="id__secure">SECURE 区域定义</a></div></li><li class="section-item"><div class="section-title"><a href="#id__bootloader" data-tocid="id__bootloader">
BootLoader
中启用 SPIENC
驱动</a></div></li><li class="section-item"><div class="section-title"><a href="#id__section_ydv_fk4_fdc" data-tocid="id__section_ydv_fk4_fdc">在 RTOS 中启用
SPIENC
驱动
</a></div></li><li class="section-item"><div class="section-title"><a href="#id__section_f14_vj4_fdc" data-tocid="id__section_f14_vj4_fdc">配置密钥及所需的
KEY 和 COUNTER 值</a></div></li><li class="section-item"><div class="section-title"><a href="#id__spi-enc-key" data-tocid="id__spi-enc-key">烧写 SPI_ENC KEY</a></div></li><li class="section-item"><div class="section-title"><a href="#id__spi-enc-nonce" data-tocid="id__spi-enc-nonce">烧写 SPI_ENC
NONCE 到 eFuse
</a></div></li></ul></div>
</div>
</nav>
</div>
</div>
</div>
<footer class="navbar navbar-default wh_footer">
<div class=" footer-container mx-auto ">
<title>footer def</title>
<style><!--
.p1 {
font-family: FangZhengShuSong, Times, serif;
}
.p2 {
font-family: Arial, Helvetica, sans-serif;
}
.p3 {
font-family: "Lucida Console", "Courier New", monospace;
}
--></style>
<div class="webhelp.fragment.footer">
<p class="p1">Copyright © 2019-2024 广东匠芯创科技有限公司. All rights reserved.</p>
</div><div>
<div class="generation_time">
Update Time: 2025-01-21
</div>
</div>
</div>
</footer>
<div id="go2top" class="d-print-none">
<span class="oxy-icon oxy-icon-up"></span>
</div>
<div id="modal_img_large" class="modal">
<span class="close oxy-icon oxy-icon-remove"></span>
<div id="modal_img_container"></div>
<div id="caption"></div>
</div>
<script src="${pd}/publishing/publishing-styles-AIC-template/js/custom.js" defer="defer"></script>
</body>
add doc v1.1.2
2025-01-23 16:37:00 +08:00
</html>
Reference in New Issue Copy Permalink