User:Icenowy/Problems to Allwinner

From linux-sunxi.org
Jump to: navigation, search

Part1

  • Things about the "Secure Boot" mode. (关于安全启动模式的资料)
    • Is the information in the TOC0 wiki page correct? Is there anything missing? (位于 http://linux-sunxi.org/TOC0 的内容是否准确?是否缺少了什么东西?)
      • Answer: 1.TOC0的结构描述正确 (The structure description of TOC0 is right.) 2."the signature doesn't use a standard algorithm, misses the last 4 bytes (bug!) and is stored in a non-standard way." 这个描述和我们实际用的不符合,能否详细说明下。因为我们的签名用的算法是用标准的RSA2048 + SHA256。 (The description is not identical to what we used, as we used standard RSA2048 + SHA256).
    • Is there a register or bit to enable the Secure Peripherals Controller when booting in non-secure boot mode ("secure boot" fuse _not_ blown)? (有没有办法在不启用 “Secure Boot”(未烧写 Secure Boot 位) 的情况下启用 Secure Peripherals Controller (安全外设控制器)?)
      • Answer: 可以,SPC和secure boot位没有直接关系,它和CPU的secure和non-secure状态有关, non-secure的CPU不能控制有secure属性的外设资源。上电时,CPU默认运行在secure 模式,可以在这个阶段配置SPC,然后把CPU切换到non-secure模式去运行其它代码,比如内核。内核代码运行时,CPU处于non-secure状态,因此它就无法去控制有安全属性的外设了。(如会上所说,如果还有疑问,可提供测试代码,我们进一步确认)(Yes, SPC have no direct relationship about secure boot bit.) (Still problemetic)
    • How is the certificate computed? What is needed to get a board booted without the ROTPK_HASH key set (no certificate check, but Trust Zone enabled)? (签名是如何计算的?如果没有烧写 ROTPK_HASH 如何让板子启动?)
      • Answer: 制作固件时,通过标准的签名算法对镜像进行签名计算(RSA2048+SHA256), 为每个需要保护的镜像生成x509证书。 烧录时,把镜像与证书烧录到FLASH中,把ROTPK烧录到eFuse中。 机器上电启动时: A:如果eFuse上烧录了ROTPK_HASH 1.上电时,BROM会从安全模式启动运行 2.通过ROTPK_HASH来对TOC0中的x509证书进行认证 3.第二步通过后,用x509证书对TOC0中boot code进行签名认证 4.第三步通过后,BROM跳转到boot code运行 B:如果eFuse上没有烧录ROTPK_HASH 上述过程第二步会跳过,直接进行下一步流程,这个时候无法保证boot code的合法性,实际产品是要求必须要烧写ROTPK_HASH的。 (When making firmware, the signature is calculated via RSA2048 + SHA256, and a x.509 certificate will be generated for every image which needs protect. When burning, the image and cerificate is burned into FLASH and ROTPK is burned into eFUSE. When booting: A: if ROTPK_HASH is burned into eFUSE: 1. BROM boot from secure mode 2. Check the x.509 certificate with ROTPK_HASH 3. check TOC0's boot code with x.509 certificate 4. jump to boot code and execure B: if ROTPK_HASH is not burned, "2. Check the x.509 certificate with ROTPK_HASH" will be omitted, thus the boot code cannot be checked, in real products ROTPK_HASH must be burned.)
    • Include A80, A83T, A64? (wens) (是否包括 A80, A83T 和 A64?)
  • DE2 source code not have proper GPL header. (DE2 源代码缺少 GPL 头信息)
      • Answer: 这个是我们的疏漏,会全部排查一般,添加GPL头信息 (It's our omission, we will check all and add GPL header)
  • Detailed infomation about PRCM. (关于 PRCM 的详细信息)
    • The A83T manual has some information. Does this apply to other SoCs as well? What is different? Can the other SoCs get a similar section in their manuals? (A83T 的 user manual 有一些信息,这些信息对于其他 SoC 是否适用?能否在其他 SoC 的 user manual 里也加入 PRCM 信息?)
      • Answer: 暂时没有可对外发布的PRCM相关的详细信息,请见谅; (Temporarily there's no infomation of PRCM that can be published, sorry)
  • More detailed infomation about "System Control". Some info about SRAM controlling is missing on new SoCs' user manuals, and for example, it's the key to make DE2 work on A64. (关于 “System Control” 的更详细的信息 -- 一些与 SRAM 配置有关的信息在新的 SoC 的 User Manual 里消失了,而比如 A64 的 DE2 需要一些 System Control 设置)
  • How to program interrupts for OpenRISC core. (如何使用 OpenRISC 核的中断?)
    • Interrupt number tables for R_INTC for all possible SoCs. (所有 SoC 的 R_INTC 中断号表)
  • How to program HDMI controller on A80 (如何使用 A80 的 HDMI)
    • The HDMI controller on the A80 seems to be standard DW HDMI controller + PHY. (A80 的 HDMI 似乎是标准 DesignWare HDMI + PHY )
    • The PHY requires a set of chip specific parameters that need to be programmed in. Can Allwinner provide the sequence or parameters to program? (PHY 里有些芯片特定的参数需要被设置。能不能提供 A80/A83T 的这些参数?)
  • Description of A64 HDMI PHY (A64 HDMI PHY 的描述)
  • Description of A80 "MERGE" and "LCDC2" blocks in display subsystem. (A80 DE 中 "MERGE" 和 "LCDC2" 的描述)
Personal tools
Namespaces

Variants
Actions
Navigation
Tools