Quectel LTE Module Series User Manual
  1. Manuals
  2. Brands
  3. Quectel Manuals
  4. Control Unit
  5. LTE Module Series
  6. User manual

Quectel LTE Module Series User Manual

Secure boot
Hide thumbs Also See for LTE Module Series:

Advertisement

Table of Contents

SC20
User Guide
LTE Module Series
Rev. SC20_Secure_Boot_User_Guide_V1.0
Date: 2016-09-26
Secure Boot
www.quectel.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the LTE Module Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Quectel LTE Module Series

Summary of Contents for Quectel LTE Module Series

  • Page 1 SC20 Secure Boot User Guide LTE Module Series Rev. SC20_Secure_Boot_User_Guide_V1.0 Date: 2016-09-26 www.quectel.com...
  • Page 2 QUECTEL OFFERS THE INFORMATION AS A SERVICE TO ITS CUSTOMERS. THE INFORMATION PROVIDED IS BASED UPON CUSTOMERS’ REQUIREMENTS. QUECTEL MAKES EVERY EFFORT TO ENSURE THE QUALITY OF THE INFORMATION IT MAKES AVAILABLE. QUECTEL DOES NOT MAKE ANY WARRANTY AS TO THE INFORMATION CONTAINED HEREIN, AND DOES NOT ACCEPT ANY LIABILITY FOR ANY INJURY, LOSS OR DAMAGE OF ANY KIND INCURRED BY USE OF OR RELIANCE UPON THE INFORMATION.

  • Page 3: About The Document

    LTE Module Series SC20 Secure Boot User Guide About the Document History Revision Date Author Description 2016-09-26 Barret YUAN Initial SC20_Secure_Boot_User_Guide Confidential / Released 2 / 15...

  • Page 4: Table Of Contents

    LTE Module Series SC20 Secure Boot User Guide Contents About the Document ..........................2 Contents ..............................3 Table Index ............................... 4 Figure Index .............................. 5 Introduction ............................6 MSM8909 Secure Boot Flowchart ....................7 Configure OEM Key .......................... 9 Generate Secure Images ........................ 10 Generate sec.dat ..........................

  • Page 5: Table Index

    LTE Module Series SC20 Secure Boot User Guide Table Index TABLE 1: OEM KEY LIST ............................ 9 TABLE 2: DIRECTORY LIST OF SIGNED IMAGE AND SOURCE IMAGE ............11 TABLE 3: TERMS AND ABBREVIATIONS ......................15 SC20_Secure_Boot_User_Guide Confidential / Released...

  • Page 6: Figure Index

    LTE Module Series SC20 Secure Boot User Guide Figure Index FIGURE 1: MSM8909 SECURE BOOT FLOWCHART ..................7 FIGURE 2: SIGNED IMAGE STORAGE DIRECTORY ..................10 FIGURE 3: SEC.DAT CONSTRUCTION ......................13 SC20_Secure_Boot_User_Guide Confidential / Released 5 / 15...

  • Page 7: Introduction

    SC20 Secure Boot User Guide Introduction This document mainly introduces how to use the secure boot function of Quectel SC20 module. Secure boot refers to the boot up sequence that establishes a trusted platform for secure applications. It starts as an immutable sequence that validates the origin of the code using cryptographic authentication so only authorized software can be executed.

  • Page 8: Msm8909 Secure Boot Flowchart

    LTE Module Series SC20 Secure Boot User Guide MSM8909 Secure Boot Flowchart Figure 1: MSM8909 Secure Boot Flowchart Power on the system and take MSM8909 AP CPU out from RESET. Cortex-A7 APPS PBL: a. Loads, executes, and authenticates the SBL1 segment #1 from SC20 to L2 (as TCM).
  • Page 9 LTE Module Series SC20 Secure Boot User Guide SBL1 #1 transfers execution to QSEE/TZ. QSEE/TZ sets up secure environment and brings RPM out of RESET to start execution of RPM firmware. QSEE/TZ jumps to HLOS APPSBL to start execution. SBL1 segment#2 is equal to DDR driver + SDI equivalent copied to RPM code RAM.

  • Page 10: Configure Oem Key

    LTE Module Series SC20 Secure Boot User Guide Configure OEM Key The flow to configure OEM key is illustrated below: Extract sectool.tar, and then overwrite the directory “common/tools/sectools”. Extract makeCrt.tar, makecrt.dat, then copy keys “common/tools/sectools/resources/data_prov_assets/Signing/Local/oem_certs” NOTE sectool.tar and makeCrt.tar are available in the “Tools” directory.

  • Page 11: Generate Secure Images

    LTE Module Series SC20 Secure Boot User Guide Generate Secure Images Use the following command to sign all images from <meta_build> and validate the signed image: seccools.py secimage –m <meta_build> -p <chipset> -o <output_dir> -sa Store the signed images in <output_dir>. If <output_dir> is not given, the default location would be “<Secimage_dir>\secimage_output”.

  • Page 12: Table 2: Directory List Of Signed Image And Source Image

    LTE Module Series SC20 Secure Boot User Guide Table 2: Directory List of Signed Image and Source Image Signed Image Source Image common\tools\sectools\secimage_output\ trustzone_images/build/ms/bin/MAZAANAA/cmnlib.mbn 8909\cmnlib\cmnlib.mbn common\tools\sectools\secimage_output\ trustzone_images/build/ms/bin/MAZAANAA/widevine.mbn 8909\widevine\widevine.mbn common\tools\sectools\secimage_output\ trustzone_images/build/ms/bin/MAZAANAA/keymaster.mb 8909\keymaster\keymaster.mbn common\tools\sectools\secimage_output\ wcnss_proc/build/ms/bin/SCAQMAZ/reloc\wcnss.mbn 8909\wcnss\wcnss.mbn common\tools\sectools\secimage_output\ modem_proc/build/ms/bin/8909.genns.prod\mba.mbn 8909\mba\mba.mbn common\tools\sectools\secimage_output\ modem_proc/build/ms/bin/8909.genns.prod\qdsp6sw.mbn 8909\modem\modem.mbn...
  • Page 13 LTE Module Series SC20 Secure Boot User Guide modem_proc/, trustzone_images/, etc.); run this script; and finally copy signed images to the individual image file path. NOTE moveSecDat.bat.tar is available in the “Tools” directory. Use QFIL (Qualcomm Flash Image Loader) to get Flat Meta Build.

  • Page 14: Generate Sec.dat

    LTE Module Series SC20 Secure Boot User Guide Generate sec.dat Figure 3: sec.dat Construction sec.dat contains fuses info that is going to be blown by trustzone. Customers can enable secure boot, blow read/write permissions, blow OEM special fuses.  How to generate sec.dat The following command is used to generate sec.dat:...

  • Page 15: Download Image Via Qfil

    LTE Module Series SC20 Secure Boot User Guide Download Image via QFIL When using QFIL for image downloading under emergency download mode on SC20, it will return an error to indicate download failure.  Reason The technical reason is that there is no native (.exe/dll) available that would sign digest table; therefore, QFIL will not be able to operate in VIP mode.

  • Page 16: Appendix A Reference

    LTE Module Series SC20 Secure Boot User Guide Appendix A Reference Table 3: Terms and Abbreviations Abbreviation Description Application Processor APPSBL Applications Boot Loader APPS PBL Applications Primary Boot Loader Baseband Processor Certificate Authority HLOS High-Level Operating System Modem Boot Authentication...

This manual is also suitable for:

Sc20

Table of Contents