Storing vendor-specific data in OTP

If you have a simple question and just want an answer.
User avatar
lukehatpadl
Member
Posts: 9
Joined: Sat Jul 08, 2023 5:15 am

Storing vendor-specific data in OTP

Post by lukehatpadl »

I'm working on a general-purpose library [1] for the secure validation of capabilities (a bit mask) at runtime, by validating a signature with a private key embedded in the OTP. I'm hoping this will provide vendors with secure in-field feature enablement (when used in combination with a secure boot chain, of course).

As far as I can tell the OTP bit mask is laid out as follows:

Code: Select all

// 31       23       15       7
// 76543210 76543210 76543210 76543210
// 0VLLLLLM MMS..... ........ ........
//
// 0 MBZ
// V header valid
// L length (4 words)
// M number of MAC addresses (1)      
// S serial number valid (0)          
//
On my xCORE-200 eXplorerKIT all the unknown bits are one, except for bit 19 which is zero. I'd like to repurpose this to indicate the presence of an EdDSA public key in the 32 bytes immediately preceding the serial number (if present) or last MAC address. Is this bit reserved by XMOS?

Also, the current version of `xburn` doesn't appear to have the MAC address or serial number arguments. What's the preferred way of setting these, and are there any APIs/sample code which I could extend for the purpose of storing a public key?

[1] https://github.com/PADL/lib_cap
User avatar
Ross
Verified
XCore Expert
Posts: 1006
Joined: Thu Dec 10, 2009 9:20 pm
Location: Bristol, UK

Post by Ross »

MAC address burning will be re-enabled in xburn for the 15.3 tools release. See here: https://www.xcore.com/viewtopic.php?t=8727
Technical Director @ XMOS. Opinions expressed are my own.
User avatar
lukehatpadl
Member
Posts: 9
Joined: Sat Jul 08, 2023 5:15 am

Post by lukehatpadl »

Thanks, I should be able to use xburn to directly write the MAC address/serial number to the OTP along with any additional information?
Joe
Verified
Active Member
Posts: 57
Joined: Sun Dec 13, 2009 1:12 am

Post by Joe »

Just some history: The MAC-address/serial number structure in OTP is used on xmos dev boards to help them function and keep a track of them. It isn't anything fundamental to the device and the structure of it could change in future, also, some boards do not have this structure programmed at all. Some that do will only have the board type and revision populated. I don't think we publish the format of this structure as it was only intended to be used internally.

I think the --mac-address and --serial number options were only intended to be used internally for programming xmos dev boards. Mostly as a necessity of having a unique mac-address per board.

You can create your own structure of course and put that somewhere else in OTP. Or start with a blank chip and use anywhere in the OTP.

The new tools will allow you to write the contents of the OTP from a source csv file or similar so you can define your own custom format. The --mac-address and --serial number options will not be in there to my knowledge.

Cheers,
Joe
XMOS hardware grey beard.
User avatar
lukehatpadl
Member
Posts: 9
Joined: Sat Jul 08, 2023 5:15 am

Post by lukehatpadl »

Thanks for the tips, I'll report back when `lib_cap` is tested. I wanted to stick with the conventional layout as I am integrating with third-party code (which may itself use `lib_otpinfo`).