The FCB block is protected with a ECC code which can correct 1bit errors and detect 2bit errors. This works fine for all fields except the fingerprint marker (Containing "FCB") which is used by the ROM to detect if a FCB is present on that block or not. Here the ROM chooses to check for the fingerprint *before* running the ECC correction. Thus a FCB is not used by the ROM anymore when it has a bitflip in the fingerprint marker. For us this means we have to rewrite the FCB in this case, so reject the faulty FCB in read_fcb_hamming_13_8() which triggers a rewrite during the check operation. Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> --- common/imx-bbu-nand-fcb.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/common/imx-bbu-nand-fcb.c b/common/imx-bbu-nand-fcb.c index 15ddf5d7b0..aaa796bc81 100644 --- a/common/imx-bbu-nand-fcb.c +++ b/common/imx-bbu-nand-fcb.c @@ -318,6 +318,16 @@ struct fcb_block *read_fcb_hamming_13_8(void *rawpage) fcb = rawpage + 12; ecc = rawpage + 512 + 12; + /* + * The ROM does the check for the correct fingerprint before correcting + * bitflips. This means we cannot allow bitflips in the fingerprint and + * bail out with an error if it's not correct. + * This is currently done in the i.MX6qdl path. It needs to be checked if + * the same happens in the BCH encoded variants (i.MX6ul(l)) aswell. + */ + if (((struct fcb_block *)fcb)->FingerPrint != 0x20424346) + return ERR_PTR(-EINVAL); + for (i = 0; i < 512; i++) { parity = ecc[i]; np = calculate_parity_13_8(fcb[i]); -- 2.19.0 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox