General • OTP page protection issue

Hi,

I'm trying to use secure boot together with encrypted firmware in my project (RP2350). I decided to store the encryption key in OTP and protect it by configuring the access rights.

Let’s say I use page 50 in OTP to store the key. I perform the following steps:

1. Write the key data to the page (starting row: 0x0800).
2. Set OTP_DATA_PAGE50_LOCK1 to 0x3d3d3d:
- BL_LOCK = 3 (INACCESSIBLE from bootloader)
- LOCK_NS = 3 (INACCESSIBLE in non-secure mode)
- LOCK_S = 1 (read-only in secure mode)
3. Additionally, I set OTP_DATA_PAGE50_LOCK0 to 0x5b5b5b:
- Read/write key number = 3
- NO_KEY_STATE = inaccessible

Do I need to configure anything else to enforce these rules?

The problem is that I can still read values from the protected page using picotool, even after setting the permissions. No unlock keys are needed—it just reads the data. This doesn't seem right; the protection doesn’t appear to be working.

I followed the examples and the first challenge materials, but still no luck.

I'd appreciate any help with this.

Statistics: Posted by bohdank — Sat Aug 02, 2025 9:21 am

---