E2E Maintenance Alert: Please be aware that we are updating our site today at 3 PM CST. During this time, users will be able to browse current site content and perform searches to find your solutions. We expect the Maintenance to be completed by 7 PM CST.
TI E2E Community
Digital Signal Processors (DSP)
OMAP-L13x, AM1x and C674x Processors Forum
OMAP L138 Secure Boot
I am testing the secured boot of the OMAP L138.
I successfully had boot the OMAP without security using example provided in the "OMAPL138-DSP-LED" wich is part of "Using the OMAP-L1x8 Bootloader" doc.
What I understood that I need to generate the combined AIS file from ARM and DSP "*.OUTs", programm it to the SPI FLASH and restart the board (I did all using the provided TI's utilities: "AISgen for D800K600" and the "sfh_OMAP-L138.exe").
Currently I don't want to encrypt the KEK.
I apologize for the delayed response.
Do you currently have secure OMAP L138 parts? There are two different types of parts: Secure and Non-secure. Non-secure images will not work with secure parts and Secure images will not work with non-secure parts.
When creating a boot image for a secure part, you use the secure AIS tools. These tools add additional information to the boot image that allows the device to decrypt and authenticate the various sections of the boot image. You will have the .out files for both the ARM and the DSP and you will use the secure AIS tools to wrap those binaries appropriately. It should be pretty much the same as you did before. The one additional step is the creation of the header that contains your encryption key for the boot image.
Just for some clarification, the KEK is a device specific random number that is known only to the device. It is used to encrypt your encryption key used during secure boot so that the image is bound to the device (ie the same flash image cannot be used on other devices b/c two different devices will not have the same KEK).
I'm not exactly sure what you mean when you say "Currently I don't wan tot encrypt the KEK".
Please let me know if this helps and if you have any additional information or questions.
Since the C6748 has secured boot know, we will use it and not the OMAP, thanks.
Regarding the C6748.
I need to build a secured secondary boot loader (SBL) for this device.
Is it possible and what exact steps I need to do? Is it simmply a use of decrypt module function?
All content and materials on this site are provided "as is". TI and its respective suppliers and providers of content make no representations about the suitability of these materials for any purpose and disclaim all warranties and conditions with regard to these materials, including but not limited to all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement of any third party intellectual property right. TI and its respective suppliers and providers of content make no representations about the suitability of these materials for any purpose and disclaim all warranties and conditions with respect to these materials. No license, either express or implied, by estoppel or otherwise, is granted by TI. Use of the information on this site may require a license from a third party, or a license from TI.
TI is a global semiconductor design and manufacturing company. Innovate with 100,000+ analog ICs andembedded processors, along with software, tools and the industry’s largest sales/support staff.