This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

secure OMAP-L138 boot resources restricted

Other Parts Discussed in Thread: OMAP-L138, OMAP-L132, TEST2, OMAPL138


Hi, 
   
  I do following some experiments:

The test environment:
  Device          : OMAPL132BZTE      Basic Secure Boot Enabled
  Oscillator clock:  12MHz
  mDDR            : 128MB  MT46H8M16LFBF
  NoR flash       : 8MB    ST M58WR064KB   -- 16bit , conect emifa CS2
  The test program:  app_test.out make by ccs 4.2 IDE
                     run on C6748 dsp core,  loading and Entering address : 0x11820000 at L2 RAM , function: Loop to print string from uart2

  PC terminal     :  SecureCRT.exe   --  A serial port monitoring software
  boot mode       : Secure AIS NOR BOOT mode
  flash tool      :  sfh_sec_OMAP-L138.exe  -- I Modify serial download tools from non secure device software "OMAP-L138_FlashAndBootUtils_2_40.tar.gz" with SecureHexAIS
  Secure HEX tool :  SecureHexAIS_OMAP-L138.exe
  ini.file        :  The following
;***************************************************************
;  TI OMAP-L138 / C6748 Security Utilities                     *
;  (C) 2009-2012 Texas Instruments, Inc.                       *
;***************************************************************
;
; This INI file will create a header that contains:
;     NOR config word          (1 word)
;     AIS magic number         (1 word)
;     AIS key load command     (1 word)
;     AIS key header           (8 words)
;     AIS set exit type        (2 words)
;     AIS set command + params (5 words)
;     Signature                (16 words)
;
; The AIS set command at the bottom of the INI file is a dummy write
; in order to force a signature check.  This is necessary in order to
; create a well defined header that can be bound to the device.  If
; the AIS set command is not used, then you will have to determine
; where the first signature occurs so that you can bind the entire
; section.
;
; *********************** INI ************************
; General settings that can be overwritten in the host code
; that calls the AISGen library.
[General]      
; Can be 8 or 16 - used in emifa
busWidth=16 

; SPIMASTER,I2CMASTER,EMIFA,NAND,EMAC,UART,PCI,HPI,USB,MMC_SD,VLYNQ,RAW
BootMode=EMIFA 

; NO_CRC,SECTION_CRC,SINGLE_CRC
crcCheckType=NO_CRC

; Security settings (keys, options, list of sections to encrypt, etc.)
[Security]
; Security Type: GENERIC, CUSTOM, NONE
securityType=GENERIC

; Boot Exit Type: NONSECURE, SECUREWITHSK
; NONSECURE = Device switches from secure type to non-secure type, jumping to loaded code
;             (no secure kernel since no longer secure device).
; SECUREWITHSK = Device remains as secure type, secure kernel is loaded, allowing run-time
;                security context switching.
bootExitType = SECUREWITHSK

; Encrypt section list (ALL or comma-separated list of section names)
encryptSections=ALL

; CEK used for AES encryption of data - must be string of 32 hexadecimal characters
; Device uses KEK to encrypt CEK, and then SECURE KEY LOAD command load this CEK, uses to
; decrypt the data by ENCRYPTED SECTION LOAD command
encryptionKey=4A7E1F56AE545D487C452388A65B0C05

; SHA Algorithm Selection
genericSHASelection = SHA256

;<<OMAP-L132 DSP+ARM Technical Reference Manual>> Chapter 6: Processor Memory Protection Unit (MPU)  6.2.8 Reset Considerations
;    After reset, the memory protection page attribute registers (MPPA) default to 0. This disables all protection features. 1: enable protection.
; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR   = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF

[MPUCONFIG]
MPUSELECT = 0x000002FF
STARTADDR = 0x00000000
ENDADDR   = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF


; This section allows configuration of one the systme IOPUs.
; The iopuNum field must be valid (0-5) and then mppaStart
; and mppaend fields allow setting a range of mppa MMRs to the
; same supplied mppa value.
; IOPUSELECT: |  RSVD  | iopuNum| mppaStart |  mppaEnd  |
; MPPAVALUE:  |              mppaValue                  |
[IOPUCONFIG]
IOPUSELECT = 0x000000FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000100FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000200FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000300FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000600FF
MPPAVALUE  = 0xFFFFFFFF


;[TAPSCONFIG]
;TAPSCFG = 0x0000FFFF

[AIS_Set]
; Generic AIS set instruction to a reserved register to force a signature check
TYPE=2
ADDRESS=0x01E2C020
DATA=0
SLEEP=0


【test1】:  Secure AIS NOR BOOT mode  with bootExitType = SECUREWITHSK
      step1:  use In front of the ini.file  ,
              use "SecureHexAIS_OMAP-L138.exe" convert "app_test.out" application image file into secure boot image "app_test_secais.bin"
      step2:  Dial the code switch to set uart2 boot way, use "sfh_sec_OMAP-L138.exe"  bund "app_test_secais.bin" at 0x60000000 start adress of nor flash.
      step2:  Dial the code switch to set nor boot way, run pc software "SecureCRT.exe" to monitor data from uart 2 or omapl132 device;
      result: failure  , no any data received.
 
【test2】:  Secure AIS NOR BOOT mode  with bootExitType = NONSECURE
      step1:  use In front of the ini.file  , only modify:  "bootExitType = NONSECURE " ,other same with test1 seep1;
      step2:  same with test1.
      step2:  same with test1;
      result: successful  , received string in accordance with "app_test.out" application.

Due to can't finding Search Similar routines in TI E2E Community and guide documentation from "C674x_OMAPL1x_Generic_Security_Flash_Boot_Utils.tar.gz" and "Security_collateral_update.zip"
 
so I make other test:
【test3】: "app_test.out" app run Secure AIS UART BOOT mode(modify "BootMode=UART")  with bootExitType = SECUREWITHSK or NONSECURE , downloaded by GenericSecureUartHost.exe tool.
           two bootExitType way Can all be successful.
           note:  at bootExitType = SECUREWITHSK   ,modify ini file : delete IOPUs seting. application can't print any data on uart.

【test4】: "nor_test.out" app run Secure AIS UART BOOT mode(modify "BootMode=UART")  with bootExitType = SECUREWITHSK or NONSECURE , downloaded by GenericSecureUartHost.exe tool.
           1) Initialize nor failure at "bootExitType = SECUREWITHSK";
           2) Initialize nor OK, after, can write and read nor at "bootExitType = NONSECURE";


As so far our test,For“bootExitType = SECUREWITHSK”, We guess there are some resources are protected (protect IOPUS and MPUS such as:IO connect nor flash 、DSP ), and currently we haven't find this in TI's documents.
Could someone provide detail documents for Secure AIS NOR BOOT with “bootExitType = SECUREWITHSK”, and we are appreciating someone could provide demo for AIS nor flash boot mode in secure kernel mode.
Thanks!

  • Hi,

    Could you please try to use "SECURENOSK" instead of using "SECUREWITHSK" ?

  • Titusrathinaraj Stalin said:

    Hi,

    Could you please try to use "SECURENOSK" instead of using "SECUREWITHSK" ?

    Hi Titusrathinaraj Stalin,

    Thanks for your reply.

    We have tried both "SECURENOSK" and "SECUREWITHSK". And use "SECURENOSK" mode, program works well. Howere, use  "SECURENOSK" mode , then above probloms encountered!

    And we need to use secure kernel APIs, So , finally, we have to use "SECUREWITHSK" mode .

    Thanks!

  • Hi Zhongfeng,

    I have asked factory team to support on this.

  • Hi Zhongfeng,

    Basic OMAPL138 secure parts only support secure boot so we don`t recommend SECUREWITHSK EXit Type unless you are trying to bind the image to the device during the first time boot.  It would be recommended that you set the boot Exit TYpe to NONSECURE in your production image to prevent any issues resulting from IO protection built into the IP to prevent boot time security.

    However, there is one thing you can try in your experiments. Add the following lines of code in your INI file in the same order as speciifed below:

    //This will set all security bits in IOPU6 registers to unlock security protection on all IOs protected but will lock the SYCFG registers to access only by secure supervisor ROM or secure kernel.

    [IOPUCONFIG]
    IOPUSELECT = 0x000600FF
    MPPAVALUE    = 0xFFFFFFFF

    // This will set bit 7 of IOPU6 to 0 that will unlock the security protection on SYSCFG registers which is ideally what you need to configure PINMUX and other system registers.

    [IOPUCONFIG]
    IOPUSELECT = 0x00060707
    MPPAVALUE    =  0x00000000

    Note: These setting are only required in SECUREWITHSK mode, as in nonsecure environment IOPU and MPU settings will not have any effect.

    Let us know if you are still facing the same issue.

    Regards,

    Rahul

  • Thanks! It works!

    Rahul Prabhu said:

    However, there is one thing you can try in your experiments. Add the following lines of code in your INI file in the same order as speciifed below:

    //This will set all security bits in IOPU6 registers to unlock security protection on all IOs protected but will lock the SYCFG registers to access only by secure supervisor ROM or secure kernel.

    [IOPUCONFIG]
    IOPUSELECT = 0x000600FF
    MPPAVALUE    = 0xFFFFFFFF

    // This will set bit 7 of IOPU6 to 0 that will unlock the security protection on SYSCFG registers which is ideally what you need to configure PINMUX and other system registers.

    [IOPUCONFIG]
    IOPUSELECT = 0x00060707
    MPPAVALUE    =  0x00000000

    Note: These setting are only required in SECUREWITHSK mode, as in nonsecure environment IOPU and MPU settings will not have any effect.

    Let us know if you are still facing the same issue.

    Regards,

    Rahul

  • Hi Rahul Prabhu,

    One more question.

    Refer to Chapter 6: Processor Memory Protection Unit (MPU)  6.2.8 Reset Considerations in <<OMAP-L132 DSP+ARM Technical Reference Manual>>, MPPA sets to 0 to disable protection feature, and 1 to enable protection.

    And in the ini file, for IOPU 0 ~ 3,and 6,  these value are set to 1. So I'm got confused about this!

    Could you offer me any detail documents about this!

    Thanks!