Required .ini file for AIS encryption in encrypted omapl138

Hi Roee,

Yes, we have to use PLL and memory configuration in ini file.
Which memory are you using ?
Shared memory or DDR ?
IOPU is for I/O peripheral configuration protection and MPU is for memory protection.
Did you get all the secure related docs through your local TI FAE ?

processors.wiki.ti.com/.../Basic_Secure_Boot_for_OMAP-L138_C6748

Which type of board are you using ie custom or EVM ?
Able to unlock the JTAG and debug your code through CCS ?

Dear Titus,
Thanks for your Rapid replay.

My board is a custom board.
I'm not sure regarding the memory: I'm running a part of the code on the ARM and the a part on the DSP, I'm using the shared memory primary by the ARM while the DSP uses the L2 ram for software and L1 for Data.
I'm not sure I have all the related docs, but I do have the "TMS320C6748/OMAP-L138 Security" PDF.

I'm not able to unlock the JTAG's and debug from CCS.

Please tell if the following configuration will work:


[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF

[MPUCONFIG]
MPUSELECT = 0x000002FF
STARTADDR = 0x00000000
ENDADDR = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000000FF
MPPAVALUE = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000100FF
MPPAVALUE = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000200FF
MPPAVALUE = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000300FF
MPPAVALUE = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000600FF
MPPAVALUE = 0xFFFFFFFF

[TAPSCONFIG]
TAPSCFG = 0xFFFFFFFF

If not, please segguset a valid .ini configuration for an SPIMASTER, secure kernel generic security level.
If needed I can send you a foot print of my chip (Gueest tell me how to send it.)

Thanks you very much
Roee

Hey again,

If you can send or link me to any example .ini file i would apprciate it.

This issue is vital for me.

Thanks,

Roee

Hi Roee,

I've attached sample ini files for your reference.

[TAPSCONFIG]

TAPSCFG = 0xFFFFFFFF

Use the above config to unlock the JTAG.

Try to understand the secure boot process on OMAPL138, like binding process, flashing and booting etc.,

For secure boot, initially we have to flash the secure app (unencrypted) into flash and need to encrypt the headers through binding process (read the headers and encrypt it from flash)

First, you have to unlock the JTAG and load the program and run (debug) on OMAP.

Please refer to the following TI E2E post.

[General]
busWidth=16            

BootMode=NAND

crcCheckType=NO_CRC

seqReadEn=ON

[Security]
securityType=GENERIC
;bootExitType = SECURENOSK
bootExitType = NONSECURE
;bootExitType = SECUREWITHSK

encryptSections=ALL

encryptionKey=4A7E1F56AE545D487C452388A65B0C05

genericSHASelection = SHA256


;           |------24|------16|-------8|-------0|
; PLL0CFG0: | CLKMODE| PLLM   | PREDIV | POSTDIV|
; PLL0CFG1: | RSVD   | PLLDIV1| PLLDIV3| PLLDIV7|

[PLLANDCLOCKCONFIG]
PLL0CFG0 = 0x00180001
PLL0CFG1 = 0x00000B05
PERIPHCLKCFG = 0x00010064

;           |------24|------16|-------8|-------0|
; PLL1CFG0: |    PLLM| POSTDIV| PLLDIV1| PLLDIV2|
; PLL1CFG1: |           RSVD           | PLLDIV3|
[PLL1CONFIG]
PLL1CFG0 = 0x18010001
PLL1CFG1 = 0x00000002

; This section lets us configure the peripheral interface
; of the current booting peripheral (I2C, SPI, or UART).
; Use with caution. The format of the PERIPHCLKCFG field
; is as follows:
; SPI:        |------24|------16|-------8|-------0|
;             |           RSVD           |PRESCALE|
;
; I2C:        |------24|------16|-------8|-------0|
;             |  RSVD  |PRESCALE|  CLKL  |  CLKH  |
;
; UART:       |------24|------16|-------8|-------0|
;             | RSVD   |  OSR   |  DLH   |  DLL   |
;[PERIPHCLKCFG]
;PERIPHCLKCFG = 0x00000000


; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR   = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF



; This section can be used to configure the PLL1 and the EMIF3a registers
; for starting the DDR2 interface.
; See PLL1CONFIG section for the format of the PLL1CFG fields.
;            |------24|------16|-------8|-------0|
; PLL1CFG0:  |              PLL1CFG              |
; PLL1CFG1:  |              PLL1CFG              |
; DDRPHYC1R: |             DDRPHYC1R             |
; SDCR:      |              SDCR                 |
; SDTIMR:    |              SDTIMR               |
; SDTIMR2:   |              SDTIMR2              |
; SDRCR:     |              SDRCR                |
; CLK2XSRC:  |             CLK2XSRC              |
;status |= DEVICE_ExternalMemInit(0x000000C5, 0x00134832, 0x264A3209, 0x3C14C722, 0x00000492, 0x00000000);
;[EMIF3DDR]
;PLL1CFG0 = 0x18010001
;PLL1CFG1 = 0x00000002
;DDRPHYC1R = 0x000000C4
;SDCR = 0x0A034622
;SDTIMR = 0x184929C8
;SDTIMR2 = 0xB80FC700
;SDRCR = 0x00000406
;CLK2XSRC = 0x00000000

[EMIF3DDR]
PLL1CFG0 = 0x18010001
PLL1CFG1 = 0x00000002
DDRPHYC1R = 0x000000C5
SDCR = 0x00134832
SDTIMR = 0x264A3209
SDTIMR2 = 0x3C14C722
SDRCR = 0x00000492
CLK2XSRC = 0x00000000


; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
;
; This MPU control must happen after the DDR init or else the
; MPU control has no effect
[MPUCONFIG]
MPUSELECT = 0x000002FF
STARTADDR = 0x00000000
ENDADDR   = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF

; This section can be used to configure the EMIFA to use
; CS0 as an SDRAM interface.  The fields required to do this
; are given below.
;                     |------24|------16|-------8|-------0|
; SDBCR:              |               SDBCR               |
; SDTIMR:             |               SDTIMR              |
; SDRSRPDEXIT:        |             SDRSRPDEXIT           |
; SDRCR:              |               SDRCR               |
; DIV4p5_CLK_ENABLE:  |         DIV4p5_CLK_ENABLE         |
;[EMIF25SDRAM]
;SDBCR = 0x00004421
;SDTIMR = 0x42215810
;SDRSRPDEXIT = 0x00000009
;SDRCR = 0x00000410
;DIV4p5_CLK_ENABLE = 0x00000001

; This section can be used to configure the async chip selects
; of the EMIFA (CS2-CS5).  The fields required to do this
; are given below.
;           |------24|------16|-------8|-------0|
; A1CR:     |                A1CR               |
; A2CR:     |                A2CR               |
; A3CR:     |                A3CR               |
; A4CR:     |                A4CR               |
; NANDFCR:  |              NANDFCR              |
;[EMIF25ASYNC]
;A1CR = 0x00000000
;A2CR = 0x00000000
;A3CR = 0x00000000
;A4CR = 0x00000000
;NANDFCR = 0x00000000

; This section should be used in place of PLL0CONFIG when
; the I2C, SPI, or UART modes are being used.  This ensures that
; the system PLL and the peripheral's clocks are changed together.
; See PLL0CONFIG section for the format of the PLL0CFG fields.
; See PERIPHCLKCFG section for the format of the CLKCFG field.
;               |------24|------16|-------8|-------0|
; PLL0CFG0:     |              PLL0CFG              |
; PLL0CFG1:     |              PLL0CFG              |
; PERIPHCLKCFG: |              CLKCFG               |
;[PLLANDCLOCKCONFIG]
;PLL0CFG0 = 0x00000000
;PLL0CFG1 = 0x00000000
;PERIPHCLKCFG = 0x00000000

; This section should be used to setup the power state of modules
; of the two PSCs.  This section can be included multiple times to
; allow the configuration of any or all of the device modules.
;           |------24|------16|-------8|-------0|
; LPSCCFG:  | PSCNUM | MODULE |   PD   | STATE  |
;[PSCCONFIG]
;LPSCCFG = 0x01030003

;EMIFA -> NAND
[PSCCONFIG]
LPSCCFG = 0x00030003

;GPIO
;[PSCCONFIG]
;LPSCCFG = 0x01030003


; This section allows setting of a single PINMUX register.
; This section can be included multiple times to allow setting
; as many PINMUX registers as needed.
;         |------24|------16|-------8|-------0|
; REGNUM: |              regNum               |
; MASK:   |               mask                |
; VALUE:  |              value                |
;[PINMUX]
;REGNUM = 5
;MASK = 0x00FF0000
;VALUE = 0x00880000

; No Params required - simply include this section for the fast boot function to be called
;[FASTBOOT]

; This section allows configuration of one the systme IOPUs.
; The iopuNum field must be valid (0-5) and then mppaStart
; and mppaend fields allow setting a range of mppa MMRs to the
; same supplied mppa value.
; IOPUSELECT: |  RSVD  | iopuNum| mppaStart |  mppaEnd  |
; MPPAVALUE:  |              mppaValue                  |
[IOPUCONFIG]
IOPUSELECT = 0x000000FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000100FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000200FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000300FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000600FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x00060707
MPPAVALUE  = 0x00000000

; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR   = 0x00000000
MPPAVALUE = 0xFFFFFFFF

; This function allows the user to selectively open up the
; the debug TAPs of the device.  Since the function is not
; executed until the signature is checked, it does not
; pose a security issue.
;          |------24|------16|----------8|----------0|
; TAPSCFG: |      RSVD       |       tapscfg         |
;[TAPSCONFIG]
;TAPSCFG = 0x0000FFFF

[General]
busWidth=16            

BootMode=NAND

crcCheckType=NO_CRC

seqReadEn=ON

[Security]
securityType=GENERIC
;bootExitType = SECURENOSK
bootExitType = NONSECURE
;bootExitType = SECUREWITHSK

encryptSections=ALL

encryptionKey=4A7E1F56AE545D487C452388A65B0C05

genericSHASelection = SHA256


;           |------24|------16|-------8|-------0|
; PLL0CFG0: | CLKMODE| PLLM   | PREDIV | POSTDIV|
; PLL0CFG1: | RSVD   | PLLDIV1| PLLDIV3| PLLDIV7|

[PLLANDCLOCKCONFIG]
PLL0CFG0 = 0x00180001
PLL0CFG1 = 0x00000B05
PERIPHCLKCFG = 0x00010064

;           |------24|------16|-------8|-------0|
; PLL1CFG0: |    PLLM| POSTDIV| PLLDIV1| PLLDIV2|
; PLL1CFG1: |           RSVD           | PLLDIV3|
[PLL1CONFIG]
PLL1CFG0 = 0x18010001
PLL1CFG1 = 0x00000002

; This section lets us configure the peripheral interface
; of the current booting peripheral (I2C, SPI, or UART).
; Use with caution. The format of the PERIPHCLKCFG field
; is as follows:
; SPI:        |------24|------16|-------8|-------0|
;             |           RSVD           |PRESCALE|
;
; I2C:        |------24|------16|-------8|-------0|
;             |  RSVD  |PRESCALE|  CLKL  |  CLKH  |
;
; UART:       |------24|------16|-------8|-------0|
;             | RSVD   |  OSR   |  DLH   |  DLL   |
;[PERIPHCLKCFG]
;PERIPHCLKCFG = 0x00000000


; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR   = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF



; This section can be used to configure the PLL1 and the EMIF3a registers
; for starting the DDR2 interface.
; See PLL1CONFIG section for the format of the PLL1CFG fields.
;            |------24|------16|-------8|-------0|
; PLL1CFG0:  |              PLL1CFG              |
; PLL1CFG1:  |              PLL1CFG              |
; DDRPHYC1R: |             DDRPHYC1R             |
; SDCR:      |              SDCR                 |
; SDTIMR:    |              SDTIMR               |
; SDTIMR2:   |              SDTIMR2              |
; SDRCR:     |              SDRCR                |
; CLK2XSRC:  |             CLK2XSRC              |
;status |= DEVICE_ExternalMemInit(0x000000C5, 0x00134832, 0x264A3209, 0x3C14C722, 0x00000492, 0x00000000);
;[EMIF3DDR]
;PLL1CFG0 = 0x18010001
;PLL1CFG1 = 0x00000002
;DDRPHYC1R = 0x000000C4
;SDCR = 0x0A034622
;SDTIMR = 0x184929C8
;SDTIMR2 = 0xB80FC700
;SDRCR = 0x00000406
;CLK2XSRC = 0x00000000

[EMIF3DDR]
PLL1CFG0 = 0x18010001
PLL1CFG1 = 0x00000002
DDRPHYC1R = 0x000000C5
SDCR = 0x00134832
SDTIMR = 0x264A3209
SDTIMR2 = 0x3C14C722
SDRCR = 0x00000492
CLK2XSRC = 0x00000000


; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
;
; This MPU control must happen after the DDR init or else the
; MPU control has no effect
[MPUCONFIG]
MPUSELECT = 0x000002FF
STARTADDR = 0x00000000
ENDADDR   = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF

; This section can be used to configure the EMIFA to use
; CS0 as an SDRAM interface.  The fields required to do this
; are given below.
;                     |------24|------16|-------8|-------0|
; SDBCR:              |               SDBCR               |
; SDTIMR:             |               SDTIMR              |
; SDRSRPDEXIT:        |             SDRSRPDEXIT           |
; SDRCR:              |               SDRCR               |
; DIV4p5_CLK_ENABLE:  |         DIV4p5_CLK_ENABLE         |
;[EMIF25SDRAM]
;SDBCR = 0x00004421
;SDTIMR = 0x42215810
;SDRSRPDEXIT = 0x00000009
;SDRCR = 0x00000410
;DIV4p5_CLK_ENABLE = 0x00000001

; This section can be used to configure the async chip selects
; of the EMIFA (CS2-CS5).  The fields required to do this
; are given below.
;           |------24|------16|-------8|-------0|
; A1CR:     |                A1CR               |
; A2CR:     |                A2CR               |
; A3CR:     |                A3CR               |
; A4CR:     |                A4CR               |
; NANDFCR:  |              NANDFCR              |
;[EMIF25ASYNC]
;A1CR = 0x00000000
;A2CR = 0x00000000
;A3CR = 0x00000000
;A4CR = 0x00000000
;NANDFCR = 0x00000000

; This section should be used in place of PLL0CONFIG when
; the I2C, SPI, or UART modes are being used.  This ensures that
; the system PLL and the peripheral's clocks are changed together.
; See PLL0CONFIG section for the format of the PLL0CFG fields.
; See PERIPHCLKCFG section for the format of the CLKCFG field.
;               |------24|------16|-------8|-------0|
; PLL0CFG0:     |              PLL0CFG              |
; PLL0CFG1:     |              PLL0CFG              |
; PERIPHCLKCFG: |              CLKCFG               |
;[PLLANDCLOCKCONFIG]
;PLL0CFG0 = 0x00000000
;PLL0CFG1 = 0x00000000
;PERIPHCLKCFG = 0x00000000

; This section should be used to setup the power state of modules
; of the two PSCs.  This section can be included multiple times to
; allow the configuration of any or all of the device modules.
;           |------24|------16|-------8|-------0|
; LPSCCFG:  | PSCNUM | MODULE |   PD   | STATE  |
;[PSCCONFIG]
;LPSCCFG = 0x01030003

;EMIFA -> NAND
[PSCCONFIG]
LPSCCFG = 0x00030003

;GPIO
;[PSCCONFIG]
;LPSCCFG = 0x01030003


; This section allows setting of a single PINMUX register.
; This section can be included multiple times to allow setting
; as many PINMUX registers as needed.
;         |------24|------16|-------8|-------0|
; REGNUM: |              regNum               |
; MASK:   |               mask                |
; VALUE:  |              value                |
;[PINMUX]
;REGNUM = 5
;MASK = 0x00FF0000
;VALUE = 0x00880000

; No Params required - simply include this section for the fast boot function to be called
;[FASTBOOT]

; This section allows configuration of one the systme IOPUs.
; The iopuNum field must be valid (0-5) and then mppaStart
; and mppaend fields allow setting a range of mppa MMRs to the
; same supplied mppa value.
; IOPUSELECT: |  RSVD  | iopuNum| mppaStart |  mppaEnd  |
; MPPAVALUE:  |              mppaValue                  |
[IOPUCONFIG]
IOPUSELECT = 0x000000FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000100FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000200FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000300FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x000600FF
MPPAVALUE  = 0xFFFFFFFF

[IOPUCONFIG]
IOPUSELECT = 0x00060707
MPPAVALUE  = 0x00000000

; This section allow setting the MPU1 or MPU2. If the
; rangenum is out of the allowed range then all the ranges
; (including the fixed range) take the start, end, and
; protection values.
;            |------24|------16|----------8|----------0|
; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
; STARTADDR: |              startAddr                  |
; ENDADDR:   |               endAddr                   |
; MPPAVALUE: |              mppaValue                  |
[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR   = 0x00000000
MPPAVALUE = 0xFFFFFFFF

; This function allows the user to selectively open up the
; the debug TAPs of the device.  Since the function is not
; executed until the signature is checked, it does not
; pose a security issue.
;          |------24|------16|----------8|----------0|
; TAPSCFG: |      RSVD       |       tapscfg         |
[TAPSCONFIG]
TAPSCFG = 0x0000FFFF

Hey Titus,

Please send me a .ini file sutibale for SPIMASTER boot, It's an arguent matter.

Thanks, Roee

Hi Roee,
Do you have any secure OMAPL138 EVM board ?
Have you unlocked the JTAG and able to load and run any program on OMAP through emulator ?
If you want to do SPI boot, you need to follow the procedure. Done ?

1) Need to unlock the JTAG to confirm that program (LED) is running good.
2) To unlock the JTAG, use "GenericSecureUartHost.exe" tool to load the program (ini) on OMAP to unlock the JTAG which has the following line of code in ini.
[TAPSCONFIG]
TAPSCFG = 0x0000FFFF

3) After JTAG got unlocked, try to connect DSP core and run your own code or any program.
I would like to suggest to use small LED code to know about how the secure OMAP is getting booted.

4) Use "secure.ini" to create secure binary with your CEK and finally it would create secure binary with unencrypted headers (it should be encrypted through binding process) through "SecureHexAIS_OMAP-L138.exe" tool.

5) Use "SPI flash writer" (CCS) to flash the secure binary into SPI flash.

6) Unlock the JTAG and run the program "SPI secure boot" on CCS for binding process.

This code would read the "unencrypted headers" of binary and encrypt the header with OMAP's internal KEK which no one knows except OMAP.

7) Set boot setting to SPI boot and you would see LED blinking.

Now, tell me which step you are to help further.
Thanks for your understanding.

Dear Titus,

My status is as follows:

1. I'm able to FLASH my BSP which serves as the operating system of my device. The BSP is packed in a secure AIS format with an encrypted header.  Security is generic and I use the secure with SK boot exit type. I use this boot exit type since I need to decrypted my firmware after the boot process is complete.

2. My firmware is comprised of two parts: One runs from the DSP and one from the ARM. both are encrypted with the same CEK as the AIS using secure LoadModGen_OMAP-L138.exe application. I'm able to load this two firmware components using my companies hardware.

3. I'm using UART boot mode to load the BSP (section 1) and SPI0 boot mode to load the firmware modules and run. (My board is custom and supports only UART, SPI0, and emulator boot modes). 

My problem is:

After I first load the secure modules the firmware runs as expected. If I reset the device it will restart just fine. However, if I switch off my device and turn the power on again the secure MODULE described at section 2 seems to disappear and need to be loaded again. 

I assume that because I load the firmware using my own companies software it is volatile. How should I load the secure modules so they will be Flashed to the SPI and become non volatile?

I will only say that the same procedure works fine with a non -encrypted device and non - encrypted Firmware. 

Many Thanks,

Roee.

Hi Roee,

I assume that because I load the firmware using my own companies software it is volatile. How should I load the secure modules so they will be Flashed to the SPI and become non volatile?

Yes, you need to load it again since you loaded the module via UART and its volatile as you said and that should be flashed to either SPI on any flash device to boot permanently.

Hey Titus,

I got things working by fixing some issues on my end.
Thanks for the support.

I wanted to ask if the only boot images which can be loaded to an encrypted device are SecureAIS image?
I'm asking this because I have two old binary files which be loaded to secure device via TI's secureUARTloader. I also have their CCS project's and .out file. I want to know how they were transormed from .out to .bin?
Could it been done only with secureAIS gennerator?

Thanks again,
Roee

Hi Roee,

I wanted to ask if the only boot images which can be loaded to an encrypted device are SecureAIS image?
I'm asking this because I have two old binary files which be loaded to secure device via TI's secureUARTloader. I also have their CCS project's and .out file. I want to know how they were transormed from .out to .bin?
Could it been done only with secureAIS gennerator?

Yes is the answer for all the questions :-)

Thanks Titus,

I'm using LoadModGen_OMAP-L138.exe to pack my firmware before loading it to the OMAP. Is the following .ini file suitable for the encryption. If not, how should I change it?

[Security]
; Security Type: GENERIC, CUSTOM
securityType=GENERIC

; CEK used for AES encryption of data - must be string of 32 hexadecimal characters
encryptionKey=****My Key*****

; CERT_MAGIC or LOADMOD_MAGIC - delegate key certificate module or load module
magicNum=LOADMOD_MAGIC

; Encrypt the module or leave unencrypted (signed only)
encrypt=TRUE

; Hash algorithm selection for generic secure devices
genericShaSelection=SHA256

Thanks