• State
  • Locked Locked
  • Replies 2 replies
  • Subscribers 101 subscribers
  • Views 2028 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Disabling "Secure" / Internal Boot (permanently)

Luke Leighton
Prodigy 40 points
Other Parts Discussed in Thread: AM3892, AM3894, AM3703, AM3715, OMAP3530

Dear TI people,

I'm evaluating suitable SoC CPUs for use in a FSF Hardware-Endorsed low-cost, high-end Laptop.  The criteria are here: http://www.fsf.org/news/endorsement-criteria.  now, i cannot emphasise enough how almost-impossible this is, to fulfil both the FSF criteria *and* the "low-cost" *and* the "high-end" criteria - but i am going to try :)

already i have run smack into the issue of the PowerVR 3D engine being proprietary - but this can be dealt with by specifying AM3703 instead of AM3715, and AM3892 instead of AM3894.

much more important than that is the fundamental issue of whether the resultant end-user device could be purchased, re-programmed and re-sold with a completely non-free Operating System, by placing a totally locked-down Bootloader into the internal 32k ROM.  whilst this is entirely the purpose *of* the internal ROM, it is massively problematic from a Free Software perspective.

so i have a couple of questions, which may be the correct thing to ask, maybe not.  please somebody please do tell me if i misunderstand the inner workings of the CPUs, provide the right question and please answer that instead :)

a) is it possible (like it is for the S5PC110) to completely disable booting from the Internal ROM, on any of the ARM Cortex series?  OMAP35xx, OMAP44xx, AM37xx, AM38xx, DMxx it doesn't matter which: just... "is it possible".  on the S5PC110, you blow an e-fuse, and that's the end of it: goodbye "secure boot" feature.

b) the AM37xx datasheet does not make any mention of the boot sequence, nor how to program the internal ROM: the only mention i hear of the internal ROM with online searches is in reference to the OMAP35xx series, where the internal ROM is "manufacturer programmable only".  does that mean that TI is the only ones allowed to set up the internal ROM?  can it be changed by anyone else?  does it actually mean "factory programmable only"?  if so, can a bootloader be placed into the internal ROM and e.g. an e-fuse blown to say "ok, that's it boys - no more changes allowed to the internal ROM" because if so, it would be possible to blow in a FSF-acceptable bootloader, thus making it impossible for the device to be used for what the FSF likes to call "Treacherous" purposes.

much appreciated some clarification.  mostly of my own assumptions.

l.

 

  • 0
    TI__Mastermind 43511 points

    Luke,

    seems like an interesting discussion...

    Now the info that you need is somehow deeply buried in the 3500+ pages TRM for the AM/DM37xx devices (SPRUGN4F is our doc number). Go for chapter 26...

    a) generally our devices support a couple of boot modes for best flexibility. The catalog devices do not have a secure boot mode.  Commercial customers usually have the reverse question and ask how they can protect their devices from tampering. Not easy with the catalog parts... but it can be done with hardware design choices. So I assume for your case there should be a way to design hardware such that there is always some way to load a boot loader (usually our first and second stage boot loaders are available on the web). E.g. full availability of JTAG, boot mode and UART signals...

    b) Boot sequence and modes in the doc as mentioned. However the ROM is fixed by TI and customers can't change it without paying substantial NRE for new production masks (essentially a new device...). That is also why our boot code needs to have all the options. The ROM boot is also quite limited and not dedicated for a certain mode or even OS to boot. That is why we have several stages of booting code.

    I assume you know but it should be worth to mention here that the BeagleBoard is based on OMAP3530 (same architecture as AM37xx) and is a great example for open source hardware to my mind. There is probably the biggest open source (software) community around that board now. You can find find several examples where the hardware design (or parts) have been directly copied to further products.

    Regards.

  • 0 in reply to Frank Walzer
    Prodigy 40 points

    frank hi,

    much appreciated the response.  good to hear confirmation about "always bootable externally".  yes this is also a commercial project!  on the back of this initial kick-start will be branching out other options that, en-masse, help keep the price down, apart from anything else.  yes, i have a beagleboard, and two clones (IGEPv2 from ISEE and one from quickembed).  interesting to hear about the bootrom - i kinda expected it to be done in the masks, i.e. _really_ a ROM, not a PROM, but just wanted to check.  thank you for confirming.  it all spells good news.

    many thanks,

    l.