• State Resolved
  • Locked Locked
  • Replies 21 replies
  • Answers 2 answers
  • Subscribers 102 subscribers
  • Views 3205 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Secure Boot for C 6748 Device not responding with BOOTME Command

Nisha Nair
Prodigy 235 points
Other Parts Discussed in Thread: OMAP-L138, SECDEVTOOL-OMAPL138C6748, TEST2, OMAPL138

We have been using C6748 in our custom board,

we have a SPI 0 Flash and UART 0 Boot modes

for Flashing the boards we have tried out 2 methods

1. AIS Gen to Generate binary file and SPI writer using JTAG (After making necessary modification for our custom board)

2. Serial flash via UART0 using sfh_OMAP-L138.exe  (  the same was re made to meet our custom board requirements using Cygwin)

Both work reliably

Recently we got Secure C 6748 ( TMS320C6748EZWTA3E) assembled in the same custom board

  • JTAG gives an error C674X_0: Error connecting to the target: Connect to PRSC failed
  • I generated .bin file of my application and  Tried to unlock JTAG using ini file (Downloaded  SECDEVTOOL-OMAPL138C6748: Basic Secure Boot Development Tools for OMAP-L138 / C6748  )

bootExitType = NONSECURE

TAPSCFG = 0x0000FFFF

1. How to flash this .bin file to the Secure C6748 and get JTAG unlocked so that i can debug the device as well as flash it using my SPI Writer?

2. Tried to use the serial flash tool " sfh_OMAP-L138.exe" in UART0 boot mode as i was doing with my non secure device but not receiving " BOOTME"......

3. When i change to UART0 boot mode and connect to Hyperterminal the secure device does not return "Boot me" where as my non secure device returns " BOOTME"  Why is that?

4. Tried to use GenericSecureUartHost  but not able to receive boot me may be because it made for UART2 boot mode and i have UART0 boot mode, if this is correct please guide me through the rebuilding steps to get a GenericSecureUartHost for my custom board. 

Please help me with booting of TMS320C6748EZWTA3E.

Thanks,

NN

  • 0
    TI__Guru** 116100 points

    1. How to flash this .bin file to the Secure C6748 and get JTAG unlocked so that i can debug the device as well as flash it using my SPI Writer?

    No need to flash, you should load and run the JTAG unlock binary via UARTHOST tool.


    2. Tried to use the serial flash tool " sfh_OMAP-L138.exe" in UART0 boot mode as i was doing with my non secure device but not receiving " BOOTME"......

    You need to open the COM port in PC where you have connected the UART0 port and check for the BOOTME message.


    3. When i change to UART0 boot mode and connect to Hyperterminal the secure device does not return "Boot me" where as my non secure device returns " BOOTME" Why is that?

    You should get the BOOTME message on UART0 if you set boot mode to UART0 boot mode.



    4. Tried to use GenericSecureUartHost but not able to receive boot me may be because it made for UART2 boot mode and i have UART0 boot mode, if this is correct please guide me through the rebuilding steps to get a GenericSecureUartHost for my custom board.

    Please refer to the above answer.
    Need to get the BOOTME message, please do make sure that HW is good, especially UART section ,probe the UART0_TX pin
  • 0 in reply to Titusrathinaraj Stalin
    Prodigy 235 points

    Thankyou so much for your quick response.

    Yes you are right that was a hardware issue, one of the component in my board was not soldered properly (which i realised after the post)

     Now i am able to load by .bin successfully into my secure C6748 using Secure UART Host tool.

    (File IO): Read 56352 bytes from file C:\Program Files (x86)\OMAPL138_C6748_Generic_Security\OMAP-L138_Secure_FlashAndBootUtils_trunk\OMAP-L138_Secure\GNU\AISUtils\test2.bin.

    (Serial Port): Opening COM3 at 115200 baud...

    (AIS Parse): Read magic word 0x41504954.

    (AIS Parse): Waiting for BOOTME... (power on or reset target now)

    (AIS Parse): BOOTME received!

    (AIS Parse): Performing Start-Word Sync...

    (AIS Parse): Performing Ping Opcode Sync...

    (AIS Parse): Processing command 0: 0x58535920.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Secure key loading, entering secure mode.

    (AIS Parse): Processing command 1: 0x58535923.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Setting boot exit mode...

    (AIS Parse): Set exit mode to 0x00000000.

    (AIS Parse): Processing command 2: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 3: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 4: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 5: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 6: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 7: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 8: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 9: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 10: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 11: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 12: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 13: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 14: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 15: 0x5853590D.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Executing function...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): Processing command 16: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 16-Byte section to address 0x1182B894.

    (AIS Parse): Processing command 17: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 20768-Byte section to address 0x1182B8A0.

    (AIS Parse): Processing command 18: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 19136-Byte section to address 0x118309C0.

    (AIS Parse): Processing command 19: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 7572-Byte section to address 0x11835480.

    (AIS Parse): Processing command 20: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 16-Byte section to address 0x11837214.

    (AIS Parse): Processing command 21: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 140-Byte section to address 0x11837F74.

    (AIS Parse): Processing command 22: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 4032-Byte section to address 0x11839000.

    (AIS Parse): Processing command 23: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 1632-Byte section to address 0x11839FC0.

    (AIS Parse): Processing command 24: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 844-Byte section to address 0x1183AE20.

    (AIS Parse): Processing command 25: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 512-Byte section to address 0x1183B16C.

    (AIS Parse): Processing command 26: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 48-Byte section to address 0x1183B3CC.

    (AIS Parse): Processing command 27: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 512-Byte section to address 0x1183B400.

    (AIS Parse): Processing command 28: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 76-Byte section to address 0x1183B8C8.

    (AIS Parse): Processing command 29: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 48-Byte section to address 0x1183B950.

    (AIS Parse): Processing command 30: 0x58535921.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Loading encoded section...

    (AIS Parse): Loaded 16-Byte section to address 0x1183B9EC.

    (AIS Parse): Processing command 31: 0x58535906.

    (AIS Parse): Performing Opcode Sync...

    (AIS Parse): Performing jump and close...

    (AIS Parse): Secure mode; sending signature.

    (AIS Parse): AIS complete. Jump to address 0x1183A440.

    (AIS Parse): Waiting for DONE...

    (AIS Parse): Boot completed successfully.

    (Serial Port): Closing COM3.

    The .bin is generated from .out file which was successfully running in my non secure device(AISGEN was used to generate .bin file for the non secure device)

    The .ini file used for the generation of .bin is  attached.

    [General]
    busWidth=8           

    BootMode=SPIMASTER

    crcCheckType=NO_CRC

    seqReadEn=ON

    [Security]
    securityType=GENERIC
    ;bootExitType = SECURENOSK
    bootExitType = NONSECURE
    ;bootExitType = SECUREWITHSK

    encryptSections=ALL

    encryptionKey=4A7E1F56AE545D487C452388A65B0C05

    genericSHASelection = SHA256


    ;           |------24|------16|-------8|-------0|
    ; PLL0CFG0: | CLKMODE| PLLM   | PREDIV | POSTDIV|
    ; PLL0CFG1: | RSVD   | PLLDIV1| PLLDIV3| PLLDIV7|

    [PLLANDCLOCKCONFIG]
    PLL0CFG0 = 0x00180001
    PLL0CFG1 = 0x00000B05
    PERIPHCLKCFG = 0x00010064

    ;           |------24|------16|-------8|-------0|
    ; PLL1CFG0: |    PLLM| POSTDIV| PLLDIV1| PLLDIV2|
    ; PLL1CFG1: |           RSVD           | PLLDIV3|
    [PLL1CONFIG]
    PLL1CFG0 = 0x18010001
    PLL1CFG1 = 0x00000002

    ; This section lets us configure the peripheral interface
    ; of the current booting peripheral (I2C, SPI, or UART).
    ; Use with caution. The format of the PERIPHCLKCFG field
    ; is as follows:
    ; SPI:        |------24|------16|-------8|-------0|
    ;             |           RSVD           |PRESCALE|
    ;
    ; I2C:        |------24|------16|-------8|-------0|
    ;             |  RSVD  |PRESCALE|  CLKL  |  CLKH  |
    ;
    ; UART:       |------24|------16|-------8|-------0|
    ;             | RSVD   |  OSR   |  DLH   |  DLL   |
    ;[PERIPHCLKCFG]
    ;PERIPHCLKCFG = 0x00000000


    ; This section allow setting the MPU1 or MPU2. If the
    ; rangenum is out of the allowed range then all the ranges
    ; (including the fixed range) take the start, end, and
    ; protection values.
    ;            |------24|------16|----------8|----------0|
    ; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
    ; STARTADDR: |              startAddr                  |
    ; ENDADDR:   |               endAddr                   |
    ; MPPAVALUE: |              mppaValue                  |
    [MPUCONFIG]
    MPUSELECT = 0x000001FF
    STARTADDR = 0x00000000
    ENDADDR   = 0xFFFFFFFF
    MPPAVALUE = 0xFFFFFFFF

     

    ; This section can be used to configure the PLL1 and the EMIF3a registers
    ; for starting the DDR2 interface.
    ; See PLL1CONFIG section for the format of the PLL1CFG fields.
    ;            |------24|------16|-------8|-------0|
    ; PLL1CFG0:  |              PLL1CFG              |
    ; PLL1CFG1:  |              PLL1CFG              |
    ; DDRPHYC1R: |             DDRPHYC1R             |
    ; SDCR:      |              SDCR                 |
    ; SDTIMR:    |              SDTIMR               |
    ; SDTIMR2:   |              SDTIMR2              |
    ; SDRCR:     |              SDRCR                |
    ; CLK2XSRC:  |             CLK2XSRC              |
    ;status |= DEVICE_ExternalMemInit(0x000000C5, 0x00134832, 0x264A3209, 0x3C14C722, 0x00000492, 0x00000000);
    ;[EMIF3DDR]
    ;PLL1CFG0 = 0x18010001
    ;PLL1CFG1 = 0x00000002
    ;DDRPHYC1R = 0x000000C4
    ;SDCR = 0x0A034622
    ;SDTIMR = 0x184929C8
    ;SDTIMR2 = 0xB80FC700
    ;SDRCR = 0x00000406
    ;CLK2XSRC = 0x00000000

    [EMIF3DDR]
    PLL1CFG0 = 0x18010001
    PLL1CFG1 = 0x00000002
    DDRPHYC1R = 0x000000C5
    SDCR = 0x00134832
    SDTIMR = 0x264A3209
    SDTIMR2 = 0x3C14C722
    SDRCR = 0x00000492
    CLK2XSRC = 0x00000000


    ; This section allow setting the MPU1 or MPU2. If the
    ; rangenum is out of the allowed range then all the ranges
    ; (including the fixed range) take the start, end, and
    ; protection values.
    ;            |------24|------16|----------8|----------0|
    ; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
    ; STARTADDR: |              startAddr                  |
    ; ENDADDR:   |               endAddr                   |
    ; MPPAVALUE: |              mppaValue                  |
    ;
    ; This MPU control must happen after the DDR init or else the
    ; MPU control has no effect
    [MPUCONFIG]
    MPUSELECT = 0x000002FF
    STARTADDR = 0x00000000
    ENDADDR   = 0xFFFFFFFF
    MPPAVALUE = 0xFFFFFFFF

    ; This section can be used to configure the EMIFA to use
    ; CS0 as an SDRAM interface.  The fields required to do this
    ; are given below.
    ;                     |------24|------16|-------8|-------0|
    ; SDBCR:              |               SDBCR               |
    ; SDTIMR:             |               SDTIMR              |
    ; SDRSRPDEXIT:        |             SDRSRPDEXIT           |
    ; SDRCR:              |               SDRCR               |
    ; DIV4p5_CLK_ENABLE:  |         DIV4p5_CLK_ENABLE         |
    ;[EMIF25SDRAM]
    ;SDBCR = 0x00004421
    ;SDTIMR = 0x42215810
    ;SDRSRPDEXIT = 0x00000009
    ;SDRCR = 0x00000410
    ;DIV4p5_CLK_ENABLE = 0x00000001

    ; This section can be used to configure the async chip selects
    ; of the EMIFA (CS2-CS5).  The fields required to do this
    ; are given below.
    ;           |------24|------16|-------8|-------0|
    ; A1CR:     |                A1CR               |
    ; A2CR:     |                A2CR               |
    ; A3CR:     |                A3CR               |
    ; A4CR:     |                A4CR               |
    ; NANDFCR:  |              NANDFCR              |
    ;[EMIF25ASYNC]
    ;A1CR = 0x00000000
    ;A2CR = 0x00000000
    ;A3CR = 0x00000000
    ;A4CR = 0x00000000
    ;NANDFCR = 0x00000000

    ; This section should be used in place of PLL0CONFIG when
    ; the I2C, SPI, or UART modes are being used.  This ensures that
    ; the system PLL and the peripheral's clocks are changed together.
    ; See PLL0CONFIG section for the format of the PLL0CFG fields.
    ; See PERIPHCLKCFG section for the format of the CLKCFG field.
    ;               |------24|------16|-------8|-------0|
    ; PLL0CFG0:     |              PLL0CFG              |
    ; PLL0CFG1:     |              PLL0CFG              |
    ; PERIPHCLKCFG: |              CLKCFG               |
    ;[PLLANDCLOCKCONFIG]
    ;PLL0CFG0 = 0x00000000
    ;PLL0CFG1 = 0x00000000
    ;PERIPHCLKCFG = 0x00000000

    ; This section should be used to setup the power state of modules
    ; of the two PSCs.  This section can be included multiple times to
    ; allow the configuration of any or all of the device modules.
    ;           |------24|------16|-------8|-------0|
    ; LPSCCFG:  | PSCNUM | MODULE |   PD   | STATE  |
    ;[PSCCONFIG]
    ;LPSCCFG = 0x01030003

    ;EMIFA -> NAND
    [PSCCONFIG]
    LPSCCFG = 0x00030003

    ;GPIO
    ;[PSCCONFIG]
    ;LPSCCFG = 0x01030003


    ; This section allows setting of a single PINMUX register.
    ; This section can be included multiple times to allow setting
    ; as many PINMUX registers as needed.
    ;         |------24|------16|-------8|-------0|
    ; REGNUM: |              regNum               |
    ; MASK:   |               mask                |
    ; VALUE:  |              value                |
    ;[PINMUX]
    ;REGNUM = 5
    ;MASK = 0x00FF0000
    ;VALUE = 0x00880000

    ; No Params required - simply include this section for the fast boot function to be called
    ;[FASTBOOT]

    ; This section allows configuration of one the systme IOPUs.
    ; The iopuNum field must be valid (0-5) and then mppaStart
    ; and mppaend fields allow setting a range of mppa MMRs to the
    ; same supplied mppa value.
    ; IOPUSELECT: |  RSVD  | iopuNum| mppaStart |  mppaEnd  |
    ; MPPAVALUE:  |              mppaValue                  |
    [IOPUCONFIG]
    IOPUSELECT = 0x000000FF
    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000100FF
    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000200FF
    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000300FF
    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000600FF
    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x00060707
    MPPAVALUE  = 0x00000000

    ; This section allow setting the MPU1 or MPU2. If the
    ; rangenum is out of the allowed range then all the ranges
    ; (including the fixed range) take the start, end, and
    ; protection values.
    ;            |------24|------16|----------8|----------0|
    ; MPUSELECT: |      RSVD       |   mpuNum  | rangeNum  |
    ; STARTADDR: |              startAddr                  |
    ; ENDADDR:   |               endAddr                   |
    ; MPPAVALUE: |              mppaValue                  |
    [MPUCONFIG]
    MPUSELECT = 0x000001FF
    STARTADDR = 0x00000000
    ENDADDR   = 0x00000000
    MPPAVALUE = 0xFFFFFFFF

    ; This function allows the user to selectively open up the
    ; the debug TAPs of the device.  Since the function is not
    ; executed until the signature is checked, it does not
    ; pose a security issue.
    ;          |------24|------16|----------8|----------0|
    ; TAPSCFG: |      RSVD       |       tapscfg         |
    [TAPSCONFIG]
    TAPSCFG = 0x0000FFFF

    The .bin was generated from .out using the command

    C:\Program Files (x86)\OMAPL138_C6748_Generic_Security\OMAP-L138_Secure_FlashAnd
    BootUtils_trunk\OMAP-L138_Secure\GNU\AISUtils>SecureHexAIS_OMAP-L138 -ini NewIni
    .ini -otype binary -o test2.bin upp_drv_test.out
    -----------------------------------------------------
       TI Secure AIS Hex File Generator for OMAP-L138
       (C) 2011, Texas Instruments, Inc.
       Ver. 1.25
    -----------------------------------------------------


    Creating boot image for a generic secure device.
    INFO: Boot exit type has been selected as NONSECURE.
    WARNING: Encrypted Key Header data is absent - generating plaintext version.
             The Customer Encryption Key will be transferred in plaintext!
    INFO: Current SHA algorithm is SHA256.
    Begining the Secure AIS file generation.
    AIS file being generated for bootmode: SPIMASTER.
            Signature Hash: DB-EA-4A-63-FF-1D-97-47-01-57-C4-CD-64-36-DB-7A-36-41-CC
    -DD-AA-B7-BE-70-9F-37-85-F9-53-D9-4B-E5
            Signature Byte Count = 68
            Signature Hash: 9E-ED-33-13-EB-53-84-CC-9B-5B-43-49-E9-2E-54-BB-EE-F2-09
    -98-54-2F-50-12-90-6E-01-19-43-83-25-52
            Signature Byte Count = 16
            Signature Hash: 35-96-3B-5C-0D-36-89-8B-E3-BE-3F-A6-99-63-67-98-F8-78-23
    -76-12-B2-6A-29-B0-B1-7A-7A-52-99-76-69
            Signature Byte Count = 24
            Signature Hash: F4-1C-D9-79-37-3E-30-4E-68-25-B7-5F-60-AE-DC-FB-A3-36-AF
    -52-F2-D5-EE-BD-80-D1-57-2C-CF-F3-07-B5
            Signature Byte Count = 40
            Signature Hash: 35-6D-A7-4D-37-26-3E-38-AE-0B-0C-DA-91-73-68-63-4A-10-3C
    -3A-59-3B-0A-76-4F-88-63-53-4A-FC-F5-DF
            Signature Byte Count = 24
            Signature Hash: 30-2A-47-6B-92-ED-D0-E2-2A-78-B0-F3-5B-73-E3-D7-8D-7A-70
    -D2-AE-24-3D-16-9A-14-7D-3F-3D-13-FC-7F
            Signature Byte Count = 12
            Signature Hash: 44-BA-AD-61-79-77-DC-E8-5E-17-C3-49-91-6F-9E-01-48-9D-10
    -AD-11-4B-41-56-72-1E-A6-F4-E6-35-3A-38
            Signature Byte Count = 16
            Signature Hash: 8A-DD-4B-C8-83-56-4A-0F-B3-DB-14-06-79-B5-6D-A3-44-7B-4B
    -E8-BB-1A-C1-90-EF-76-CC-0E-0B-8B-52-22
            Signature Byte Count = 16
            Signature Hash: D7-1D-EB-18-0F-32-8E-F9-C3-5B-12-FE-27-B9-FE-C9-59-43-7E
    -9F-7C-E9-87-BA-EE-EA-74-B0-CE-A7-D2-E3
            Signature Byte Count = 16
            Signature Hash: B8-13-64-A6-66-78-FC-FE-B8-FA-42-6F-65-63-06-E0-27-34-E0
    -A4-BE-59-02-9F-95-3D-45-94-8A-C2-66-C5
            Signature Byte Count = 16
            Signature Hash: 5D-7A-14-49-19-41-A0-56-09-FB-61-D6-1F-1C-B1-62-DC-FD-D9
    -58-94-29-81-21-C9-6D-F4-7E-8B-59-09-C0
            Signature Byte Count = 16
            Signature Hash: F1-2D-96-75-54-4C-BB-5B-6E-CE-BB-8A-5B-EE-06-3A-5A-82-F4
    -79-5F-05-D4-A1-C2-06-BB-0D-B5-B6-B9-AA
            Signature Byte Count = 16
            Signature Hash: ED-EB-68-A9-F3-98-FD-90-4B-85-2C-3D-7A-F6-A5-4F-87-29-91
    -2F-C3-24-6B-5A-37-DA-C5-4F-0F-8E-FF-17
            Signature Byte Count = 24
            Signature Hash: 12-59-5B-FB-12-5D-D8-72-2B-26-CF-4F-AF-9C-7E-CF-89-04-34
    -47-84-E1-C0-EE-E1-AF-45-7E-B9-4F-E0-D4
            Signature Byte Count = 12
    Parsing the input object file, upp_drv_test.out.
    Encrypting section .pinit, since ALL was specified for encryptSections in ini fi
    le.
    Encrypting section .bios, since ALL was specified for encryptSections in ini fil
    e.
    Encrypting section .text, since ALL was specified for encryptSections in ini fil
    e.
    Encrypting section .cinit, since ALL was specified for encryptSections in ini fi
    le.
    Encrypting section .args, since ALL was specified for encryptSections in ini fil
    e.
    Encrypting section .switch, since ALL was specified for encryptSections in ini f
    ile.
    Encrypting section .rtdx_text, since ALL was specified for encryptSections in in
    i file.
    Encrypting section .sysinit, since ALL was specified for encryptSections in ini
    file.
    Encrypting section .const, since ALL was specified for encryptSections in ini fi
    le.
    Encrypting section .trace, since ALL was specified for encryptSections in ini fi
    le.
    Encrypting section .log, since ALL was specified for encryptSections in ini file
    .
    Encrypting section .hwi_vec, since ALL was specified for encryptSections in ini
    file.
    Encrypting section .gblinit, since ALL was specified for encryptSections in ini
    file.
    Encrypting section .sts, since ALL was specified for encryptSections in ini file
    .
    Encrypting section .trcdata, since ALL was specified for encryptSections in ini
    file.
            Signature Hash: 08-92-96-6E-4D-57-D7-66-B5-B6-D7-0C-5F-AE-4A-6A-87-7D-D9
    -21-15-91-6D-80-11-86-F8-47-C2-FB-21-D5
            Signature Byte Count = 55536
    AIS file generation was successful.
    Wrote 56352 bytes to file test2.bin.
    Conversion is complete.

    1. First I changed to UART0 boot mode connected the hardware to PC and used Secure UART Host tool to load the bin.I Have an SPI 0 flash in by board. I change the    boot mode to SPI0 boot mode C 6748 does not boot. Is the Process Correct?

    2. JTAG is not getting detected : Atleast this should happen even if other configs in my .ini file is wrong, am i  right?

    3. As with every one i am also not able to understand the requirement and even the process of binding, Am i missing any step?

    4. You were mentioning ' load and run the JTAG unlock binary via UARTHOST tool'  what i have done is sufficient or anything else has to be done? [AIS Parse] says 'Boot Completed Successfully'

    Regards,

    Nisha

  • 0 in reply to Nisha Nair
    TI__Guru** 116100 points

    1. First I changed to UART0 boot mode connected the hardware to PC and used Secure UART Host tool to load the bin.I Have an SPI 0 flash in by board. I change the boot mode to SPI0 boot mode C 6748 does not boot. Is the Process Correct?

    No. Will explain.
    Firstly, try to unlock the JTAG first and load your .out and debug on secure chip.


    2. JTAG is not getting detected : Atleast this should happen even if other configs in my .ini file is wrong, am i right?

    You should be able to connect the JTAG in CCS once you used the following code in *.ini file while conversion (.out to .bin).
    [TAPSCONFIG]
    TAPSCFG = 0x0000FFFF


    3. As with every one i am also not able to understand the requirement and even the process of binding, Am i missing any step?

    I will explain, we can solve the problem one by one.


    4. You were mentioning ' load and run the JTAG unlock binary via UARTHOST tool' what i have done is sufficient or anything else has to be done? [AIS Parse] says 'Boot Completed Successfully'

    First, you need to load .bin (which has TAPSCFG) into UARTHOST tool and now you should not press the RESET button or power OFF/ON the board as the secure chip is enabled the JTAG port.
    If you did reset the board after UARTHOST tool operation then again you should load the .bin to unlock the JTAG again.

    Once you loaded the .bin, then you should open the CCS and create appropriate target configuration for your C6748 & HW Emualtor then select the DSP core and connect it.
  • 0 in reply to Titusrathinaraj Stalin
    Prodigy 235 points
    First, you need to load .bin (which has TAPSCFG) into UARTHOST tool and now you should not press the RESET button or power OFF/ON the board as the secure chip is enabled the JTAG port.
    If you did reset the board after UARTHOST tool operation then again you should load the .bin to unlock the JTAG again.

    Once you loaded the .bin, then you should open the CCS and create appropriate target configuration for your C6748 & HW Emualtor then select the DSP core and connect it

    Thank you so much Stalin.

     I am able to connect JTAG and Debug my application.  (My mistake was: Every time during my experiments after flashing my .bin file using UART HOST tool I was power cycling my board  to Connect JTAG)Without power cycling I was able to connect to my project file using JTAG.

    Now I am ready with my .out file please help in secure booting of my Processor from the SPI flash. Please let me know the steps

     I have an SPIWriter CCS project  with which I can write to my SPI flash once i am able to connect my JTAG.

    Please let me know the entire process.

    Thanks

    Nisha Nair

     

  • 0 in reply to Nisha Nair
    TI__Guru** 116100 points
    Once you unlocked the JTAG in secure DSP, try to run and debug your application, it should run if its worked on non-secure DSP.
    1) If you want to boot permanently, then you should convert the your .out to .ais and flash into SPI using SPIWriter code.
    2) Once you flashed it, you need to build the SPI binding CCS code and convert into AIS then run via UARTHOST tool, it will read the unencrypted header from SPI flash and rewrite it with secured headers (encrypted).
    3) Now set boot mode to SPI, you can see running your code on secure DSP.


    Required SW:
    i) SPIwriter CCS project
    ii) SPI Binding CCS project
    iii) Your app
    iv) UARTHOST tool.

    Overview:
    i) Build your app and convert to AIS using secureAIS tool
    ii) Unlock the JTAG
    iii) Flash your app.ais into SPI flash using SPIWriter
    iv) Build the SPI binding code
    v) Convert SPI binding .out into AIS using secureAIS tool
    vi) Load the SPI binding .ais into DSP via UARTHOST tool (you should run this binding code via secured mode so you can't run the binding .out using CCS debug mode)
    vii) If everything goes well without any issues, seems binding process gets completed.
    Binding process is that read the un-encrypted headers from SPI flash and encrypt it with DSP's secure unique KEY and rewrite it on SPI flash.
    viii) Set boot mode to SPI and see the output.

    PS: Please use the simple GPIO LED blink or UART print example as your application.

    I hope this helps.

    Please let me know if any.
  • 0 in reply to Titusrathinaraj Stalin
    Prodigy 235 points

    pls let me know where can i get Required SW:   SPI Binding CCS project

  • 0 in reply to Nisha Nair
    TI__Guru** 116100 points
    Please accept my friend request, will share you offline.
  • 0 in reply to Nisha Nair
    TI__Guru** 116100 points
    Hi Nisha,
    Finally we were able to solve the problem through offline.
    I hope you understood the secure boot concept of OMAPL138 secure device.
    Please let me know for any issues.
    Thank you!
  • 0 in reply to Titusrathinaraj Stalin
    Prodigy 235 points

    My Application file does not boot from SPI0 flash in secure boot device (C6748)

    1.  Unlocked the jtag and build the Hello world example program to print in UART0 terminal : Prints correctly
    2. Application is to continuously print 'Hello World' in UART0 terminal (Appl.out generated) (Used DDR for running the Program)

    SECTIONS
    {
    .text > DRAM
    .const > DRAM
    .bss > DRAM
    .far > DRAM
    .stack > DRAM
    .data > DRAM
    .cinit > DRAM
    .sysmem > DRAM
    .cio > DRAM
    }

    3. Converted Appln.out to Appln.ais using test.ini(attached) using secure hex tool.

    4. Appln.ais works from UART boot Host and prints Hello World in the UART terminal.

    5. Flashed Appln.ais to SPI flash

    6. Used secureboot.ais through secure mode and did binding successfully (From Security Collateral SPIbinding with modification for SPI 0 flash and UART0 for logs)

    7.Changed boot mode to SPI0 flash and application does not boot

    test.ini

    ////////////////////////////////////////////////////////////

    [General]
    busWidth=8

    BootMode=SPIMASTER

    crcCheckType=NO_CRC

    seqReadEn=ON

    [Security]
    securityType=GENERIC
    ;bootExitType = SECURENOSK
    bootExitType = NONSECURE
    ;bootExitType = SECUREWITHSK

    encryptSections=ALL

    encryptionKey=4A7E1F56AE545D487C452388A65B0C05

    genericSHASelection = SHA256


    ; |------24|------16|-------8|-------0|
    ; PLL0CFG0: | CLKMODE| PLLM | PREDIV | POSTDIV|
    ; PLL0CFG1: | RSVD | PLLDIV1| PLLDIV3| PLLDIV7|

    [PLLANDCLOCKCONFIG]
    PLL0CFG0 = 0x00180001
    PLL0CFG1 = 0x00000B05
    PERIPHCLKCFG = 0x00010064

    ; |------24|------16|-------8|-------0|
    ; PLL1CFG0: | PLLM| POSTDIV| PLLDIV1| PLLDIV2|
    ; PLL1CFG1: | RSVD | PLLDIV3|
    [PLL1CONFIG]
    PLL1CFG0 = 0x18010001
    PLL1CFG1 = 0x00000002

    ; This section lets us configure the peripheral interface
    ; of the current booting peripheral (I2C, SPI, or UART).
    ; Use with caution. The format of the PERIPHCLKCFG field
    ; is as follows:
    ; SPI: |------24|------16|-------8|-------0|
    ; | RSVD |PRESCALE|
    ;
    ; I2C: |------24|------16|-------8|-------0|
    ; | RSVD |PRESCALE| CLKL | CLKH |
    ;
    ; UART: |------24|------16|-------8|-------0|
    ; | RSVD | OSR | DLH | DLL |
    ;[PERIPHCLKCFG]
    ;PERIPHCLKCFG = 0x00000000


    ; This section allow setting the MPU1 or MPU2. If the
    ; rangenum is out of the allowed range then all the ranges
    ; (including the fixed range) take the start, end, and
    ; protection values.
    ; |------24|------16|----------8|----------0|
    ; MPUSELECT: | RSVD | mpuNum | rangeNum |
    ; STARTADDR: | startAddr |
    ; ENDADDR: | endAddr |
    ; MPPAVALUE: | mppaValue |
    [MPUCONFIG]
    MPUSELECT = 0x000001FF
    STARTADDR = 0x00000000
    ENDADDR = 0xFFFFFFFF
    MPPAVALUE = 0xFFFFFFFF

    ; This section can be used to configure the PLL1 and the EMIF3a registers
    ; for starting the DDR2 interface.
    ; See PLL1CONFIG section for the format of the PLL1CFG fields.
    ; |------24|------16|-------8|-------0|
    ; PLL1CFG0: | PLL1CFG |
    ; PLL1CFG1: | PLL1CFG |
    ; DDRPHYC1R: | DDRPHYC1R |
    ; SDCR: | SDCR |
    ; SDTIMR: | SDTIMR |
    ; SDTIMR2: | SDTIMR2 |
    ; SDRCR: | SDRCR |
    ; CLK2XSRC: | CLK2XSRC |
    ;status |= DEVICE_ExternalMemInit(0x000000C5, 0x00134832, 0x264A3209, 0x3C14C722, 0x00000492, 0x00000000);
    ;[EMIF3DDR]
    ;PLL1CFG0 = 0x18010001
    ;PLL1CFG1 = 0x00000002
    ;DDRPHYC1R = 0x000000C4
    ;SDCR = 0x0A034622
    ;SDTIMR = 0x184929C8
    ;SDTIMR2 = 0xB80FC700
    ;SDRCR = 0x00000406
    ;CLK2XSRC = 0x00000000

    [EMIF3DDR]
    PLL1CFG0 = 0x18010001
    PLL1CFG1 = 0x00000002
    DDRPHYC1R = 0x000000C4
    SDCR = 0x00134622
    SDTIMR = 0x20923209
    SDTIMR2 = 0x3C14C722
    SDRCR = 0x00000492
    CLK2XSRC = 0x00000000

    ; This section allow setting the MPU1 or MPU2. If the
    ; rangenum is out of the allowed range then all the ranges
    ; (including the fixed range) take the start, end, and
    ; protection values.
    ; |------24|------16|----------8|----------0|
    ; MPUSELECT: | RSVD | mpuNum | rangeNum |
    ; STARTADDR: | startAddr |
    ; ENDADDR: | endAddr |
    ; MPPAVALUE: | mppaValue |
    ;
    ; This MPU control must happen after the DDR init or else the
    ; MPU control has no effect
    [MPUCONFIG]
    MPUSELECT = 0x000002FF
    STARTADDR = 0x00000000
    ENDADDR = 0xFFFFFFFF
    MPPAVALUE = 0xFFFFFFFF

    ; This section can be used to configure the EMIFA to use
    ; CS0 as an SDRAM interface. The fields required to do this
    ; are given below.
    ; |------24|------16|-------8|-------0|
    ; SDBCR: | SDBCR |
    ; SDTIMR: | SDTIMR |
    ; SDRSRPDEXIT: | SDRSRPDEXIT |
    ; SDRCR: | SDRCR |
    ; DIV4p5_CLK_ENABLE: | DIV4p5_CLK_ENABLE |
    ;[EMIF25SDRAM]
    ;SDBCR = 0x00004421
    ;SDTIMR = 0x42215810
    ;SDRSRPDEXIT = 0x00000009
    ;SDRCR = 0x00000410
    ;DIV4p5_CLK_ENABLE = 0x00000001

    ; This section can be used to configure the async chip selects
    ; of the EMIFA (CS2-CS5). The fields required to do this
    ; are given below.
    ; |------24|------16|-------8|-------0|
    ; A1CR: | A1CR |
    ; A2CR: | A2CR |
    ; A3CR: | A3CR |
    ; A4CR: | A4CR |
    ; NANDFCR: | NANDFCR |
    ;[EMIF25ASYNC]
    ;A1CR = 0x00000000
    ;A2CR = 0x00000000
    ;A3CR = 0x00000000
    ;A4CR = 0x00000000
    ;NANDFCR = 0x00000000

    ; This section should be used in place of PLL0CONFIG when
    ; the I2C, SPI, or UART modes are being used. This ensures that
    ; the system PLL and the peripheral's clocks are changed together.
    ; See PLL0CONFIG section for the format of the PLL0CFG fields.
    ; See PERIPHCLKCFG section for the format of the CLKCFG field.
    ; |------24|------16|-------8|-------0|
    ; PLL0CFG0: | PLL0CFG |
    ; PLL0CFG1: | PLL0CFG |
    ; PERIPHCLKCFG: | CLKCFG |
    ;[PLLANDCLOCKCONFIG]
    ;PLL0CFG0 = 0x00000000
    ;PLL0CFG1 = 0x00000000
    ;PERIPHCLKCFG = 0x00000000

    ; This section should be used to setup the power state of modules
    ; of the two PSCs. This section can be included multiple times to
    ; allow the configuration of any or all of the device modules.
    ; |------24|------16|-------8|-------0|
    ; LPSCCFG: | PSCNUM | MODULE | PD | STATE |
    ;[PSCCONFIG]
    ;LPSCCFG = 0x01030003

    ;EMIFA -> NAND
    ;[PSCCONFIG]
    ;LPSCCFG = 0x00030003


    ;[PSCCONFIG]
    ;LPSCCFG = 0x00040003

    ;UART0
    [PSCCONFIG]
    LPSCCFG = 0x00090003

    ;[PSCCONFIG]
    ;LPSCCFG = 0x01060003

    ;[PSCCONFIG]
    ;LPSCCFG = 0x010A0003

    ;GPIO
    ;[PSCCONFIG]
    ;LPSCCFG = 0x01030003


    ; This section allows setting of a single PINMUX register.
    ; This section can be included multiple times to allow setting
    ; as many PINMUX registers as needed.
    ; |------24|------16|-------8|-------0|
    ; REGNUM: | regNum |
    ; MASK: | mask |
    ; VALUE: | value |
    ;[PINMUX]
    ;REGNUM = 5
    ;MASK = 0x00FF0000
    ;VALUE = 0x00880000

    [PINMUX]
    REGNUM = 0x4
    MASK = 0x000000F0
    VALUE = 0x00000010

    [PINMUX]
    REGNUM = 0x3
    MASK = 0x00FFFF0F
    VALUE = 0x00221101

    ; No Params required - simply include this section for the fast boot function to be called
    ;[FASTBOOT]

    ; This section allows configuration of one the systme IOPUs.
    ; The iopuNum field must be valid (0-5) and then mppaStart
    ; and mppaend fields allow setting a range of mppa MMRs to the
    ; same supplied mppa value.
    ; IOPUSELECT: | RSVD | iopuNum| mppaStart | mppaEnd |
    ; MPPAVALUE: | mppaValue |
    [IOPUCONFIG]
    IOPUSELECT = 0x000000FF
    MPPAVALUE = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000100FF
    MPPAVALUE = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000200FF
    MPPAVALUE = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000300FF
    MPPAVALUE = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x000600FF
    MPPAVALUE = 0xFFFFFFFF

    [IOPUCONFIG]
    IOPUSELECT = 0x00060707
    MPPAVALUE = 0x00000000

    ; This section allow setting the MPU1 or MPU2. If the
    ; rangenum is out of the allowed range then all the ranges
    ; (including the fixed range) take the start, end, and
    ; protection values.
    ; |------24|------16|----------8|----------0|
    ; MPUSELECT: | RSVD | mpuNum | rangeNum |
    ; STARTADDR: | startAddr |
    ; ENDADDR: | endAddr |
    ; MPPAVALUE: | mppaValue |
    [MPUCONFIG]
    MPUSELECT = 0x000001FF
    STARTADDR = 0x00000000
    ENDADDR = 0x00000000
    MPPAVALUE = 0xFFFFFFFF


    ; This function allows the user to selectively open up the
    ; the debug TAPs of the device. Since the function is not
    ; executed until the signature is checked, it does not
    ; pose a security issue.
    ; |------24|------16|----------8|----------0|
    ; TAPSCFG: | RSVD | tapscfg |
    ;[TAPSCONFIG]
    ;TAPSCFG = 0x0000FFFF


    ;[AIS_Set]
    ;TYPE=Type field for AIS SET/BOOT_TABLE command
    ;ADDRESS=Address field for AIS SET/BOOT_TABLE command
    ;DATA=Data field for AIS SET/BOOT_TABLE command
    ;SLEEP=Sleep field for AIS SET/BOOT_TABLE command

    /////////////////////////////////////////////////////////////////////////////////////////////

    Pls help

  • 0 in reply to Nisha Nair
    TI__Guru** 116100 points
    I have discussed with you offline on this problem.
    I have no idea why its not working since its worked through UARTHOST tool.
    Let me check with internal team on this problem.
    Thanks for your patience.
  • 0 in reply to Titusrathinaraj Stalin
    Prodigy 235 points

    Thanks Titus for all your help and support rendered to reach till this stage, with out which I would have struggled. Your on time response and to the point answers and debugging skills are worth mentioning. 

    But I am eagerly waiting to complete this activity its almost a month now. 

    Thank you so much

    Regards,

    Nisha

  • 0 in reply to Titusrathinaraj Stalin
    Prodigy 105 points
    pls let me know where can i get Required SW: SPI Binding CCS project

    my email: lammobile94@gmail.com

    thank you!
  • 0 in reply to Lam Vu72
    Prodigy 235 points

    Mr. Stalin shared with me with I modified as per my custom board, You can just have a private chat with TI support team for the Secure boot process.

  • 0 in reply to Nisha Nair
    Prodigy 105 points
    I use KIT OMAP-L138 and want to test secure boot mode with simple blink LED and boot nand program. I do not know where to start.
  • 0 in reply to Nisha Nair
    Prodigy 235 points
    I had an SPI flash and C6748 custom board,TMS320C6748EZWTA3E.
    These are the steps I performed
    Once you unlocked the JTAG in secure DSP, try to run and debug your application, it should run if its worked on non-secure DSP.
    1) If you want to boot permanently, then you should convert the your .out to .ais and flash into SPI using SPIWriter code.
    2) Once you flashed it, you need to build the SPI binding CCS code and convert into AIS then run via UARTHOST tool, it will read the unencrypted header from SPI flash and rewrite it with secured headers (encrypted).
    3) Now set boot mode to SPI, you can see running your code on secure DSP.


    Required SW:
    i) SPIwriter CCS project
    ii) SPI Binding CCS project
    iii) Your app
    iv) UARTHOST tool.

    Overview:
    i) Build your app and convert to AIS using secureAIS tool
    ii) Unlock the JTAG
    iii) Flash your app.ais into SPI flash using SPIWriter
    iv) Build the SPI binding code
    v) Convert SPI binding .out into AIS using secureAIS tool
    vi) Load the SPI binding .ais into DSP via UARTHOST tool (you should run this binding code via secured mode so you can't run the binding .out using CCS debug mode)
    vii) If everything goes well without any issues, seems binding process gets completed.
    Binding process is that read the un-encrypted headers from SPI flash and encrypt it with DSP's secure unique KEY and rewrite it on SPI flash.
    viii) Set boot mode to SPI and see the output

    Courtesy: Titusrathinaraj Stalin
  • 0 in reply to Nisha Nair
    Prodigy 105 points
    How to Flash my app.ais into SPI flash using SPIWriter.

    Thank you so much

    Regards,

    Lam
  • 0 in reply to Lam Vu72
    Prodigy 235 points
    First unlock the JTAG
    Then connect through JTAG and Run the SPIWriter code through CCS, select your .ais file location and wait for SPI flashing completed Successfully.
  • 0 in reply to Nisha Nair
    Prodigy 105 points
    I using Basic Secure Boot. In the .ini file configuration I see the CEK code, how do I use it in the my application file (app.out). And How can i flash boot.ais and app.out on LCDK with UARTHOST tool.

    Best Regards,
    Lam
  • 0 in reply to Lam Vu72
    Prodigy 235 points

    I using Basic Secure Boot. In the .ini file configuration I see the CEK code, how do I use it in the my application file (app.out).

    The CEK key is entered by you in app.ini (used for converting app.out to app.ais) .

    How can i flash boot.ais and app.out on LCDK with UARTHOST tool.

    You cannot flash using UARTHOST tool, for flashing you should use NAND writer or Serial flashing tools. You can run your app.ais run via UARTHOST tool in the UART boot mode.

    PS: This is as per my experience with C6748 Processor Security.

  • 0 in reply to Nisha Nair
    Prodigy 105 points
    Hi Nisha Nair,

    So that means flash boot file to NAND then run application file via UARThost.
    Can you send me the example of NANDWriter or refer to where.
    Please can you give me your email address to i can communicate with you.
    My email: lammobile94@gmail.com
    Thank you very much.