• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 98 subscribers
  • Views 1225 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Help: oSecure Kernel and Secure Boot Image Binding on OMAP-L138

FrankXu
Genius 3500 points
Other Parts Discussed in Thread: TMS320C6748

Dear Titusrathinaraj Stalin,

    I'm now facing the same problem.

    It is not easy to find the code bug since I cannot debug line by line when using Secure Kernel API.

    Our time is short, since the deadline is near, but we are not yet ready for production secure protection with the -E chips.

    Would you please send me the example code? My email is frank2010fudan@gmail.com

    Thank you so much.

Frank

  • 0
    TI__Guru** 116100 points
    Dear Frank,
    You can't debug the code which has Secure kernel APIs, you should run the secure API code in secure place/context (i.e secure UARTHOST tool)

    If you want to debug the secure kernel APIs on your code then you can put debug UART prints on the code and run the secure code using Secure UARTHOST tool.

    I hope this helps.

    BTW, I send you the code to you now.
  • 0 in reply to Titusrathinaraj Stalin
    Genius 3500 points
    Thank you so much!
  • 0 in reply to FrankXu
    Genius 3500 points

    Hi Titusrathinaraj Stalin,

    When do we use NONSECURE and when do we use SECUREWITHSK?
    The ini file says:
    ; NONSECURE = Device switches from secure type to non-secure type, jumping to loaded code
    ; (no secure kernel since no longer secure device).
    ; SECUREWITHSK = Device remains as secure type, secure kernel is loaded, allowing run-time
    ; security context switching.
    ; SECURENOSK = Device remains as secure type, secure kernel is NOT loaded, no run-time
    ; security context switching available.
    But I'm haven't fully understood.
    When I need to do KEY encription with Secure Kernal API, I need to set SECUREWITHSK.
    But when do I need to set NONSECURE? Can I just always set SECUREWITHSK?
    And when do we set SECURENOSK?

    I want to add the encrypt program in the front of my applicaiton program. So that, when first power up, the CEK is encrypted. So, I have to use SECURENOSK.

    But, I find in this post: http://e2e.ti.com/support/dsp/tms320c6000_high_performance_dsps/f/115/t/200098

     said:" Unless you have to use an encrypted module, you should exit the secure boot device in Nonsecure mode so that application can run without any memory protection or IO protection restrictions."

    Can I just use SECURENOSK?

    Thank you.
    Frank

  • 0 in reply to FrankXu
    TI__Guru** 116100 points
    You have to use "SECUREWITHSK" when your code has the secure APIs and use "NONSECURE" when your code doesn't has any secure kernel APIs.
    Generally we use "SECUREWITHSK" when we do binding as binding example uses Secure kernel APIs to do binding process.
  • 0 in reply to Titusrathinaraj Stalin
    Genius 3500 points
    I want to add the encrypt program in the front of my applicaiton program. So that, when first power up, the CEK is encrypted.
    So, I should set SECURENOSK in the ini file.
    And I should use SK_switchNonSec to switch back to NOSECURE after the encrypt program and before my application program.
    Right?
  • 0 in reply to Titusrathinaraj Stalin
    Genius 3500 points

    I find in this post:

    Rahul Prabhu said:" Unless you have to use an encrypted module, you should exit the secure boot device in Nonsecure mode so that application can run without any memory protection or IO protection restrictions."

    Q1: Can I use SECUREWITHSK, while disable all of the MPUs and IOPUs?

    Q2: I find in the ini file :

    ; This section allows configuration of one the systme IOPUs.

    ; The iopuNum field must be valid (0-5) and then mppaStart

    ; and mppaend fields allow setting a range of mppa MMRs to the

    ; same supplied mppa value.

    ; IOPUSELECT: |  RSVD  | iopuNum| mppaStart |  mppaEnd  |

    ; MPPAVALUE:  |              mppaValue                  |

    [IOPUCONFIG]

    IOPUSELECT = 0x000000FF

    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]

    IOPUSELECT = 0x000100FF

    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]

    IOPUSELECT = 0x000200FF

    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]

    IOPUSELECT = 0x000300FF

    MPPAVALUE  = 0xFFFFFFFF

    [IOPUCONFIG]

    IOPUSELECT = 0x000600FF

    MPPAVALUE  = 0xFFFFFFFF

    But I don't know how to set these values. I have read the files you give me:

    Memory_Protection_03_2012_v01.pdf and IOPU_Users_Guide.pdf, but there are only a few information, 

    and there is no information on IOPU in the TMS320C6748 DSP Technical Reference Manual (Rev. A).pdf.

    Q2:Why the IOPUnum is 0x06 in the last setting? I think there is only IOPU0 IOPU1 IOPU2IOPU3. The IOPU_Users_Guide.pdf didn't mention there is IOPU6.

    Q3:And MPPAVALUE  = 0xFFFFFFFF, does that means access permitted? But I find that, when use SECUREWITHSK, the GPIO can not work.