AM2634: AM2634

Krishna P

Part Number: AM2634

How to create a X.509 certificate and combine it with the image, to be booted when MCU + SDK, and OTP keywriter is provided

over 2 years ago

0 Aakash Kedia over 2 years ago

TI__Mastermind 26145 points

Hi Krishna P,

Can you please elaborate your use case ?

X.509 image generation and its merge with original image is something already showcased in tools/boot/signing/mcu_rom_image_gen.py

Generation -

Merge with Original Image -

What is the exact requirement from OTP Key Writer ?

Best Regards,
Aakash

0 Krishna P over 2 years ago in reply to Aakash Kedia

Prodigy 20 points

My doubt is that for generating the certificates should we always use gen_keywr_cert.sh file run the commands or edit the mcu_rom_image_gen.py file as per our requirements, or use mcu_rom_image_gen.py only for signing the image

0 Krishna P over 2 years ago in reply to Aakash Kedia

Prodigy 20 points

For app image a certificate should be generated and configured, how can it be generated and which file should be used, and how to sign the same

0 Aakash Kedia over 2 years ago in reply to Krishna P

TI__Mastermind 26145 points

Hi Krishna P,

Which certificate are you talking about ?

mcu_rom_image_gen.py is required for ROM certificates i.e. SBL and HSM Run Time Certificates.

For Key Writer Certificates gen_keywr_cert.sh is used. The extensions are completely different from SBL and HSM Run Time Certificate.

For App Image Certificates, it can either be TI defined (as in TIFS-MCU format) or you can choose to create your custom format in case you have custom HSM Run Time Firmware.

In MCU+ SDK, with the delivered TIFS-MCU image for App Image Signing - mcu_appimage_x509_cert_gen.py is used.

I hope it helps.

Best Regards,
Aakash

0 Krishna P over 2 years ago in reply to Aakash Kedia

Prodigy 20 points

Hi Aakash,

in the case of key writer crtificates, i used gen_keywr_cert.sh and an error occured saying it could'nt load ti_fek_public.pem file. and could not accese the secondary and primary cert .bin files, how can it be resolved

Aakash Kedia said:
mcu_rom_image_gen.py is required for ROM certificates i.e. SBL and HSM Run Time Certificates.

for configuring the OID's certificate what should be done, in case of SBL and HSM

0 Aakash Kedia over 2 years ago in reply to Krishna P

TI__Mastermind 26145 points

Hi Krishna P,

Can you share which release are you using ? Can you also share the snippet of the issue ?

Krishna P said:
for configuring the OID's certificate what should be done, in case of SBL and HSM

https://kernelmanic.com/2020/06/20/generating-certificates-with-custom-oids-using-openssl/

I hope it helps.

Best Regards,
Aakash

Arm-based microcontrollers

Arm-based microcontrollers forum

AM2634: AM2634