• State Answer Suggested
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 488 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM2434: Custom boards cannot boot prebuild SBLs

Mario Filipovic
Prodigy 20 points
Part Number: AM2434
Other Parts Discussed in Thread: TMDS243EVM

Hi,

We are unable to boot SDK provided prebuild SBL binaries(hs_fs).

Binaries boot normally on our TMDS243EVM development kit, but when we received our custom boards, we can't boot those binaries.

I suspect that there is a problem with signing keys.

Can you show us how to load those keys on our off-the-shelf processors for testing purposes?

Processor: AM2434BSFFHIALV

SDK: mcu_plus_sdk_am243x_08_05_00_24

  • 0
    Mastermind 8855 points

    I'm no expert here but my guess is you need the OTP Key Writer. This is available in 'My secure resources' under your 'myTI dasboard'.

    If you don't have access, you can request it here:

    AM2434 data sheet, product information and support | TI.com

    Click 'Request now':

  • 0
    TI__Expert 8165 points

    Hi, 

    For HS-FS devices you don't need special keys to sign the binaries. To know the exact SOC information, can you share with me the SOC ID? SOC ID is a hex string printed on the UART console when you power-reset the board while it is in UART boot mode. It will start with 020 and will be 400 chars.

    Regards,
    Anand Mahadevan SS

  • 0
    Expert 1330 points

    Kindly follow the previous suggestions. Since it's a custom-made PCB, I think you'd better perform some PCB testing. You can test with a multimeter to see if there is an accidental short circuit or a broken trace.  You can also make a miniature  PCB tester like thiswww.pcbway.com/.../Miniature_PCB_Tester_c2b226d2.html

    It will help you testing any PCB you make. 

  • 0
    Prodigy 20 points

    So, here is my progress until now.

    I've wrote sbl_ospi to the OSPI flash at offset 0x0000 and hello_world at offset 0x80000.

    But when i try to boot from OSPI, it errors out in function Bootloader_socAuthImage (Returns 0xFFFFFFFF)

    If i bypass certificate check, then it boots the application normally and everything works as expected:

    mcu_plus_sdk_am243x_08_05_00_24/source/drivers/bootloader/bootloader.c

    ....
            
    // Bypassing cert verify"
    // if(authStatus == SystemP_FAILURE)
    // {
    //     status = SystemP_FAILURE;
    // }
    // else
    {
        /* Authentication passed, all good. Now re-init bootloader params to point to image start instead of start of x509 certificate */
        if(config->bootMedia == BOOTLOADER_MEDIA_MEM)
        {
            Bootloader_MemArgs *memArgs = (Bootloader_MemArgs *)(config->args);
            memArgs->appImageBaseAddr += certLen;
        }
....

    Does that mean that our MCUs don't have correct keys for this x509 certificate verification?

  • 0 in reply to Mario Filipovic
    TI__Expert 8165 points

    Hi Mario,

    It is possible that there is something wrong in the signing process. Can you send me the appimage which you were trying to boot and the SoC ID as requested?

    Regards,
    Anand Mahadevan SS

  • 0 in reply to Anand Mahadevan SS
    Prodigy 20 points

    HI Anand,

    Here is the SoC ID and app image

    02000000011a0000616d3634780000000000000048534653000002000000020002a6000000000000b018658ad99dc903c8c9bfb27b12751099920a042ad1dfea7b7ba57369f15546de285edde6a7b39a8bdc40a27b237f8fb1e57f245e80b929c1e28b024aa2ecc6ad0bc40b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001427d038c66e837af648c0e042ca046e1019bd3e6a6782296dd46117ee06e247
    sbl_usb_cust_uniflash_am243x-evm_r5fss0-0_nortos_ti-arm-clang.appimage.tar

  • 0 in reply to Mario Filipovic
    TI__Expert 8165 points

    Hi Mario,

    Your device is HS-FS. Did you use the appimages build for HS-FS when you tried booting? It will use only degenerate keys to sign in case of HS-FS devices, so I don't think you need to use OTP KW to burn keys at this stage. Let me know if you see the issue with the HS-FS appimages.

    Regards,
    Anand Mahadevan SS