• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 326 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MCU-PLUS-SDK-AM263X: Failed to run signed code on HF-SE AM2634 device

vanni vinti
Prodigy 80 points
Part Number: MCU-PLUS-SDK-AM263X
Other Parts Discussed in Thread: AM2634, UNIFLASH

Hi all,

I'm trying to test the HS-SE mode features of the  AM2634 MCU.

I'm working on an AM263x Control card on which I was able to set the HF-SE mode, using the following libraries:

- MCU_PLUS_SDK_AM263X_09_01_00_41

- OTP_KEYWRITER_AM263X_SR_11_09_01_00_05

- TIFS_AM263X_09_01_00_03

- OpenSSL 1.1.1

I used the following command to generate the keywriter certificate, according to the official documentation:

./gen_keywr_cert.sh -t tifek/am263x/SR_11/ti_fek_public.pem --msv 0x1E22D --msv-protect -b keys_devel/bmpk.pem --bmek keys_devel/bmek.key -b-protect --bmek-protect -s keys_devel/smpk.pem --smek keys_devel/smek.key -s-protect --smek-protect --sr-sbl 1 --sr-hsmRT 1 --sr-app 1 --keycnt 2 --keycnt-protect --keyrev 1 -d am263x --devSrVer SR_11

After running the keywriter on the device, I have the following RBL dump:

---------------------------
SoC ID HW Info:
---------------------------
partID : 0x0
partNumber : 0x2
PGVer : 0x3
ROMVer : 0x2
MetalVer : 0x1
---------------------------
SoC ID R5 ROM Info:
---------------------------
r5 ROM Ver : 0x10100
---------------------------
SoC ID HSM Pub ROM Info:
---------------------------
devName : AM263X
devType : 0xabcd0006 --> HS_SE
hsm ROM Ver : 0x10100
---------------------------
SoC ID HSM Sec ROM Info:
---------------------------
Prime : 0x1
Key Rev : 0x2
Key Count : 0x1
SWRV SBL : 0x1
SWRV HSM : 0x1
TI MPK Hash : ec54cc16cd1ffccab7fd81fd82c998b305c6ac0c12cccf21a610fc1ad7159b1ad20acd69adabf72f1eed15021e26766d2f212d135b6bebf5e5e76c06ac87a6e4
Cust MPK Hash : ce0c44734447afec12ba0b2226c3bdbc15576d212323ece46a9c4ccd6a463e417086083fee572a09a9496dbed447a9f13f9cf535fad75b18e0ee095a4e783c62
Unique ID : a21bf27e0e130cb4ea20898ff70c923779ec1bd222e8aa42243d2422d89f7f609bd30440fcafd1ee1d83912b973702b5a3d756b2bbd246053f6344faf495d954

I verified that the reported custom MPK hash corresponds to the SMPK key., ieven if the Key revision is equal to 2.

Now I'm trying to flash a new signed/encripted SBL_QSPI firmare in uart boot mode by means a new signed/encripted sbl_uart_uniflash code.

To do this I followed these steps:

1. I signed/encripted the sb_uart_uniflash utilities with the custom keys

2. I signed/encripted a new SBL_QSPI firmware with the custom keys

3. I sent via xmodem the sbl_uart_uniflash utility in uart boot mode

When I finish the code transfer at point 3., the MCU stucks and it's not able to transfer and flash  the SBL_QSPI code.

Please, can you tell me if I'm wrong on some of these steps?

In the RBL dump I also noticed that the KEY_REV value is greater than the KEY_COUNT value and this could not be possible, according the documentation. Is this due to a dump bug or what?

Thanks.