MCU-PLUS-SDK-AM263X: AM263x

Anandakrishnan R

Part Number: MCU-PLUS-SDK-AM263X
Other Parts Discussed in Thread: UNIFLASH

What is the relation between devconfig.mak file in sdk and a binary image (for example:helloworld), if this binary image needs to be made secure for flashing in a secure device. Iam not asking about secure boot flow. What i need to know is that, after performing secure booting, how can we flash a binary image onto a secure device. If we need to flash a binary image, we need to make it secure,so how we can make a binary file into secure one. what is the relation of devcofig.mak file in making that binary file secure. How HSM is involved. please answer this as soon as possible.

over 1 year ago

0 Aakash Kedia over 1 year ago

TI__Mastermind 26145 points

Hi Anandakrishnan R,

The makefile for SBL or Application require devconfig.mak to get the details of which keys to be used, device type, debug requirement, encryption mode etc. is required.

Example : <SDK>/drivers/boot/sbl_qspi/am263x-cc/r5fss0-0_nortos/ti-arm-clang/makefile

For the example mentioned by you, the parameters such as DEVICE_TYPE, ENC_ENABLED, APP_SIGNING_KEY, APP_ENCRYPTION_KEY and the environment dependency of "post-build" for Secure Boot is handled by devconfig.mak.

In case of flashing, you require your flashing image to be securely booted. Hence, the sbl_uart_uniflash is required to be signed by Customer MPK keys. That is why in case of HSSE device, you will see the flashing is done via sbl_uart_uniflash.hs.tiimage and not sbl_uart_uniflash.tiimage.

https://software-dl.ti.com/secure/software/sitara-sec/AM263X-RESTRICTED-SECURITY/TIFS_MCU/zlatest/tifs_am263x_latest_docs_only/docs/api_guide_am263x/html/EXAMPLES_HSM_GET_VERSION.html?__gda__=1709561824_f8c57242e55ab8b2c4f907af1f23f31d#autotoc_md179

I hope this helps.

Best Regards,
Aakash

Arm-based microcontrollers

Arm-based microcontrollers forum

MCU-PLUS-SDK-AM263X: AM263x