• State Resolved
  • Locked Locked
  • Replies 17 replies
  • Answers 5 answers
  • Subscribers 31 subscribers
  • Views 555 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

MCU-PLUS-SDK-AM263X: Failed to run signed code on HF-SE AM2634 device

MCU-PLUS-SDK-AM263X: MCU-PLUS-SDK-AM263X

vanni vinti
Prodigy 70 points
Part Number: MCU-PLUS-SDK-AM263X
Other Parts Discussed in Thread: AM2634, UNIFLASH

Hi all,

I'm re-proposing an old question since my issue is still unresolved and the other topic is locked.

I'm trying to test the HS-SE mode features of the  AM2634 MCU.

I'm working on an AM263x Control card on which I was able to set the HF-SE mode. I'm using the following libraries:

- MCU_PLUS_SDK_AM263X_09_01_00_41

- OTP_KEYWRITER_AM263X_SR_11_09_01_00_05

- TIFS_AM263X_09_01_00_03

- OpenSSL 1.1.1

I used the following command to generate the keywriter certificate, according to the official documentation:

./gen_keywr_cert.sh -t tifek/am263x/SR_11/ti_fek_public.pem --msv 0x1E22D --msv-protect -b keys_devel/bmpk.pem --bmek keys_devel/bmek.key -b-protect --bmek-protect -s keys_devel/smpk.pem --smek keys_devel/smek.key -s-protect --smek-protect --sr-sbl 1 --sr-hsmRT 1 --sr-app 1 --keycnt 2 --keycnt-protect --keyrev 1 -d am263x --devSrVer SR_11

After running the keywriter on the device, I have the following RBL dump:

---------------------------
SoC ID HW Info:
---------------------------
partID : 0x0
partNumber : 0x2
PGVer : 0x3
ROMVer : 0x2
MetalVer : 0x1
---------------------------
SoC ID R5 ROM Info:
---------------------------
r5 ROM Ver : 0x10100
---------------------------
SoC ID HSM Pub ROM Info:
---------------------------
devName : AM263X
devType : 0xabcd0006 --> HS_SE
hsm ROM Ver : 0x10100
---------------------------
SoC ID HSM Sec ROM Info:
---------------------------
Prime : 0x1
Key Rev : 0x2
Key Count : 0x1
SWRV SBL : 0x1
SWRV HSM : 0x1
TI MPK Hash : ec54cc16cd1ffccab7fd81fd82c998b305c6ac0c12cccf21a610fc1ad7159b1ad20acd69adabf72f1eed15021e26766d2f212d135b6bebf5e5e76c06ac87a6e4
Cust MPK Hash : ce0c44734447afec12ba0b2226c3bdbc15576d212323ece46a9c4ccd6a463e417086083fee572a09a9496dbed447a9f13f9cf535fad75b18e0ee095a4e783c62
Unique ID : a21bf27e0e130cb4ea20898ff70c923779ec1bd222e8aa42243d2422d89f7f609bd30440fcafd1ee1d83912b973702b5a3d756b2bbd246053f6344faf495d954

Now that the card is HS-SE mode, I'm trying to flash my owm SBL.

To do this I built the SBL_UART_UNIFLASH with the following command:

make -s -C examples/drivers/boot/sbl_uart_uniflash/am263x-cc/r5fss0-0_nortos/ti-arm-clang/ all DEVICE=am263x DEVICE_TYPE=HS DEBUG_TIFS=no DEBUG_OPTION=DBG_PUBLIC_ENABLE

 

After having completed  the SBL_UART_UNIFLASH  transfer via XMODEM, the MCU stucks and the further SBL code transfer doesn't start as expected.

As suggested on the previous topic, I tried to connect the debug in attach-mode, following this guide.

e2e.ti.com/.../faq-mcu-plus-sdk-am243x-how-to-debug-sbl_qspi-for-am263-and-am273-or-sbl_ospi-for-am243-or-an-application-which-is-booted-via-ospi-qspi-boot

but the JTAG port remains locked.

Please, can anyone tell me what can be wrong?

Thanks.

  • 0
    TI__Mastermind 26015 points

    Hi ,

    vanni vinti said:
    TIFS_AM263X_09_01_00_03

    If you have the TIFS-MCU release, I would suggest you to build the TIFS-MCU before building the SBL.

    Please follow the steps mentioned here in the Academy section for AM26 device - https://dev.ti.com/tirex/explore/node?node=A__AZyrdnzxJ0B3S8PgTPuq8Q__AM26X-ACADEMY__t0CaxbG__LATEST

    Best Regards,
    Aakash

  • 0
    Prodigy 70 points

    Hi Aakash Kedia,

    thank you for your support.

    I tried to follow the Academy section you mentioned, but there is some step not completely clear to me.

    For example, do I need to insert the HSM runtime code upload stage in my SBL_UART_UNIFLASH project?

    The aim of this project is only to provide an XMODEM server to burn a QSPI_SBL on flash, so I didn't add any encripted HSM image load on it.

    Considering the HF-SE state of my board, should I still consider the HSM firmware upload as mandatory for the SBL_UART_UNIFLASH t as well?  I've just signed this  code with my SMPK key at the moment.

    BR,

    Vanni

     

  • 0 in reply to vanni vinti
    TI__Mastermind 26015 points

    Hi ,

    If you check the flow, the SBL and HSM Run Time Firmware requires rebuilding when you move from HSFS to HSSE firmware due to change of Root of Trust.

    vanni vinti said:
    For example, do I need to insert the HSM runtime code upload stage in my SBL_UART_UNIFLASH project?

    Yes. After all, SBL_UART_UNIFLASH is also a type of SBL which requires rebuilding as the SBL needs to be signed with your(or default dummy) rootkeys.

    vanni vinti said:
    Considering the HF-SE state of my board, should I still consider the HSM firmware upload as mandatory for the SBL_UART_UNIFLASH t as well?  I've just signed this  code with my SMPK key at the moment.

    Rebuilding the example with 'DEVICE=am263x DEVICE_TYPE=HS DEBUG_TIFS=no DEBUG_OPTION=DBG_PUBLIC_ENABLE' will automatically take care of HSSE device.

    I hope this helps.

    Best Regards,
    Aakash

  • 0 in reply to Aakash Kedia
    Prodigy 70 points

    Hi Aakash Kedia,

    I imported the HSM project on CCS and set the build behaviour as follow:

    I also modified the TIFS devconfig.mak file to use my custom keys:

    Here the compiler output.  You can see the used custom keys are correct and the hsmRtImg.h is correctly copied in the relevant SDK_PLUS folder:

    After that, I modified the SBL_UART_UNIFLASH example to upload the HSM code this way:

    In this project I set the following build behavior on CCS: DEVICE=am263x DEVICE_TYPE=HS DEBUG_TIFS=no DEBUG_OPTION=DBG_PUBLIC_ENABLE

    but again, after having sent it to the board via XMODEM, I'm still not able to connect to it with JTAG. I already excluded any GEL file execution and any reset option on connect and you can also notice that I added an infinite loop after the HSM load to allow an easy debug's attachment.

    I also modified the SDK's devconfig.mak file to point to the same customer keys. 

    Did I miss some point?

    BR,

    Vanni Vinti

     

  • 0 in reply to vanni vinti
    TI__Mastermind 26015 points

    Hi Vanni Vinti,

    Your flow is completely good !

    The only thing I am suspecting now is OpenSSL version on your setup. Are you using OpenSSL version 1.1.1 (as you are on SDK 09.01) ?

    Best Regards,
    Aakash

    PS : Anyway -

    vanni vinti said:
    After that, I modified the SBL_UART_UNIFLASH example to upload the HSM code this way:

    This step may not be required. You can revert these changes if required. As highlighted by you, the HSMRt Firmware/TIFS-MCU is not really required for this version of SBL.

  • 0 in reply to Aakash Kedia
    Prodigy 70 points

    Hi,

    I'm using the following SSL library:

    Please consider that I was able to build and run others SBL projects for different QSPI flash devices support and if the library was not correct, they shouldn't run even on HS-FS device, correct?

    BR,

    Vanni

  • 0 in reply to vanni vinti
    TI__Mastermind 26015 points

    Hi Vanni,

    Let's have a short debug call to address this issue. Please send an invite via the TI contact or send me a Friend Request.

    Best Regards,
    Aakash

  • 0 in reply to Aakash Kedia
    TI__Mastermind 26015 points

    Hi Vanni,

    I think the device is flashed with dummy keys provided via SDK i.e. 

    SMEK : https://github.com/TexasInstruments/mcupsdk-core/blob/next/tools/boot/signing/mcu_custMek.key
    SMPK : https://github.com/TexasInstruments/mcupsdk-core/blob/next/tools/boot/signing/mcu_custMpk.pem

    Can you try using the same ? I can confirm that the SMPK is still the same, so you can try without encryption first.

    Can you reassess your steps ? Looks like you did some mistake while using the OTP Key Writer.

    Best Regards,
    Aakash

  • 0 in reply to Aakash Kedia
    Prodigy 70 points

    Hi Aakash,

    if my device is flashed with dummy TI keys, why the boot log shows the HASH of my custom key?

    Anyway, I'll do this test and let you know,

    BR,

    Vanni

  • 0 in reply to vanni vinti
    Prodigy 70 points

    Hi Aakash,

    I've just completed the test you suggested me, but the SBL code is still not running and the JTAG port remain locked.

    BR,

    Vanni

  • 0 in reply to vanni vinti
    TI__Mastermind 26015 points

    Hi Vanni,

    I see the hash on the RBL print is same for the hash on the devices with TI dummy keys. There is no way to verify the encryption key, so I would suggest you to disable the encryption key before using the same in the SBL (in the devconfig.mak).

    Best Regards,
    Aakash

  • 0 in reply to Aakash Kedia
    Prodigy 91 points

    Hi Aakash,

    I also have an AM263x dev board, and I have the following RBL dump:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    ---------------------------
    SoC ID HW Info:
    ---------------------------
    partID : 0x0
    partNumber : 0x2
    PGVer : 0x3
    ROMVer : 0x2
    MetalVer : 0x1
    ---------------------------
    SoC ID R5 ROM Info:
    ---------------------------
    r5 ROM Ver : 0x10100
    ---------------------------
    SoC ID HSM Pub ROM Info:
    ---------------------------
    devName : AM263X
    devType : 0xabcd0004 --> HS_FS
    hsm ROM Ver : 0x10100
    ---------------------------
    SoC ID HSM Sec ROM Info:
    ---------------------------
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    I have never used any of the security features of this board (we're trying to replicate the security flow with this brand new board) and as can be seen in the dump the hash for the "Cust MPK Hash" is all zeroes. If there is no way to verify the encryption key, what does that indicate?

    Thanks for the insight,

    Riccardo

  • 0 in reply to Riccardo Belli
    TI__Mastermind 26015 points

    Hi ,

    In this board -

    1. The Cust MPK Hash is not yet programmed
    2. The Key Revision, Key Count, SW Revisions are not yet programmed.

    In the previous mentioned scenario, Vanni is still trying to enable secure boot but that is not enabled, due to use of incorrect SMPK. The SBL boot also depends on SMPK as well as Encryption Key i.e. SMEK if the encryption is enabled.

    As Encryption is optional feature, as the key is lost, the device can still be used without encryption. You can disable the encryption and use the SBL as the same.

    Best Regards,
    Aakash

  • 0 in reply to Aakash Kedia
    Prodigy 91 points

    Hi,

    Vanni already did the test with the encryption feature disabled, as he mentioned in 5121959, but the board still doesn't work in that state.

    What do you suggest we try next? Maybe we can schedule another debug call to further clarify the issue?

    BR

    Riccardo

  • 0 in reply to Riccardo Belli
    TI__Mastermind 26015 points

    Hi ,

    Sure. Please send the invite for the same.

    Same time as the last time.

    Best Regards,
    Aakash

  • 0 in reply to Aakash Kedia
    Prodigy 91 points

    Hi,

    I just sent you a private message.

    BR

    Riccardo

  • +1 in reply to Riccardo Belli
    TI__Mastermind 26015 points

    Hi,

    As per our call, we were able to completely solve the problem as per the documented flow with no identified issue.

    Best Regards,
    Aakash