AM2634: How to optimize secure boot time on AM2634?

Ni Hua

Prodigy 235 points

Part Number: AM2634

Hi Ti,

Could you please help answer the following questions?

How to optimize secure boot on AM2634 to reduce the secure boot time?

The current test information is as follows:

DEVICE TYPE: HS-SE

SDK version: mcu_plus_sdk_am263x_09_01_00_41-windows-x64

tifs version: tifs_am263x_09_01_00_03-windows-x64

SBL size is 350KB, APP size is 1100KB, TIFS size is 117KB. The test secure boot time under these conditions is around 1 second.

The current confirmation mainly consumes time in the signature verification interface of the APP, Bootloader_verifyMulticoreImage->Bootloader_socAuthImage.

This issue is quite urgent, please help resolve it as soon as possible.

thanks.

over 2 years ago

0 Aakash Kedia over 2 years ago

TI__Mastermind 26195 points

Hi Ni Hua,

TIFS-MCU reads the QSPI flash directly via 200MHz frequency via CPU which is very limiting. My suggestion is to read the data directly via EDMA from R5F CPU which executes at 400MHz. This will give you 15x better performance in-terms of read. The accelerator performance will be much optimized for AM2634 if running the same on RAM.

SHA Performance from R5F - https://software-dl.ti.com/mcu-plus-sdk/esd/AM263X/latest/exports/docs/api_guide_am263x/DATASHEET_AM263X_EVM.html#autotoc_md387

AES Performance from R5F - https://software-dl.ti.com/mcu-plus-sdk/esd/AM263X/latest/exports/docs/api_guide_am263x/DATASHEET_AM263X_EVM.html#autotoc_md384

Note : This recommendation is still not the best performance. This will further be improved once the DTHE is integrated with EDMA.

All the above mentioned optimizations and integrations are planned for 10.00 release due Aug 2024.

Best Regards,
Aakash

0 Ni Hua over 2 years ago in reply to Aakash Kedia

Prodigy 235 points

Hi Aakash,

Because of the urgency, could you please provide the patch for optimizing the secure boot time first?

thanks.

0 Ni Hua over 2 years ago in reply to Aakash Kedia

Prodigy 235 points

Hi Aakash,

Here are the questions that need assistance:

1、Is it feasible to port the FLASH driver to TIFS and then use the flash_read interface to read the APP image for verification?
2、In the SBL, direct access to the FLASH address is not possible; flash_read interface needs to be called first. Why is it that TIFS can directly access it? Currently, the SBL directly sends the APP address in FLASH to TIFS for verification.

thanks.

0 Shivasharan Nagalikar over 1 year ago in reply to Ni Hua

TI__Expert 8760 points

Moving the thread to Closed State because of the inactivity. Please create new thread if issue still not addressed.

Best Regards, Shiv

Arm-based microcontrollers

Arm-based microcontrollers forum

AM2634: How to optimize secure boot time on AM2634?