• State Resolved
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 139 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

Original question:

LP-AM243:UART Uniflash Procedure on LP-AM243

LP-AM243:Secure Boot logs

Yukinobu Hasinoguti
Prodigy 70 points
Part Number: LP-AM243

Tool/software:

Hi,


I have switched my LP-AM243x (PROC109A) to HS-SE to perform secure boot verification.
To confirm that secure boot is enabled, I replaced custMpk_am64x_am243x.pem with mcu_custMpk.pem in the tools/boot/signing folder and created "sbl_ospi.Debug.hs.tiimage".
(I hope the boot will fail).
When I write this "sbl_ospi.Debug.hs.tiimage" nothing seems to boot as expected, but I can't tell if the authentication is failing because nothing is logged.
Is it possible to output a log of the authentication failure?
Please let me know how to output the log.

Regards,
Yukinobu

  • 0
    TI__Mastermind 37681 points

    Hi Yukinobu,

    There will be no logs from the ROM for the authentication failure.

    If the ROM fails to boot from the Primary offset (0x0) of OSPI, it will do the following:

    • Try booting from the Redundant offset (0x400000) of OSPI.
    • If even the redundant boot fails, try booting from the backup boot media.

    Regards,

    Prashant

  • 0 in reply to Prashant Shivhare
    Prodigy 70 points

    Hi Prashant,

    Prashant Shivhare said:

    There will be no logs from the ROM for the authentication failure.

    If the ROM fails to boot from the Primary offset (0x0) of OSPI, it will do the following:

    • Try booting from the Redundant offset (0x400000) of OSPI.
    • If even the redundant boot fails, try booting from the backup boot media.

    Which document does this appear in?
    I'm sorry, but please let me know which document I should check.

    I also followed the steps in "AM64x Academ" to unlock the JTAG, but I failed to unlock the JTAG. Is there something I'm doing wrong?

    1 openssl req -new -x509 -key custMpk.pem -nodes -outform der -out debug_unlock_cert.der -config signing_config.txt -sha512

2 ./dbgauth -c ~/.ti/ccs1271/0/0/BrdDat/ccBoard0.dat -x xds110 -s cs_dap_0 -o unlock -m 3 -f ./debug_unlock_cert.der
Using board config file: C:/Users/hasinoguti/.ti/ccs1271/0/0/BrdDat/ccBoard0.dat

Successfully opened certificate file ./debug_unlock_cert.der.
Read 1688 bytes from certificate file ./debug_unlock_cert.der.
RUNTIME ERROR(XDS): GTI_INIT exited with error
The unlock routine failed; the target device is still locked.
Check the unlock key and board configuration.

  • 0 in reply to Yukinobu Hasinoguti
    TI__Mastermind 37681 points

    Hi Yukinobu,

    Yukinobu Hasinoguti said:
    Which document does this appear in?

    This is explained in the Initialization chapter of TRM.

    Yukinobu Hasinoguti said:
    I also followed the steps in "AM64x Academ" to unlock the JTAG, but I failed to unlock the JTAG. Is there something I'm doing wrong?

    It is not required to do this JTAG unlocking procedure manually. The SBL is built with the Debug Extension enabled in its certificate. The ROM will perform the JTAG unlocking as part of booting the SBL.

    Regards,

    Prashant

  • 0 in reply to Prashant Shivhare
    Prodigy 70 points

    Hi Prashant,

    I was able to connect the JTAG, but when I step through the sample SBL null with CCS, it does not return from Bootloader_socWaitForFWBoot().

    Can I debug the SBL with CCS in the first place?
    Or am I following the wrong procedure?

    1. Select R5_0_0 and execute "Connect Tagert
    2. Execute CPU Reset
    3.Run->Load->Load Program to load SBL
    4. Press F6(Step Over) when main() stops.

    Regards,
    Yukinobu

  • +1 in reply to Yukinobu Hasinoguti
    TI__Mastermind 37681 points

    Hi Yukinobu,

    The SBL cannot be loaded and run directly from CCS. The SBL must be booted by ROM. To debug the SBL, you could trap the execution in an infinite loop and let the ROM boot it as usual like from OSPI. Then, you could connect to the R5F core, load the SBL symbols, bring the execution out of infinite loop, and start the debugging.

    Please refer the following FAQ

    https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1294675/faq-am62x-am64x-faq-debugging-sbl-boot-in-rtos-sdk

    Regards,

    Prashant