- Ask a related questionWhat is a related question?A related question is a question created from another question. When the related question is created, it will be automatically linked to the original question.
Tool/software:
Hi TI,
We are seeking clarification on several aspects of the keywriter mechanism and secure boot processes as we are integrating these technologies into our production. Below are some detailed questions we hope to have answered:
What is the function of the certificate generated by using gen_keywr_cert.sh? Is there a relation between smek.key, the public key from smpk.pem and the key writing certificate?
Is the code in the keywriter additional package not actually keywriter code? What is the relation between Keywriter Code, SBL and Tools(Certificate generation) and how do they work?
What is the purpose of the folder source/security/tifs/sbl_keywriter/scripts/cert_gen/common/keys_devel?
How does the keywriter image write keys into the chip's otp efuse?
Is the following process during factory production feasible?
a. The programming station writes the key writer image to a RAM address via CAN, where it executes to write keys.
b. The programming station writes signed production software to Flash via CAN.
c. Power cycle the device, and secure boot becomes effective.
Is the entire binary image file encrypted using smek.key for SBL and HSM runtime firmware? Is this encryption process completed during compilation? Are the so-called HS-SE device signed SBL and HSM firmware actually both signed and encrypted image files?
Is the signature calculated based on the encrypted image or the unencrypted image? That is, what is the sequence of encryption and signing?
We appreciate your assistance in providing detailed explanations to these inquiries, which will help us ensure our implementation aligns with best practices and technical specifications.
Best regards,
Cesc Yang.
