• State TI Thinks Resolved
  • Locked Locked
  • Replies 14 replies
  • Answers 4 answers
  • Subscribers 30 subscribers
  • Views 392 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM2632: Editing the OTP on Signed Devices (HS-SE)

HS FAE Germany
Mastermind 32220 points
Part Number: AM2632

Tool/software:

Hi,
with an already signed device (HS-SE) customer wanted to count up the software revision in the OTP memory. However, the operation was aborted because the HSM RT is not properly signed. That is understandable. In order to be able to edit the OTP with signed devices, they need the binary of the HSM RT so that they can sign it correctly. Is this HSM RT Binary available for the OTP Keywriter?

Regards, Holger

  • 0
    TI__Mastermind 44834 points

    Hi Holger,

    1. Does customer have TIFS SDK ? If not please ask them to request the same here: www.ti.com/.../AM263X-RESTRICTED-SECURITY

  • 0 in reply to Nilabh Anand
    TI__Mastermind 44834 points

    Now assuming the customer has TIFS SDK, for a HSSE device, customer needs to build the HSM RT Image with following command which is also mentioned in the TIFS documentation:

    make -s -C hsm_firmware/am263x/hsse/hsm0-0_nortos/ti-arm-clang DEVICE=am263x DEVICE_TYPE=HS

    With this the updated HSM RT image will be generated and will get copied to the SDK security folder.

    Then they need to rebuild the SBLs:

    gmake -C examples/drivers/boot/sbl_qspi/am263x-cc/r5fss0-0_nortos/ti-arm-clang DEVICE=am263x DEVICE_TYPE=HS 

  • 0 in reply to Nilabh Anand
    TI__Mastermind 44834 points

    The signed SBL image will have extension .hs and similarly they need to build the signed application image.

    rest of the process of flashing the image is same.

  • 0 in reply to Nilabh Anand
    TI__Mastermind 32220 points

    Hi Nilabh,
    That's not directly what customer wants to know…
    There is a .h file of an HSM RT in the SDK. Is this a special HSM RT or does it correspond to the TIFS package?
    The size of the two arrays are different. He signed the HSM RT from the TIFS package with the TI Key.

    Regards, Holger

  • 0 in reply to HS FAE Germany
    TI__Mastermind 44834 points
    HS FAE Germany said:
    There is a .h file of an HSM RT in the SDK. Is this a special HSM RT or does it correspond to the TIFS package?

    This is keywriter hsmrt image, it is from OTP Keywriter. There is no relation between OTRP keywriter and TIFS SDK.

    I am not sure what is the question here? Why customer is trying to use OTP Keywriter binary on HSSE device.

    The extended OTP Programming should be done using the TIFS SDK example.

  • 0 in reply to Nilabh Anand
    TI__Mastermind 32220 points

    Hi Nilabh,

    they do not want to use such functions in their standard firmware. If they want to change the OTP data in the field, then the most plausible way is to go via the OTP Keywriter.
    What about this HSM RT specifically so that this should not work?
    Why can we release the binary in order to create the CA with the customer’s signature?

    Regards, Holger

  • 0 in reply to HS FAE Germany
    TI__Mastermind 44834 points

    Hi HS,

    I am sorry but I am still not able to understand the concern, Lets have a call to understand to concern.

  • 0 in reply to Nilabh Anand
    TI__Mastermind 32220 points

    Hi Nilabh,
    the problem is that they don't want to make access to the OTP from their standard firmware. And it would have been obvious if they could have used the OTP keywriter firmware for this.

    But then he still want to know what the timing sequence of the writing processes looks like. Is the KEYREV always written in the last position?

    And why is the KEYCNT not checked first? Although he noticed that if the KEYCNT is configured to 2, but the CA does not contain a BMPK, the write will start and will not be canceled until later. In this case, a new CA must be created with the OTP data in which the OTP data already written is marked as "inactive".

    Regards, Holger

  • 0 in reply to HS FAE Germany
    TI__Mastermind 44834 points

    Hi Holger,

    Can we have a call with customer to clarify this on.

    HS FAE Germany said:
    But then he still want to know what the timing sequence of the writing processes looks like. Is the KEYREV always written in the last position?

    This has been explained in the HSM addendum and Datasheet, please ask customer to refer to same.

    HS FAE Germany said:
    And why is the KEYCNT not checked first? Although he noticed that if the KEYCNT is configured to 2, but the CA does not contain a BMPK, the write will start and will not be canceled until later. In this case, a new CA must be created with the OTP data in which the OTP data already written is marked as "inactive".

    OTP Keywriter FW does check for the keycnt.

    HS FAE Germany said:
    he problem is that they don't want to make access to the OTP from their standard firmware

    In that case they can do this with a custom firmware that writes to just extended OTP on their factory floor.

  • 0 in reply to Nilabh Anand
    TI__Mastermind 32220 points

    Hi Nilabh,

    customer has run the HSM RT with a HS-SE device now.

    Now he has the following questions:

    1. Their bootloader concept provides that they have to check the signature of the SBL image and app image before they write it into the flash. Is there any service in the HSM client that only checks the certificate?
    2. In development they have mainly HS-FS devices. The HSM RT is already loaded on AM263x with revision SR11 (HS-FS). How can he create an HSM RT image with the signature for a HS-FS device from the TIFS_AM263x_05_00_00_10 package? Resp. what key do he need to use for this?

    Regards, Holger

  • 0 in reply to HS FAE Germany
    TI__Mastermind 44834 points
    HS FAE Germany said:
    Their bootloader concept provides that they have to check the signature of the SBL image and app image before they write it into the flash. Is there any service in the HSM client that only checks the certificate?

    Yes we have Proc Auth boot service in TIFS which supports certificate verfication.

    You can check for more details in TIFS documentation: file:///C:/ti/tifs_am263x_10_00_00_05/docs/api_guide_am263x/html/HSM_PROC_AUTH_BOOT_SRV.html

  • 0 in reply to HS FAE Germany
    TI__Mastermind 44834 points
    HS FAE Germany said:
    2. In development they have mainly HS-FS devices. The HSM RT is already loaded on AM263x with revision SR11 (HS-FS). How can he create an HSM RT image with the signature for a HS-FS device from the TIFS_AM263x_05_00_00_10 package? Resp. what key do he need to use for this?

    I did not get the question completly.

    TI provides HS FS hsmrt image for all non-secure HSFS device, so why do they need to create their own? 

    Also TIFS SDK package is meant to be used with only HSSE device, it does not support HSFS device.

  • 0 in reply to Nilabh Anand
    TI__Mastermind 32220 points

    Hi Nilabh,
    he would like to create an HSM RT that works on an HSFS device.
    Is this only possible with an HSSE device? What key do he need to use for signing?

    Regards, Holger

  • 0 in reply to HS FAE Germany
    TI__Mastermind 44834 points

    Hi Holger, The keys that are used to sign the HSM image for HSFS devices are a secret that TI does not share.

    Generating HSMRT image for HSFS device is not possible on customer end