• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 85 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

AM2434: AM2434: Secure Boot Implementation on AM2434 (HS-FS to HS-SE Conversion)

AM2434: AM2434: HS-FS to HS-SE Conversion with key programming

surabhi jain
Prodigy 85 points
Part Number: AM2434

Tool/software:

Hi Team,

I am following this thread

 https://e2e.ti.com/support/microcontrollers/arm-based-microcontrollers-group/arm-based-microcontrollers/f/arm-based-microcontrollers-forum/1481431/am2434-am2434-secure-boot-implementation-on-am2434-hs-fs-to-hs-se-conversion

to convert LP-AM2434 HSFS device into HSSE. As mentioned I am using OTP Keywriter v10.00.08 with MCU+ SDK v10_00_00_20. I am able to builds the tiboot3.bin image using the following steps:

  • /gen_keywr_cert.sh --msv 0xC0FFE -t tifek/ti_fek_public.pem -b keys_devel/bmpk.pem --bmek keys_devel/bmek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key --keycnt 2 --keyrev 1
  • python3 ../../../../../tools/bin2c/bin2c.py final_certificate.bin keycert.h KEYCERT
  • <MCU_PLUS_SDK_INSTALL_DIR>/source/security/sbl_keywriter/am243x-lp/r5fss0-0_nortos/ti-arm-clang
    gmake -sj clean PROFILE=debug
    gmake -sj PROFILE=debug

Based on my understanding if I flash tiboot3.bin, will this process directly burn the key into eFuse and convert the device into HSSE. or are there additional steps required to complete the eFuse programming?

If I want to flash my customer keys then instead of ti_fek_public.pem this file, I have changed my_publickey.pem. And generate final_certificate.bin, builds the tiboot3.bin image for further steps as below - 

  • /gen_keywr_cert.sh --msv 0xC0FFE -t tifek/my_publickey.pem -b keys_devel/bmpk.pem --bmek keys_devel/bmek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key --keycnt 2 --keyrev 1
  • python3 ../../../../../tools/bin2c/bin2c.py final_certificate.bin keycert.h KEYCERT
  • <MCU_PLUS_SDK_INSTALL_DIR>/source/security/sbl_keywriter/am243x-lp/r5fss0-0_nortos/ti-arm-clang
    gmake -sj clean PROFILE=debug
    gmake -sj PROFILE=debug

Could you please confirm if I flash this new build tiboot3.bin file, will it burn my key and convert the device into HSSE.

Thanks.

  • 0
    TI__Guru 69561 points

    Hello,

    surabhi jain said:
    Based on my understanding if I flash tiboot3.bin, will this process directly burn the key into eFuse and convert the device into HSSE. or are there additional steps required to complete the eFuse programming?

    Yes, it will.

    surabhi jain said:
    If I want to flash my customer keys then instead of ti_fek_public.pem this file, I have changed my_publickey.pem.

    The `ti_fek_public.pem` is not to be changed in any case.

    surabhi jain said:
    -b keys_devel/bmpk.pem --bmek keys_devel/bmek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key

    These arguments takes the path of the keys to be programmed. The keys under `keys_devel` folder are TI dummy keys. If you would like to program your own keys, change the paths accordingly.