LP-AM261: MPU/HSM related

Adwaith R Nath

Part Number: LP-AM261

Tool/software:

Hello ,

I am trying to jump from a custom bootloader( not sbl) to a signed firmware, while trying to do so my bootloader is stuck at Bootloader_verifyMulticoreImage(bootHandle); function call, more correctly it is waiting at HsmClient_SendAndRecv(), Is it because of some wrong MPU settings ?, I tried MPU settings from a working example , but usage of that configuration made my USB not working, using USB only I can flash the firmware

Is there a MPU configuration which i can use to functionality like , HSM Verifyication, USB as well as OSPIDAC mode together. Please guide me, If it is not MPU also please let me know what should i do.

The MPU configuration used in Bootloader is

const MpuP_RegionConfig gMpuRegionConfig[CONFIG_MPU_NUM_REGIONS] RODATA_CFG_SECTION =

{

.baseAddr = 0x0u,

.size = MpuP_RegionSize_2G,

.attrs = {

.isEnable = 1,

.isCacheable = 0,

.isBufferable = 0,

.isSharable = 1,

.isExecuteNever = 1,

.tex = 0,

.accessPerm = MpuP_AP_S_RW_U_R,

.subregionDisableMask = 0x0u

{

.baseAddr = 0x0u, /* TCMA - 128KB */

.size = MpuP_RegionSize_128K,

.attrs = {

.isEnable = 1,

.isCacheable = 1,

.isBufferable = 1,

.isSharable = 0,

.isExecuteNever = 0,

.tex = 1,

.accessPerm = MpuP_AP_S_RW_U_R,

.subregionDisableMask = 0x0u

{

.baseAddr = 0x80000u, /* TCMB - 128KB */

.size = MpuP_RegionSize_128K,

.attrs = {

.isEnable = 1,

.isCacheable = 1,

.isBufferable = 1,

.isSharable = 0,

.isExecuteNever = 0,

.tex = 1,

.accessPerm = MpuP_AP_S_RW_U_R,

.subregionDisableMask = 0x0u

{

.baseAddr = 0x70000000u, /* OCRAM - 2MB */

.size = MpuP_RegionSize_2M,

.attrs = {

.isEnable = 1,

.isCacheable = 1,

.isBufferable = 1,

#if defined(BOOTLOADER)

.isSharable = 0,

#else

.isSharable = 1,

#endif

.isExecuteNever = 0,

.tex = 1,

.accessPerm = MpuP_AP_S_RW_U_R,

.subregionDisableMask = 0x0u

{

.baseAddr = 0x70100000u,

.size = MpuP_RegionSize_32K,

.attrs = {

.isEnable = 1,

.isCacheable = 0,

.isBufferable = 0,

.isSharable = 1,

.isExecuteNever = 1,

.tex = 1,

.accessPerm = MpuP_AP_ALL_RW,

.subregionDisableMask = 0x0u

{

.baseAddr = 0xCE000000u,

.size = MpuP_RegionSize_16M,

.attrs = {

.isEnable = 1,

.isCacheable = 0,

.isBufferable = 0,

.isSharable = 1,

.isExecuteNever = 1,

.tex = 0,

.accessPerm = MpuP_AP_ALL_RW,

.subregionDisableMask = 0x0u

};

Thanks and Regards

Adwaith

9 days ago

0 Shaunak Deshpande 7 days ago

TI__Genius 16832 points

Hi Adwaith,

I have a few questions:

1. This is not a modified SBL, rather a tertiary bootloader, which is loaded by SBL, right? If so, we call Bootloader_verifyMulticoreImage() once from SBL before loading Tertiary Bootloader and once we call Bootloader_verifyMulticoreImage() from the tertiary bootloader. I'm verifying with the Security team if there are any issues with calling this API twice.

2. Since the code gets stuck at HsmClient_SendAndRecv(), i believe the HSM is not responding and hitting timeout. Is the HsmRt loaded correctly in the SBL?

Regards,
Shaunak

0 Adwaith R Nath 6 days ago in reply to Shaunak Deshpande

Prodigy 60 points

Hi Shaunak,

1.This is not a modified SBL , a tertiary one, but i was trying to use the bootloader related calls to get firmware image verified, In case if it can't be used, can you please suggest what function should I use in this case, that is readily available, iam also not using keyring . Iam also adding a bootloader Initialization like wise in sbl so that i can use the available Bootloader verification function which uses bootloader structures.

2.The sequence flow is like... initally sbl gets the signed tertiary bootloader verified by using HSMRT loaded into the HSM core and then after verification it jumps from the sbl to bootloader , already sbl loads the hsmrt into hsm and NO power on reset is given ,So HSMRT is present. Also verified by loading a version read example by halting bootloader via debug

To get an idea iam adding a code snippet iam using please have a look and check if this can be utilized like this,

#--------------------------------------------------------------------------------------------------------------------------------------------------------------------

if(Bootloader_socIsAuthRequired() == TRUE)

{

Bootloader_Params_init(&bootParams);

Bootloader_BootImageInfo_init(&bootImageInfo);

memcpy(data,(uint8 *)tFirmwareInfo.u32FwEntryPoint,4);

certLength = Bootloader_getX509CertLen(data);

if(certLength == 0)

{

retVal = false;// needs to be false

//tFirmwareInfo.u32FwEntryPoint = tFirmwareInfo.u32FwEntryPoint + 1687;//remove this after test

}

else

{

((Bootloader_FlashArgs *)(gBootloaderConfig[CONFIG_BOOTLOADER0].args))->appImageOffset = ( tFirmwareInfo.u32FwEntryPoint%drivefs_base_addr_abs);

bootHandle = Bootloader_open(CONFIG_BOOTLOADER0, &bootParams);

if(bootHandle != NULL)

{

status = Bootloader_verifyMulticoreImage(bootHandle);

}

if(SystemP_SUCCESS == status)

{

tFirmwareInfo.u32FwEntryPoint += certLength;

}

else

{

retVal = false;

}

Thanks and Regards

Adwaith

0 Adwaith R Nath 4 days ago in reply to Adwaith R Nath

Prodigy 60 points

Hi Shaunak,

I want to clarify one more doubt along with the previously mentioned ones, Is there any kind of maximum size limitation for the image (non sbl), so that if it exceeds it may affect the verification

Thanks and Regards

Adwaith

Arm-based microcontrollers

Arm-based microcontrollers forum

LP-AM261: MPU/HSM related