• State
  • Locked Locked
  • Replies 6 replies
  • Subscribers 31 subscribers
  • Views 267 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LP-AM261: MPU/HSM related

Adwaith R Nath
Prodigy 60 points

Part Number: LP-AM261

Tool/software:

Hello ,

I am trying to jump from a custom bootloader( not sbl) to a signed firmware, while trying to do so my bootloader is stuck at Bootloader_verifyMulticoreImage(bootHandle); function call, more correctly it is waiting at HsmClient_SendAndRecv(), Is it because of some wrong MPU settings ?, I tried MPU settings from a working example , but usage of that configuration made my USB not working, using USB only I can flash the firmware

Is there a MPU configuration which i can use to functionality like , HSM Verifyication, USB as well as OSPIDAC mode together. Please guide me, If it is not MPU also please let me know what should i do.

The MPU configuration used in Bootloader is

const MpuP_RegionConfig gMpuRegionConfig[CONFIG_MPU_NUM_REGIONS] RODATA_CFG_SECTION =
{
    {
        .baseAddr = 0x0u,
        .size = MpuP_RegionSize_2G,
        .attrs = {
            .isEnable = 1,
            .isCacheable = 0,
            .isBufferable = 0,
            .isSharable = 1,
            .isExecuteNever = 1,
            .tex = 0,
            .accessPerm = MpuP_AP_S_RW_U_R,
            .subregionDisableMask = 0x0u
        },
    },
    {
        .baseAddr = 0x0u, /* TCMA - 128KB */
        .size = MpuP_RegionSize_128K,
        .attrs = {
            .isEnable = 1,
            .isCacheable = 1,
            .isBufferable = 1,
            .isSharable = 0,
            .isExecuteNever = 0,
            .tex = 1,
            .accessPerm = MpuP_AP_S_RW_U_R,
            .subregionDisableMask = 0x0u
        },
    },
    {
        .baseAddr = 0x80000u, /* TCMB - 128KB */
        .size = MpuP_RegionSize_128K,
        .attrs = {
            .isEnable = 1,
            .isCacheable = 1,
            .isBufferable = 1,
            .isSharable = 0,
            .isExecuteNever = 0,
            .tex = 1,
            .accessPerm = MpuP_AP_S_RW_U_R,
            .subregionDisableMask = 0x0u
        },
    },
    {
        .baseAddr = 0x70000000u, /* OCRAM - 2MB */
        .size = MpuP_RegionSize_2M,
        .attrs = {
            .isEnable = 1,
            .isCacheable = 1,
            .isBufferable = 1,
#if defined(BOOTLOADER)
            .isSharable = 0,
#else
            .isSharable = 1,
#endif
            .isExecuteNever = 0,
            .tex = 1,
            .accessPerm = MpuP_AP_S_RW_U_R,
            .subregionDisableMask = 0x0u
        },
    },
    {
        .baseAddr = 0x70100000u,
        .size = MpuP_RegionSize_32K,
        .attrs = {
            .isEnable = 1,
            .isCacheable = 0,
            .isBufferable = 0,
            .isSharable = 1,
            .isExecuteNever = 1,
            .tex = 1,
            .accessPerm = MpuP_AP_ALL_RW,
            .subregionDisableMask = 0x0u
        },
    },
    {
        .baseAddr = 0xCE000000u,
        .size = MpuP_RegionSize_16M,
        .attrs = {
            .isEnable = 1,
            .isCacheable = 0,
            .isBufferable = 0,
            .isSharable = 1,
            .isExecuteNever = 1,
            .tex = 0,
            .accessPerm = MpuP_AP_ALL_RW,
            .subregionDisableMask = 0x0u
        },
    },
};
Thanks and Regards
Adwaith
  • 0
    TI__Mastermind 19332 points

    Hi Adwaith,

    I have a few questions:

    1. This is not a modified SBL, rather a tertiary bootloader, which is loaded by SBL, right? If so, we call Bootloader_verifyMulticoreImage() once from SBL before loading Tertiary Bootloader and once we call Bootloader_verifyMulticoreImage() from the tertiary bootloader. I'm verifying with the Security team if there are any issues with calling this API twice.

    2. Since the code gets stuck at HsmClient_SendAndRecv(), i believe the HSM is not responding and hitting timeout. Is the HsmRt loaded correctly in the SBL?

    Regards,
    Shaunak

  • 0 in reply to Shaunak Deshpande
    Prodigy 60 points

    Hi Shaunak,

    1.This is not a modified SBL , a tertiary one, but i was trying to use the bootloader related calls to get firmware image verified, In case if it can't be used, can you please suggest what function should I use in this case, that is readily available, iam also not using keyring . Iam also adding a bootloader Initialization like wise in sbl so that i can use the available Bootloader verification function which uses bootloader structures.

    2.The sequence flow is like...  initally sbl gets the signed tertiary bootloader verified by using HSMRT loaded into the HSM core and then after verification it jumps from the sbl to bootloader , already sbl loads the hsmrt into hsm and NO power on reset is given ,So HSMRT is present. Also verified by loading a version read example by halting bootloader via debug

    To get an idea iam adding a code snippet  iam using please have a look and check if this can be utilized like this, 

    #--------------------------------------------------------------------------------------------------------------------------------------------------------------------

    if(Bootloader_socIsAuthRequired() == TRUE)
     {
            Bootloader_Params_init(&bootParams);
            Bootloader_BootImageInfo_init(&bootImageInfo);

            memcpy(data,(uint8 *)tFirmwareInfo.u32FwEntryPoint,4);
            certLength = Bootloader_getX509CertLen(data);
           
            if(certLength == 0)
            {
                retVal = false;// needs to be false
                //tFirmwareInfo.u32FwEntryPoint = tFirmwareInfo.u32FwEntryPoint + 1687;//remove this after test
            }
            else
            {
                ((Bootloader_FlashArgs *)(gBootloaderConfig[CONFIG_BOOTLOADER0].args))->appImageOffset = ( tFirmwareInfo.u32FwEntryPoint%drivefs_base_addr_abs);
               
                bootHandle = Bootloader_open(CONFIG_BOOTLOADER0, &bootParams);
                if(bootHandle != NULL)
                {
                    status = Bootloader_verifyMulticoreImage(bootHandle);
                }
                if(SystemP_SUCCESS == status)
                {
                     tFirmwareInfo.u32FwEntryPoint += certLength;
                }
                else
                {
                    retVal = false;
                }
            }
      }

    Thanks and Regards

    Adwaith

  • 0 in reply to Adwaith R Nath
    Prodigy 60 points

    Hi Shaunak,

    I want to clarify one more doubt along with the previously mentioned ones, Is there any kind of maximum size limitation for the image (non sbl), so that if it exceeds it may affect the verification

    Thanks and Regards

    Adwaith

  • 0 in reply to Adwaith R Nath
    TI__Mastermind 19332 points

    Hi Adwaith, no there is no limitation as such for image size as long as you process it in chunks as done in the SBL's case. Do you have anymore findings on where exactly it is failing in the Bootloader_verifyMulticoreImage() API, looks like the communication between the HSM core and R5F core might not be happening properly since it gets stuck in HsmClient_SendAndRecv()

    Regards,
    Shaunak

  • 0 in reply to Shaunak Deshpande
    Prodigy 60 points

    Hi Shaunak,

    I am able to verify the image, Initially while bootloader is loaded iam having one MPU setting which supports USB flashing.The MPU settings are changed to support verification as per SDK exapmle just before verification is going to happen, in this way i was able to flash the image and then verify it.

    I avoided altering the current general MPU setting for bootloader and just changes it only when verification is needed. 

    please suggest if there is another better way or Is there any security risk involved in this approach 

    For now my issue is resolved

    Thanks and Regards

    Adwaith

  • 0 in reply to Adwaith R Nath
    TI__Mastermind 19332 points

    Hi Adwaith, 

    Glad to know it is working now. Based on what we discussed on call yesterday, I had a look at both the MPU configs and I've tried to unify both of them.

    const MpuP_RegionConfig gMpuRegionConfigUnified[CONFIG_MPU_UNIFIED_NUM_REGIONS] RODATA_CFG_SECTION =
  {
      {
          // Region 0: Default region (2GB)
          .baseAddr = 0x0u,
          .size = MpuP_RegionSize_2G,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 0,
              .isBufferable = 0,
              .isSharable = 1,
              .isExecuteNever = 1,
              .tex = 0,
              .accessPerm = MpuP_AP_S_RW_U_R,
              .subregionDisableMask = 0x0u
          },
      },
      {
          // Region 1: TCMA (128KB)
          .baseAddr = 0x0u,
          .size = MpuP_RegionSize_128K,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 1,
              .isBufferable = 1,
              .isSharable = 0,
              .isExecuteNever = 0,
              .tex = 1,
              .accessPerm = MpuP_AP_S_RW_U_R,
              .subregionDisableMask = 0x0u
          },
      },
      {
          // Region 2: TCMB (128KB)
          .baseAddr = 0x80000u,
          .size = MpuP_RegionSize_128K,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 1,
              .isBufferable = 1,
              .isSharable = 0,
              .isExecuteNever = 0,
              .tex = 1,
              .accessPerm = MpuP_AP_S_RW_U_R,
              .subregionDisableMask = 0x0u
          },
      },
      {
          // Region 3: OCRAM - 2MB - IMPORTANT: Always set as shareable for HSM communication
          .baseAddr = 0x70000000u,
          .size = MpuP_RegionSize_2M,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 1,
              .isBufferable = 1,
              .isSharable = 1, // Always set to 1 for HSM to work
              .isExecuteNever = 0,
              .tex = 1,
              .accessPerm = MpuP_AP_S_RW_U_R,
              .subregionDisableMask = 0x0u
          },
      },
      {
          // Region 4: USB/DMA Buffer Region at 0x70100000 (32KB)
          .baseAddr = 0x70100000u,
          .size = MpuP_RegionSize_32K,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 0,
              .isBufferable = 0,
              .isSharable = 1,
              .isExecuteNever = 1,
              .tex = 1,
              .accessPerm = MpuP_AP_ALL_RW,
              .subregionDisableMask = 0x0u
          },
      },
      {
          // Region 5: HSM DTHE region (16MB) - Required for image verification
          .baseAddr = 0xCE000000u,
          .size = MpuP_RegionSize_16M,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 0,
              .isBufferable = 0,
              .isSharable = 1,
              .isExecuteNever = 1,
              .tex = 0,
              .accessPerm = MpuP_AP_ALL_RW,
              .subregionDisableMask = 0x0u
          },
      },
      {
          // Region 6: USB Controller (Optional, can add if needed)
          .baseAddr = 0x53900000u, // USB_OTGSS_C2_U_BASE
          .size = MpuP_RegionSize_64K,
          .attrs = {
              .isEnable = 1,
              .isCacheable = 0,
              .isBufferable = 0,
              .isSharable = 1,
              .isExecuteNever = 1,
              .tex = 0,
              .accessPerm = MpuP_AP_ALL_RW,
              .subregionDisableMask = 0x0u
          },
      },
  };

    Can you try to use this config for both USB image receiving and image verification.

    Regards,
    Shaunak