• State TI Thinks Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 33 subscribers
  • Views 104 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM263P4: keyring_ver in Keyring Certificate

Kunukuntla Geetha
Intellectual 280 points
Part Number: AM263P4


Hi,

It is stated:

keyring_cert_gen.py parses json object containing the following meta-data for keyring cert generation:

  • keyring_sw_rev: This integer value is used for anti-rollback check against the keyring software revision available in device efuses.
  • keyring_ver: Keyring version is of type integer and is the version which is supported against the TIFS-MCU version being used in HSM.
  • num_of_asymm_keys: Number of Asymmetric keys being imported.
  • num_of_symm_keys: Number of Symmetric keys being imported.
  • keyring_asymm: Array of asymmetric keys with respective key rights and hash algorithm to compute and store the hash of the public key.

I dont understand what keyring_ver means here. Where is the information about TIFS-MCU version in this context?

Thanks and Regards,

Geetha K
  • 0
    TI__Mastermind 24853 points

    Hello,

    This thread has been assigned to the expert for further review and action. Please note that our team's response times may be slower than usual due to the holiday season.

    We will get back to you as soon as possible and appreciate your understanding in this matter.
    Thank you for your inquiry and we look forward to assisting you soon.

    Best regards,
    Zackary Fleenor

  • 0 in reply to Fleenor
    TI__Guru* 87251 points

    Hi Geetha,

    This a field provided to check if the version present in the certificate matches with the version set in the TIFS SDK. i.e. The HSMRT_KEYRING_VER macro is set to 1, so you can use the same in the certificate. 
    This is an additional field provided as version anti-rollback feature, for the certificate to align with the TIFS used.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Intellectual 280 points

    Hi,

    Nikhil Dasan said:
    This is an additional field provided as version anti-rollback feature, for the certificate to align with the TIFS used.

    The anti-rollback version is for the below, isn't right?

    Kunukuntla Geetha said:
    keyring_sw_rev: This integer value is used for anti-rollback check against the keyring software revision available in device efuses.

    Does keyring_ver is also used for this?

     Regards, 

    Geetha K

  • 0 in reply to Kunukuntla Geetha
    TI__Guru* 87251 points

    Hi,

    Kunukuntla Geetha said:
    The anti-rollback version is for the below, isn't right?

    Yes, this one (keyring_sw_rev) is for the antirollback of the SW Ver. i.e. This is compared to the value present in the Keyring SW rev field in efuse 

    keyring_ver is to track any new feature addition or struct changes that could occur to keyring, which might loose compatibility with the TIFS software involved.

    Hence this is to ensure the right TIFS drivers are used to parse the respective keyring structs.

    Thanks and Regards,

    Nikhil Dasan