• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 162 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM2732-Q1: hsm runtime firmaware load failure

JAGDISH PATANGE
Prodigy 20 points

Part Number: AM2732-Q1
Other Parts Discussed in Thread: AM2732, UNIFLASH, SYSCONFIG

Sir/Madam,

I am working on a custom board. AM2732 having NZN package with device speed grade M.

I am trying to boot sbl_null. Steps I followed are

  1. Import sbl_uart_uniflash from sdk, update package in sysconfig, update custom flash settings compile and get .tiimage.
  2. Import sbl_null from sdk,update package in sysconfig, compile and get .tiimage.
  3. Loaded these files in UART boot mode.
  4. In qspi boot mode I am getting debug message on UART port as "Device Type: HSFS, HSMRT size in Bytes: 35348, hsm runtime firmaware load failure

I attempted the same with evm without changing the sysconfig seetings and flash settings in EVM, it is working in EVM. 

As I am getting message on debug port, I am assuming, custom flash settings is OK. 

Also, I was looking at device_config and bootimage make files. I have not changed anything in these files. It appears from these files, it is for GP not HSFS device but in EVM same is working. AM2732 of custom board is different from EVM in terms of Package and speed,grade.

Suggest me to resolve the issue.

regards

Jagdish

  • 0
    TI__Guru 57215 points

    Hi Jagdish,

    Since your device is the HS FS device, the "DEVICE_TYPE?=GP" in your top level makefile should have been changed to "DEVICE_TYPE=HS". Both sbl_uart_uniflash and sbl_null should have been re-built for HS FS device. Please use the *.hs_fs.tiimage" instead of the *.tiimage.

    Best regards,

    Ming

  • 0 in reply to Ming Wei
    Prodigy 20 points

    Thank yoy for the reply.

    I have changed to HS at deviceconfig make file and generated .hs.timage for both sbl_uart_uniflash and sbl_null. This time it is not loading at all. As per SDK help files, I should use .tiimage for hsfs device also. Same I have performed for EVM, there I am able to boot sbl_null. I am pasting the device config and boot image gen files.

    # Device type (HS/GP)
    DEVICE_TYPE?=GP

    # Path to the signing tools, keys etc
    SIGNING_TOOL_PATH?=$(MCU_PLUS_SDK_PATH)/tools/boot/signing

    # Path to the salt required for calculation of Derived key using manufacturers encryption key.
    KD_SALT=$(SIGNING_TOOL_PATH)/kd_salt.txt

    # Path to the keys
    ROM_DEGENERATE_KEY:=$(SIGNING_TOOL_PATH)/rom_degenerateKey.pem
    APP_DEGENERATE_KEY:=$(SIGNING_TOOL_PATH)/app_degenerateKey.pem
    ifeq ($(DEVICE),am263x)
    CUST_MPK=$(SIGNING_TOOL_PATH)/mcu_custMpk.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/mcu_custMek.key
    else ifeq ($(DEVICE),am273x)
    CUST_MPK=$(SIGNING_TOOL_PATH)/mcu_custMpk.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/mcu_custMek.key
    else ifeq ($(DEVICE),awr294x)
    CUST_MPK=$(SIGNING_TOOL_PATH)/mcu_custMpk.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/mcu_custMek.key
    else ifeq ($(DEVICE),am263px)
    CUST_MPK=$(SIGNING_TOOL_PATH)/mcu_custMpk.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/mcu_custMek.key
    else
    CUST_MPK=$(SIGNING_TOOL_PATH)/custMpk_am64x_am243x.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am64x_am243x.txt
    endif

    # Encryption option for application (yes/no)
    ENC_ENABLED?=no

    # Encryption option for SBL (yes/no)
    ENC_SBL_ENABLED?=yes

    # Debug Enable (yes/no)
    DBG_ENABLED?=no

    # Debug control with TIFS (yes/no)
    DEBUG_TIFS?=yes

    # RSASSA-PSS scheme option for application signing (yes/no)
    RSASSAPSS_ENABLED?=no

    # Debug options for HS (DBG_PERM_DISABLE / DBG_SOC_DEFAULT / DBG_PUBLIC_ENABLE / DBG_FULL_ENABLE)
    # This option is valid only if DEBUG_TIFS is false
    DEBUG_OPTION?=DBG_SOC_DEFAULT

    # Generic macros to be used depending on the device type
    APP_SIGNING_KEY=
    APP_ENCRYPTION_KEY=
    APP_SIGNING_HASH_ALGO=
    APP_SIGNING_SALT_LENGTH=

    ifeq ($(DEVICE_TYPE),HS)
    APP_SIGNING_KEY=$(CUST_MPK)
    APP_ENCRYPTION_KEY=$(CUST_MEK)
    APP_SIGNING_HASH_ALGO=sha512
    APP_SIGNING_SALT_LENGTH=0
    else
    APP_SIGNING_KEY=$(APP_DEGENERATE_KEY)
    endif

    # Key id in keyring for application authentication and decryption
    APP_SIGNING_KEY_KEYRING_ID?=0
    APP_ENCRYPTION_KEY_KEYRING_ID?=0

    boot image gen

    #
    # Auto generated makefile
    #

    # Below variables need to be defined outside this file or via command line
    # - MCU_PLUS_SDK_PATH
    # - PROFILE
    # - CG_TOOL_ROOT
    # - OUTNAME
    # - CCS_INSTALL_DIR
    # - CCS_IDE_MODE

    CCS_PATH=$(CCS_INSTALL_DIR)
    include $(MCU_PLUS_SDK_PATH)/imports1.mak
    include $(MCU_PLUS_SDK_PATH)/devconfig/devconfig.mak

    STRIP=$(CG_TOOL_ROOT)/bin/tiarmstrip
    OBJCOPY=$(CG_TOOL_ROOT)/bin/tiarmobjcopy
    ifeq ($(OS), Windows_NT)
    PYTHON=python
    else
    PYTHON=python3
    endif

    OUTFILE=$(PROFILE)/$(OUTNAME).out
    BOOTIMAGE_PATH=$(abspath ${PROFILE})
    BOOTIMAGE_NAME_GP:=$(BOOTIMAGE_PATH)/$(OUTNAME).tiimage
    BOOTIMAGE_NAME_HS:=sbl_null.$(PROFILE).hs.tiimage
    BOOTIMAGE_NAME_HS_FS:=sbl_null.$(PROFILE).hs_fs.tiimage
    ifeq ($(DEVICE_TYPE),HS)
    BOOTIMAGE_NAME=$(BOOTIMAGE_NAME_HS)
    else
    BOOTIMAGE_NAME=$(BOOTIMAGE_NAME_GP)
    endif
    BOOTIMAGE_BIN_NAME:=$(BOOTIMAGE_PATH)/$(OUTNAME).bin

    #
    # Generation of boot image which can be loaded by ROM Boot Loader (RBL)
    #
    ifeq ($(OS),Windows_NT)
    EXE_EXT=.exe
    endif
    ifeq ($(OS),Windows_NT)
    BOOTIMAGE_CERT_GEN_CMD=powershell -executionpolicy unrestricted -command $(MCU_PLUS_SDK_PATH)/tools/boot/signing/x509CertificateGen.ps1
    else
    BOOTIMAGE_CERT_GEN_CMD=$(MCU_PLUS_SDK_PATH)/tools/boot/signing/x509CertificateGen.sh
    endif
    BOOTIMAGE_TEMP_OUT_FILE=$(PROFILE)/temp_stdout_$(PROFILE).txt

    ifeq ($(DEVICE_TYPE),HS)
    BOOTIMAGE_CERT_KEY=$(APP_SIGNING_KEY)
    else
    BOOTIMAGE_CERT_KEY=$(MCU_PLUS_SDK_PATH)/tools/boot/signing/mcu_gpkey.pem
    endif
    BOOTIMAGE_CERT_GEN_CMD=$(PYTHON) $(MCU_PLUS_SDK_PATH)/tools/boot/signing/mcu_rom_image_gen.py

    SBL_RUN_ADDRESS=0x10200000

    SBL_PREBUILT_PATH=$(MCU_PLUS_SDK_PATH)/tools/boot/sbl_prebuilt/am273x-evm

    all:
    ifeq ($(CCS_IDE_MODE),cloud)
    # No post build steps
    else
    @echo Boot image: am273x:r5fss0-0:nortos:ti-arm-clang $(BOOTIMAGE_NAME) ...
    $(OBJCOPY) --strip-all -O binary $(OUTFILE) $(BOOTIMAGE_BIN_NAME)
    ifeq ($(DEVICE_TYPE),HS)
    ifeq ($(DEBUG_TIFS), yes)
    ifeq ($(ENC_SBL_ENABLED),yes)
    $(BOOTIMAGE_CERT_GEN_CMD) --sbl-enc --enc-key $(APP_ENCRYPTION_KEY) --image-bin $(BOOTIMAGE_BIN_NAME) --core R5 --swrv 1 --loadaddr $(SBL_RUN_ADDRESS) --sign-key $(BOOTIMAGE_CERT_KEY) --kd-salt $(KD_SALT) --out-image $(BOOTIMAGE_NAME)
    else
    $(BOOTIMAGE_CERT_GEN_CMD) --image-bin $(BOOTIMAGE_BIN_NAME) --core R5 --swrv 1 --loadaddr $(SBL_RUN_ADDRESS) --sign-key $(BOOTIMAGE_CERT_KEY) --out-image $(BOOTIMAGE_NAME)
    endif
    else
    ifeq ($(ENC_SBL_ENABLED),yes)
    $(BOOTIMAGE_CERT_GEN_CMD) --sbl-enc --enc-key $(APP_ENCRYPTION_KEY) --image-bin $(BOOTIMAGE_BIN_NAME) --core R5 --swrv 1 --loadaddr $(SBL_RUN_ADDRESS) --sign-key $(BOOTIMAGE_CERT_KEY) --kd-salt $(KD_SALT) --out-image $(BOOTIMAGE_NAME) --debug $(DEBUG_OPTION)
    else
    $(BOOTIMAGE_CERT_GEN_CMD) --image-bin $(BOOTIMAGE_BIN_NAME) --core R5 --swrv 1 --loadaddr $(SBL_RUN_ADDRESS) --sign-key $(BOOTIMAGE_CERT_KEY) --out-image $(BOOTIMAGE_NAME) --debug $(DEBUG_OPTION)
    endif
    endif
    else
    $(BOOTIMAGE_CERT_GEN_CMD) --image-bin $(BOOTIMAGE_BIN_NAME) --core R5 --swrv 1 --loadaddr $(SBL_RUN_ADDRESS) --sign-key $(BOOTIMAGE_CERT_KEY) --out-image $(BOOTIMAGE_NAME) --debug DBG_SOC_DEFAULT
    @echo Boot image: am273x:r5fss0-0:nortos:ti-arm-clang $(BOOTIMAGE_NAME) Done !!!
    @echo .
    endif
    endif

    Message after flashing

    :\ti\mcu_plus_sdk_am273x_09_02_00_60\tools\boot>python uart_uniflash.py -p COM3 --cfg=sbl_prebuilt/am273x-evm/default_sbl_null_crd.cfg

    Parsing config file ...
    Parsing config file ... SUCCESS. Found 2 command(s) !!!

    Executing command 1 of 2 ...
    Found flash writer ... sending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimageSending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage: 2%| | 1029/54521 [send error: expected ACK; got b'C' for block 1
    Sending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage: 54537bytes [00:05, 13Sending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage: 54537bytes [00:05, 13Sending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage: 55566bytes [00:05, 13Sending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage: 56595bytes [00:05, 13Sending sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage: 56596bytes [00:05, 13 Sent flashwriter sbl_prebuilt/am273x-evm/sbl_uart_uniflash_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage of size 54521 bytes in 5.6s.

    Executing command 2 of 2 ...
    Command arguments : --file=sbl_prebuilt/am273x-evm/sbl_null_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage --operation=flash --flash-offset=0x0
    Sent sbl_prebuilt/am273x-evm/sbl_null_am273x-crd_r5fss0-0_nortos_ti-arm-clang.tiimage of size 168161 bytes in 19.01s.
    [STATUS] SUCCESS !!!

    All commands from config file are executed !!!

    Message after qspi boot over uart

    INFO: Bootloader_socLoadHsmRtFw:82: Device Type : HSFS
    INFO: Bootloader_socLoadHsmRtFw:84: HSMRT Size in Bytes : 35348
    INFO: Bootloader_socLoadHsmRtFw:93: hsm runtime firmware load failure ...

    I have verified flash has sbl_null.timage data by reading first 256 bytes via JTAG. So what could be issue? Please suggest

    Please suggest

  • +1 in reply to JAGDISH PATANGE
    TI__Guru 57215 points

    Hi Jagdish,

    The error indicates a known bug in the HSM runtime image shipped with MCU+ SDK v09.02.00.52 — the hsmRtImg.h file contains an incorrect firmware binary that fails when Hsmclient_loadHSMRtFirmware() attempts to load it onto the HSM core, returning SystemP_FAILURE and halting boot.

    Root Cause

    Your device is identified as HSFS (High Security – Field Securable) [2]. For HS-FS devices, the Boot ROM performs SHA-512 verification on the entire HSM image and checks the computed hash against the hash stored in the boot extension. The outdated firmware binary embedded in hsmRtImg.h fails this authentication check, causing the load failure at line 93 of Bootloader_socLoadHsmRtFw.

    This bug was discovered after the MCU+ SDK 09.02.00 release and is not documented in the official SDK release notes.

    Fix: Step-by-Step

    Step
    Action
    1
    Obtain the corrected firmware binary: tifs_am273x_hs_fs.release.hsmimage_pg1.2_signed.bin (PG1.2 silicon)
    2
    Convert the binary to a C array and replace the HSMRT_IMG array in mcu_plus_sdk_am273x_09_02_00_52\source\drivers\hsmclient\soc\am273x\hsmRtImg.h
    3
    Rebuild the SDK libraries: gmake -f makefile.am273x libs
    4
    Rebuild and reflash your SBL_QSPI application

    After a successful load, the HSM firmware sends HSM_MSG_BOOT_NOTIFY to the SBL, and loadHSMResult.status will return Hsmclient_ipcLoadHSMStatus_SUCCESS, confirming ROM accepted and booted the HSM firmware.

    Please refer to the following e2e thread:

    AM2732: SBL_QSPI is failing while loading HSMRT firmware - Processors forum - Processors - TI E2E support forums

    Best regards

  • 0 in reply to Ming Wei
    Prodigy 20 points

    Thank you.

    It resolved the issue.

    By the time you gave reply, I had migrated to SDK 11 version of AM2732 and in that hsrmt size had increased and it was still not working. Later I saw your reply and then in hsm folder noticed hsmRtImg_1_2.h file, copied it as hsmRtImg.h and rebuilt the library. Then it worked. Thank you Ming