• State TI Thinks Resolved
  • Replies 24 replies
  • Answers 5 answers
  • Subscribers 34 subscribers
  • Views 241 views
  • Users 0 members are here
Support feedback
Options
Options
Related

AM2632: Can we reduce system startup time when using HSM

Wei Yao
Prodigy 220 points

Part Number: AM2632
Other Parts Discussed in Thread: SYSCONFIG, UNIFLASH

To reduce system startup time when using HSM, can we disable the HSMRT & APP image verification step in the SBL code?  22.png

  • 0
    TI__Guru* 89171 points

    Hi,

    Are you using HS-FS or HS-SE device?

  • 0 in reply to Nikhil Dasan
    Prodigy 220 points

    We are using HS-SE device, but we don't have secure boot requirements on project. 

  • 0 in reply to Wei Yao
    TI__Guru* 89171 points

    You cannot disable the HSMRT verification as this is done by ROM.

    You can either not load the HSMRT if you are not using the M4 core.

    You can disable the verification of App image. If you are using Bootloader_parseAndLoadMultiCoreELF to load the image then you would have to modify the below struct member .isAppimageSigned to False to not authenticate the image.

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    thank you.

  • 0 in reply to Nikhil Dasan
    Prodigy 40 points

    Hello Nikhil,

    How can I change "isAppimageSigned" to "false"? I seem not to have found it in the sysconfig.

  • 0 in reply to Wang Mason
    TI__Guru* 89171 points

    Hi Wang,

    This is currently a hardcoded field in sysconfig, so you would have to modify this in the bootloader before entering the parsing function.

    I have raised this req. internally to make this field modifiable for future releases.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi Nikhil,

    Thank you for your feedback.

    Could you please let us know when this future release will be available?

    Our project requires this modification to be supported in the tool.

  • 0 in reply to chun zhang
    TI__Guru* 89171 points

    Hi, 

    The next release will be in End of August. 

    Meanwhile you can do the below changes in the syscfg source code to disable using the tool

    diff --git a/source/sysconfig/drivers/.meta/bootloader/templates/bootloader_config.c.xdt b/source/sysconfig/drivers/.meta/bootloader/templates/bootloader_config.c.xdt
index ded2fb9c..f801fb59 100644
--- a/source/sysconfig/drivers/.meta/bootloader/templates/bootloader_config.c.xdt
+++ b/source/sysconfig/drivers/.meta/bootloader/templates/bootloader_config.c.xdt
@@ -143,7 +143,7 @@ Bootloader_Config gBootloaderConfig[CONFIG_BOOTLOADER_NUM_INSTANCES] =
         .disableAppImageAuth = `instance.disableAppImageAuth.toString(10).toUpperCase()`,
         .initICSSCores = `instance.initICSSCores.toString(10).toUpperCase()`,
     % } else {
-        .isAppimageSigned = TRUE,
+        .isAppimageSigned = `instance.isAppimageSigned.toString(10).toUpperCase()`,
         .disableAppImageAuth = FALSE,
         .initICSSCores = FALSE,
     % }
diff --git a/source/sysconfig/drivers/.meta/bootloader/v0/bootloader_v0.syscfg.js b/source/sysconfig/drivers/.meta/bootloader/v0/bootloader_v0.syscfg.js
index 5914e554..5c0ee714 100644
--- a/source/sysconfig/drivers/.meta/bootloader/v0/bootloader_v0.syscfg.js
+++ b/source/sysconfig/drivers/.meta/bootloader/v0/bootloader_v0.syscfg.js
@@ -179,6 +179,16 @@ function getConfig(){
             }
         );
     }
+    if(["am263x", "am263px", "am261x"].includes(common.getSocName())) {
+        cfg.push(
+            {
+                name: "isAppimageSigned",
+                displayName: "Application Image Is X509 Signed",
+                description: "SBL expects a signed image (appimage with x509 certificate concatenated) if this option is enabled, disable this if you are trying to boot an unsigned image",
+                default: true,
+            }
+        );
+    }
     if(["am243x", "am64x"].includes(common.getSocName())) {
         cfg.push(
             {

    No need to rebuild anything after this change. You should be seeing the checkbox in bootloader tab in syscfg.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi, Nikhil,

    Thank you for feedback.

    After the device is switched to SE mode, how can SNOR flashing or application debugging be performed using the UniFlash tool?

  • 0 in reply to chun zhang
    TI__Guru* 89171 points

    Hi,

    Once you unlock the JTAG, possibly using a signed sbl_null with debug open flag enabled via UART, then flashing and debugging can be performed normally similar to HS_FS device.

    Post unlocking JTAG, you can flash a debug opened SBL into flash, so that you need not open JTAG manually upon every power cycle.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi Nikhil,
    Thank you for reply, I got your points.

    Why am I asking the questions above? We are considering the workflow for transitioning from HS_FS to HS_SE and how to flash the production HEX during the SOP phase (SBL+APP).

    As you know, downloading the Keywriter SBL via UART boot mode during production takes a long time. Therefore, we plan to use QSPI mode to download the Keywriter SBL to trigger device to SE mode.
    But after switching the device to HS_SE mode, how can we reflash the Keywriter SBL back to the normal operational SBL?

  • 0 in reply to chun zhang
    Prodigy 120 points

    Hi Nikhil,
    Thank you for reply, I got your points.

    Why am I asking the questions above? We are considering the workflow for transitioning from HS_FS to HS_SE and how to flash the production HEX during the SOP phase (SBL+APP).

    As you know, downloading the Keywriter SBL via UART boot mode during production takes a long time. Therefore, we plan to use QSPI mode to download the Keywriter SBL to trigger device to SE mode.
    But after switching the device to HS_SE mode, how can we reflash the Keywriter SBL back to the normal operational SBL?

    ============================================================================================================>
    Hi Nikhil,

    Could you please help reply above question?

  • 0 in reply to chun zhang
    TI__Guru* 89171 points

    Hi Chun,

    Yes, in this case, one option would be to place the HS-SE SBL into the redundant boot location (which has debug enable). Flash SBL OTP KW to primary location and HS-SE SBL into the redundant boot location together, so that when the device is HS-FS, the SBL OTP KW is executed and when it coverts to HS-SE, the secondary location HS-SE SBL is executed as the primary location has HS-FS firmware.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi Nikhil,
    Thank you.

    Could you please share detailed steps or links regarding this process?
    I believe the process of transitioning from 'HS-FS → boot SBL OTP KW → HS-SE → boot HS-SE SBL' is handled automatically by the BOOTROM, is that correct?

  • 0 in reply to chun zhang
    TI__Guru* 89171 points
    chun zhang said:
    I believe the process of transitioning from 'HS-FS → boot SBL OTP KW → HS-SE → boot HS-SE SBL' is handled automatically by the BOOTROM, is that correct?

    That is correct. All you have to do is to place the binaries in the respective locations.

    I've created a flow diagram for your reference.

    For more on redundant boot, please refer to 5.5 Redundant boot support chapter in TRM 

    AM263x SitaraTm Microcontroller Technical Reference Manual (Rev. I)

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi Nikhil,
    thank you for feedback, we will try it.

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi Nikhi,

    I believe the "Erase primary boot region" step is performed within the OTP Keywriter SBL, correct?
    We are currently using otp_keywriter_am263x_SR_11_10_01_00_00, and it appears that this version does not include the primary boot region erasure function.
    Could you help give more details how to add "Erase primary boot region" feature?

  • 0 in reply to chun zhang
    TI__Guru* 89171 points

    Yes, it does not include the erase part. This can integrated at your end or you can later use uniflash to flash your updated HS-SE binary later, as you already have JTAG unlock HS-SE binary in the redundant location. So even after conversion, upon every reboot, the JTAG will be unlocked because of this.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 120 points

    Hi Nikhil,

    We prefer to integrate the erase function into the OTP Keywriter SBL, but we are encountering a compilation issue when adding the erase feature in SysConfig based on otp_keywriter_am263x_SR_11_10_01_00_00.
    Do you know how to resolve this?

  • 0 in reply to chun zhang
    TI__Guru* 89171 points

    Hi,

    Did you copy the OTP KW package into the latest MCU_PLUS_SDK folder?

    i.e. please copy the sbl_keywriter as shown below.

    If you have already done this, then please modify the example.syscfg file (--product) by referring to the "hello world" example of the sdk you are using.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 40 points

    Hi Nikhil,
    We have been able to import the sbl_keywriter project into SysConfig. However, there was an issue when editing the FLASH module. Is there any way to solve this?


  • 0 in reply to Wang Mason
    Prodigy 120 points

     

    Hello Nikhil,

    Could you help reply this issue?

    CC   

  • 0 in reply to chun zhang
    TI__Guru* 89171 points

    Hi,

    I'm able to configure flash in SDK 10.1 and OTP KW 10.1 environment. May I know when you are seeing the issue and what is the environment that you are using?