This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Hi all,
I try to implement secure flash boot for a while.
I read "Secure BOOT on C2000 Device" application report, "TMS320C28x Assembly Language Tools" user guide and DCSM section in TRM.
I have a theoretical knowledge of the subject.
Now it is time to hands on examples.
-
I examined the example where is located in C2000Ware_4_03_00_00\driverlib\f2838x\examples\c28x\boot.
I will run this code on controlCARD.
I read "How to Run" section (at the beginning of the "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1.c" ), and i did what is said.
- Application (boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1) is loaded to CPU1.
- Disconnect CPU1.
- Connect CPU1 (In this step, an error occured: failed to parse the previous frame FP. See sss below. I think I can ignore this error for now.)
- Set emulation boot to secure flash boot. (I managed to change the emulation boot mode before. So I am sure that I did)
- Finally, reset CPU1 and resume
After reset, I clicked Resume button. (Resume button dimmed for short time then being appear again.)
I observed LEDs.
CPU1 - LED1 is off. That means Secure Boot failed.
I was expecting at least the LED1 to turn on. (primary secure boot success.)
In addition to "How to Run" section (at the beginning of the "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1.c" ),
is there anything to do for make this example work ?
For example writing CMAC Key to the OTP region?
(I think this is not necessary because i used default cmac key 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
Thank you for your response,
Best regards
Mehmet
Hi e2e community,
I solved the problem.
"boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1" example application has a precondition.
Please see : Application Report - Secure BOOT on C2000 Device
Before run this example, you must declare sector 0 and sector 1 as a EXEONLY. (Not only sector 0 but also sector1.)
( You can use "dcsm_security_tool" example to generate ZONE1 values. And you can write these values with on-chip flash tool.)
After declaration of EXEONLY sectors, I load "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1" example.
Switch boot mode to the "Secure Flash Boot" mode.
Then, I observed LED1 status.
LED blinking.
Its mean secure boot passed and full flash CMAC passed.
-------
Thanks.
Mehmet
I load "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1" example
YOU MUST LOAD THAT EXAMPLE WITH UNIFLASH TOOL.
If you use CCS to load that example, CMAC tags are not written. So secure boot fails.
Load the *.hex file, not the *.out file