• State Resolved
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 81 subscribers
  • Views 298 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F28388D: C2000Ware Secure Flash Boot Example Usage

Mehmet Kucukgoz
Prodigy 147 points
Part Number: TMS320F28388D
Other Parts Discussed in Thread: C2000WARE, UNIFLASH

Hi all,

I try to implement secure flash boot for a while.

I read "Secure BOOT on C2000 Device" application report, "TMS320C28x Assembly Language Tools" user guide and DCSM section in TRM.

I have a theoretical knowledge of the subject.

Now it is time to hands on examples.

-

I examined the example where is located in C2000Ware_4_03_00_00\driverlib\f2838x\examples\c28x\boot.
I will run this code on controlCARD.

I read "How to Run" section (at the beginning of the "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1.c" ), and i did what is said.

- Application (boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1) is loaded to CPU1.   


- Disconnect CPU1.

- Connect CPU1 (In this step, an error occured: failed to parse the previous frame FP. See sss below. I think I can ignore this error for now.)


- Set emulation boot to secure flash boot. (I managed to change the emulation boot mode before. So I am sure that I did)


- Finally, reset CPU1 and resume

After reset, I clicked Resume button. (Resume button dimmed for short time then being appear again.) 

I observed LEDs.
CPU1 - LED1 is off. That means Secure Boot failed.
I was expecting at least the LED1 to turn on. (primary secure boot success.)


In addition to "How to Run" section (at the beginning of the "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1.c" ),
is there anything to do for make this example work ?

For example writing CMAC Key to the OTP region?
(I think this is not necessary because i used default cmac key 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)

Thank you for your response,

Best regards

Mehmet

  • 0
    Prodigy 147 points

    Could you please help me on this issue?

  • +1
    Prodigy 147 points

    Hi e2e community,

    I solved the problem.

    "    boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1" example application has a precondition.

    Please see : Application Report - Secure BOOT on C2000 Device



    Before run this example, you must declare sector 0 and sector 1 as a EXEONLY. (Not only sector 0 but also sector1.)
    ( You can use "dcsm_security_tool" example to generate ZONE1 values. And you can write these values with on-chip flash tool.)



    After declaration of EXEONLY sectors, I load "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1" example.
    Switch boot mode to the "Secure Flash Boot" mode.
    Then, I observed LED1 status. 
    LED blinking.
    Its mean secure boot passed and full flash CMAC passed.

    -------

    Thanks.
    Mehmet

  • +1 in reply to Mehmet Kucukgoz
    Prodigy 147 points
    Mehmet Kucukgoz said:
    I load "boot_ex1_cpu1_cpu2_cm_secure_flash_cpu1" example

    YOU MUST LOAD THAT EXAMPLE WITH UNIFLASH TOOL.
    If you use CCS to load that example, CMAC tags are not written. So secure boot fails.

    Load the *.hex file, not the *.out file