Because of the holidays, TI E2E™ design support forum responses will be delayed from Dec. 25 through Jan. 2. Thank you for your patience.

  • State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 83 subscribers
  • Views 147 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TMS320F280039: CMAC check in customer bootloader

TMS320F280039: call CPU1BROM_calculateCMAC() in customer bootloader

? ?
Prodigy 170 points
Part Number: TMS320F280039
Other Parts Discussed in Thread: UNIFLASH, C2000WARE

Tool/software:

I call the API function CPU1BROM_calculateCMAC() as follow in customer bootloader as debug software to check application, and I donot enable the secure boot.

But the customer bootloader cannot run normally.

When I only comment out the function CPU1BROM_calculateCMAC(), the customer bootloader can run normally.

So is there anything else I need pay attention to?

  • 0
    TI__Intellectual 1255 points

    Hello,

    ? ? said:
    I donot enable the secure boot.

    Is there a reason you're not enabling secure boot given you want to calculate the CMAC status? Are you calculating a golden CMAC tag to compare against? If the CMAC calculation fails, this function either halts debugger or enables watchdog to reset device.

    Here's the secure boot flow if you'd like to reference.

    Best,

    Matt 

  • 0 in reply to Matt Kukucka
    Prodigy 170 points

    1、In my understanding, if I enable the security boot mode, then the ROMboot will authentication customer bootloader after power on. Is this correct?

    2、Actually, I donot know how to enable security boot mode. and how to disable the security boot mode in 280039.

    So I only use the  API function CPU1BROM_calculateCMAC() in customer bootloader to authentication the application.

    Could you tell me how to  control security boot mode?

    2、Because the ZONE1 Header area can only changed once.

    If I want to change CMAC key and not enable security boot mode,what should I set the configuration?

    If I want to change CMAC key and enable security boot mode,what should I set the configuration?

    3、Another question is when I set the hex format as follow, then cal the CMAC Tag.

    Then load the hex image via UniFlash, but warning ocured.

    And CMAC tag not download to device.

    But when I cancel the configuration: "Output as bytes rather than target addressing (--byte, -byte)" and load hex image, there is no warning. And CMAC tag download to device too. Could you explain this question?

    4、I plan to calculate the CMAC tag between the address: 0x84000-0xB0000. My code is located in  address: 0x82000-0xB0000. 

    When I add the cmd command:

    ROMS
    {
    FLASH_BANK0_2: o=0x00084000 l=0x0002C000, fill = 0xFFFF /* If fill not specified, then default is all 0s */
    }

    It seems like the data between 0x82000-0x84000 has been cut in the output hex file after build project.

  • 0 in reply to ? ?
    TI__Intellectual 1255 points

    Hi,

    I'm going to forward this to the Secure Boot expert, he's out of office but will be back by 10/21. Please expect a delay in response till then, thank you for your patience.

    Best,

    Matt

  • +1 in reply to Matt Kukucka
    TI__Mastermind 21180 points

    1. Yes, the secure boot mode will authenticate the first 16KB of flash. You can refer to the Secure BOOT app note for more details.

    2. Have you read the Secure Boot app note? This will explain how to enable secure boot and authenticate the flash. If you want to test out different boot modes I would suggest using emulation boot. The OTP can only be programmed once. Emulation boot is also described in the Secure Boot app note.

    3. Is it necessary for you to use "Output as bytes rather than target addressing"? I believe it is not possible to program the OTP when using this setting.

    4. The Secure boot app note explains how to use the cmac_sbx syntax to embed the cmac tag into your application. I would suggest using the F28P65x secure boot example from C2000Ware 5.03 as a reference.

    Let me know if you have additional questions.

    Thank you,

    Luke