This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] F29x Secure Boot & OTP: Frequently Asked Questions

Part Number: F29H859TU-Q1

Tool/software:

Where can I find answers to frequently asked questions related to using Secure Boot & OTP on F29x devices?

  • For reference, please see F29x General FAQ for other IP/peripherals

    F29x Secure Boot Frequently Asked Questions

    What is the F29x secure boot process?

    • For F29x, HSM ROM performs all of the CPU1 authentication including SSU and Flash. Proc Auth Boot service is then used to perform secondary authentication steps (of CPU3 code, for example, or application portion if boot manager is authenticated by ROM). It is important to note that ROM is fixed code. TIFS also includes an X.509 certificate parser similar to the ROM; this is used by the Proc Auth Boot service.

    Can PKE and Secure Boot work with F29 HSM? 

    • Yes, asymmetric secure boot is supported using the PKE.

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    F29x OTP Frequently Asked Questions

    How do I validate a certificate with my key?

    • The hash of the public key is stored in device OTP. When a certificate is provided, the hash of the public key in the certificate must match the SMPK hash that is stored in device OTP. If there is a mismatch, the secure boot cannot proceed.