F29H85X-SOM-EVM: Loading HSMrt in HS-FS mode.

Shashank Bikkanuri

Is it possible to load the RAM-based HSMRT in HS-FS mode for the F29H85x? If so, which keys are required to load the HSMRT image?

Regards,

Shashank

9 days ago

+1 Shashank Bikkanuri 7 days ago

Intellectual 420 points

Which key is used for signing HSMrt in HS-FS mode?

Regards

Shashank

+1 Marlyn Rosales Castaneda20 6 days ago in reply to Shashank Bikkanuri

TI__Mastermind 26000 points

Hi Shashank,

Yes, it is possible. There is a makefile_ccs_bootimage_gen file within the project that contains the details for the image singing. You'll notice that there is a conditional based on the device state (HS-SE or non HS-SE) and chooses the key based on that. For HS-FS, its just our development key that gets passed in for cert generation.

Best Regards,

Marlyn

0 Shashank Bikkanuri 6 days ago in reply to Marlyn Rosales Castaneda20

Intellectual 420 points

Hi Marlyn,

I have tried with both GP and HS. In both modes, HSM rejected the firmware. Could you please describe the correct process for loading HSMRT firmware in HS-FS?

Regards,

Shashank

0 Shashank Bikkanuri 6 days ago in reply to Marlyn Rosales Castaneda20

Intellectual 420 points

Hi Marlyn,

I tried both HS and GP device-type options in the post-build step; however, when building with GP, no HS image is generated.

Regards,

Shashank

0 Aditya Singal 6 days ago in reply to Shashank Bikkanuri

TI__Prodigy 620 points

Hi Shashank, which HSMRt firmware are you trying to build?

0 Shashank Bikkanuri 6 days ago in reply to Aditya Singal

Intellectual 420 points

Hi Aditya,

HSM Code provision firmware using UART ram based SBL.

0 Aditya Singal 6 days ago in reply to Shashank Bikkanuri

TI__Prodigy 620 points

The HSM Code Provisioning firmware is supposed to be loaded after the device is converted to HS-KP state post Key Provisioning.

Have you provisioned the keys on the device?

0 Shashank Bikkanuri 6 days ago in reply to Aditya Singal

Intellectual 420 points

No device is in the HS-FS state, in which HSMRT firmware can be loaded. Is there any HSMRT image available in the SDK that can be loaded in the HS-FS state?

Another question: for Hsmclient_loadHSMRtfirmware(), is the entire HSMRT image sent at once, or is it sent chunk-wise?

0 Aditya Singal 5 days ago in reply to Shashank Bikkanuri

TI__Prodigy 620 points

No, the F29 SDK does not have any HSMRT image which can be loaded on the device.

Do you have the OTP KeyWriter Package?

Shashank Bikkanuri said:
Another question: for Hsmclient_loadHSMRtfirmware(), is the entire HSMRT image sent at once, or is it sent chunk-wise?

It is sent at once.

0 Shashank Bikkanuri 5 days ago in reply to Aditya Singal

Intellectual 420 points

Hi Aditya,

I need clarification on whether the application is written to flash after decryption.

Regards

Shashank

0 Aditya Singal 4 days ago in reply to Shashank Bikkanuri

TI__Prodigy 620 points

Hi Shashank,

Yes, HSM loads the application to flash after decryption if it's built in FLASH configuration.

Thanks and Regards,
Aditya Singal

0 Shashank Bikkanuri 4 days ago in reply to Aditya Singal

Intellectual 420 points

Hi Aditya,

In the TI-FS SDK, encryption is not enabled (Enc: No) while building the projects. How will the images be encrypted?

Regards,

Shashank

0 Aditya Singal 3 days ago in reply to Shashank Bikkanuri

TI__Prodigy 620 points

Hi Shashank,

By default, Encryption is enabled if you build via CCS. If you're building using terminal then you can give the parameter ENC_ENABLED=yes to encrypt the image.

Thanks and Regards,
Aditya Singal

0 Shashank Bikkanuri 3 days ago in reply to Aditya Singal

Intellectual 420 points

Hi Aditya,

If I change KEYREV to 2 in the CPFROM (to activate the backup manufacturer keys using Root of Trust switching), I understand that I need to sign and encrypt the SBL, Application, and HSM-RT using the backup manufacturer keys.

Additionally, if I update HSM-SWREV, SBL-SWREV, APP-SWREV, and SSU-SWREV in the CPFROM region, I believe the corresponding SWREV values of the images being loaded must also be updated.

Could you please clarify where the provision exists for updating these SWREV fields for the images being loaded into the controller?

Regards,

Shashank

C2000™︎ microcontrollers

C2000 microcontrollers forum

F29H85X-SOM-EVM: Loading HSMrt in HS-FS mode.