Other Parts Discussed in Thread: AM69
Hi TI Experts,
I try to make transition HS-FS to HS-FS on SK-AM69 evm. Unfortunately on the first try I get Debug response: 0x20 means "Error validating BMPK key". I'am not sure why ?
I try to use full command to generate the keywriter cert:
./gen_keywr_cert.sh -t keys/ti_fek_public.pem -a keys/aes256.key --smpk keys/smpk.pem --smek keys/smek.key --bmpk keys/bmpk.pem --bmek keys/bmek.key --keycnt 2 --keycnt-wp --keyrev 1
# Using Key Count: 0x00000003
# Using Key Rev: 0x00000001
Generating Dual signed certificate!!
# encrypt aes256 key with tifek public part
# encrypt SMPK-priv signed aes256 key(hash) with tifek public part
# encrypt smpk-pub hash using aes256 key
writing RSA key
# encrypt smek (sym key) using aes256 key
# encrypt BMPK-priv signed aes256 key(hash) with tifek public part
# encrypt bmpk-pub hash using aes256 key
writing RSA key
# encrypt bmek (sym key) using aes256 key
1701 secondary_cert.bin
5407 primary_cert.bin
7108 ../x509cert/final_certificate.bin
# SHA512 Hashes of keys are stored in verify_hash.csv for reference..
Note:
- keys was generated by gen_keywr_cert.sh -g.
- ti-fs-keywriter.bin and ti_fek_public.pem was copy from OTP_KEYWRITER_ADD_ON_j784s4_08_06_00_14\addon\
- I not run before this operation ./generate_test_binaries.sh (which as I describe later copy use TI dummy key k3_dev_mpk.pem)
- fix for gpio 0_28 was applied to proper setting FUSE VPP.
-keywriter was run from sd-cart as tiboot3.bin
Keywrtiter output:
OTP Keywriter Version: 02.00.00.00 (Jan 30 2024 - 15:23:04)
OTP Keywriter ver: 8.6.5--v08.06.05 (Chill Capybar
OTP_VppEn
AM69 SK Detected!!
WKUP_GPIO0_VPP_CTRL output high : 1
Key programming sequence initialted
Taking OTP certificate from 0x41c7f004
Sciclient_otpProcessKeyCfg returns: -1
Debug response: 0x20
Key programming sequence completed
Log from M4:
0x400002
0xC00004
0x4003007
0x4400865
0x40000B
0xC00004
0x4003007
0x4400865
0x40000D
0xC00004
0x20800000
0x20800001
0x400002
0xC00004
0x4003007
0x4400865
0x400002
0xC00004
0x4003007
0x4400865
0x400002
0xC00004
0x4003007
0x4400865
0x40000B
0xC00004
0x4003007
0x4400865
0x40000D
0xC00004
0x20800000
0x20800001
0x400002
0xC00004
0x4003007
0x4400865
0x400002
0xC00004
0x4003007
0x4400865
0x409031
0xC00004
0x20C00001
0x20C00002
Internal Operation Error
debug_response: 0x20
Internal Operation Error
debug_response: 0x20
Next I run /generate_test_binaries.sh test which passed Then I remove all created data by this test except keys folder with generated keys
Then I create keywriter cert only for smpk and smek without write protection option:
./gen_keywr_cert.sh -t keys/ti_fek_public.pem -a keys/aes256.key --smpk keys/smpk.pem --smek keys/smek.key --keycnt 1 --keyrev 1
# Using Key Count: 0x00000001
# Using Key Rev: 0x00000001
Generating Single signed certificate!!
# encrypt aes256 key with tifek public part
# encrypt SMPK-priv signed aes256 key(hash) with tifek public part
# encrypt smpk-pub hash using aes256 key
writing RSA key
# encrypt smek (sym key) using aes256 key
4031 primary_cert.bin
4031 ../x509cert/final_certificate.bin
# SHA512 Hashes of keys are stored in verify_hash.csv for reference..
And at this time transition passed;
keywriter output:
OTP Keywriter Version: 02.00.00.00 (Jan 30 2024 - 15:23:04)
OTP Keywriter ver: 8.6.5--v08.06.05 (Chill Capybar
OTP_VppEn
AM69 SK Detected!!
WKUP_GPIO0_VPP_CTRL output high : 1
Key programming sequence initialted
Taking OTP certificate from 0x41c7f004
Debug response: 0x0
Key programming sequence completed
Uart boot mode output:
-----------------------
SoC ID Header Info:
-----------------------
NumBlocks : 2
-----------------------
SoC ID Public ROM Info:
-----------------------
SubBlockId : 1
SubBlockSize : 26
DeviceName : j7aep
DeviceType : HSFS
DMSC ROM Version : [0, 1, 8, 0]
R5 ROM Version : [0, 1, 8, 0]
-----------------------
SoC ID Secure ROM Info:
-----------------------
Sec SubBlockId : 2
Sec SubBlockSize : 166
Sec Prime : 0
Sec Key Revision : 0
Sec Key Count : 0
Sec TI MPK Hash : 2b28ecde967b79d61619f89cf299205c36d179cacb2b1c5a7f16e3169cc879602122d07ad47ae878a46e243c6f5078c04a5452faceeccb00d0453a5a5e6420da
Sec Cust MPK Hash : ad0bc40b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Sec Unique ID : fd7b7761f98bac1f4138ce3e043d673af1b72646c85d8f5151565acfb41cdedb
However I discover that for this keywriter cert was used k3_dev_mpk.pem copied by /generate_test_binaries.sh which I unfortunately not remove.
So, still I'm not sure if this last transition it would end successfully for my smp.pem.
My question:
- what wrong was in first step for validation bmp key in SOC ?
- what really means write protection used for smp,smek,etc - if are not set as in second case is it possible preparing keywriter to works for HS-SE and running again to overwrite the TI smp, smek in this case ? If yes how can I do this where I found proper ti-se-keywriter.bin similar to used ti-fs-keywriter.bin ?
There are some binaries eg. tifs-hs-enc.bin or tifs-hs-fs-enc.bin in this folder but I am tnot sure if are correct for keywriter..
ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/drv/sciclient/soc/V6/
- is it possible to check on PC/linux the generated keys before to get similar output as return SoC ?
- or is it possible use SoC to run keywriter to check all validation but not make the final transition eg.:maybe by disabling OTP_VppEn() or not use the --keycnt 2 --keycnt-wp --keyrev 1 during keywriter cert generation (I'am not sure about default setting in case lack of this switches ) ?
I want to make sure about answer for these questions before I do another evm board transition.
BR,
Dariusz Gasiorowski