• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 99 subscribers
  • Views 1214 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM4378: Secure boot procedure

Mukundan Parthasarathy
Prodigy 75 points

Part Number: AM4378

We are engaged in the bring-up of a custom board powered by a AM4378BZDN100S (high security device) and need a quick tutorial with steps to sign the MLO, U-Boot without having to fuse the SMPK, SMEK and SMPK-Hash.  A practical example showing the steps, scripts to invoke, with example arguments to the scripts etc. would be most useful. Our aim is to first get an image booting. 

Thank you in advance for your help!

Mukundan

  • 0
    TI__Guru* 76270 points

    Hi Mukundan,
    With AM437x HS device (i.e. AM4378BZDN100S), first thing is running TI OTP key programming tool to program the user key material on target board.
    After the customer key are successfully programmed, root-of-trust secure boot is enforced such that only signed SW can run.
    For more detailed information on secure SDK, EVM, collaterals, it is required for user to have secure NDA in place.
    www.ti.com/.../swlicexportcontrol.tsp

    Best,
    -Hong

  • 0 in reply to Hong Guan64
    Prodigy 75 points

    Hi Hong,

    Thank you for your suggestion. Could you please clarify the following:

    1) As you have noted that the first thing to do is running the OTP key programming tool, does this mean there is no way we could sign the images with "default keys" initially?

    2) Is there a document on how to run the TI OTP programming tool with an example, and if so could you please provide its URL (I have a NDA in place.)

    3) I'm assuming that the above step requires that I have already created the keys, so could you also provide (or point to) an example of how to create those keys?

    4) I am aware that programming the keys on the AM4378 involves asserting 1.7V on a certain pin, for which there is a GPIO/regulator provision on our custom board. How is this voltage assertion to be coordinated with the key programming tool?

    5) In my original post I have asked for instructions on how to sign the images (i.e., what tools/scripts to run, what arguments to provide to them etc.). A tutorial document on this with an example would serve our needs.

    Thanks,

    Mukundan

  • 0 in reply to Mukundan Parthasarathy
    TI__Guru* 76270 points

    Hi Mukundan,
    There's security e2e forum to discuss secure boot related questions on HS device.
    Please send the request for secure NDA and approval for accessing the security forum via
    www.ti.com/.../swlicexportcontrol.tsp
    Best,
    -Hong