• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 98 subscribers
  • Views 290 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TDA4VM: TDA4VM - HS devices - Can It boot with "No efuse" "No symmetric keying the image"?

TDA4VM: Keywriter questions and usage for GP device

TS L
Intellectual 911 points

Part Number: TDA4VM

Hi TI Expert.

following picture is from:software-dl.ti.com/.../keywriter.html

following picture is from:https://software-dl.ti.com/tisci/esd/latest/6_topic_user_guides/secure_debug.html#

following picture is from:https://software-dl.ti.com/tisci/esd/latest/6_topic_user_guides/key_writer.html

Question:

about “Once the KEYREV is set to 1 or 2, the device becomes HS-SE,

1.Can I use key writter to burn GP device eFuse to do security boot debug?

2.Can I burn KEYREV to 1 or 2 on GP device ?if yes, GP become to HS-SE device,right or not?

3.for HS-FS device,if eFuse not burn by keywriter,is it the same/similar as GP?

4.for HS-FS device,even if I burn something into eFuse,but not burn KEYREV,it is still the same/similar as GP,right or not?   

  • +1
    TI__Guru** 118285 points

    Hi TS L,

    TS L said:
    1.Can I use key writter to burn GP device eFuse to do security boot debug?

    The GP devices are different from the HS-FS/HS-SE devices. The KeyWriter software is applicable to only HS-FS devices, and is used to convert the device to Secure-Boot enforced HS-SE device once the customer keys are programmed into the OTP efuses.

    TS L said:
    2.Can I burn KEYREV to 1 or 2 on GP device ?if yes, GP become to HS-SE device,right or not?

    Same as above, GP device will forever remain a GP device. There are no OTP efuses on a GP device. You will need to start with a HS-FS device and use KeyWriter to burn the keys and convert into a HS-SE device. 

    TS L said:
    .for HS-FS device,if eFuse not burn by keywriter,is it the same/similar as GP?

    The highlighted lines in the 3rd picture summarize the situation. The HS-FS device is similar to a GP device, in that Secure-Boot is not enforced on any firmwares. The TIFS binary needs to be signed with a TI MPK though. A GP device uses a TIFS binary signed with a dummy key or a degenerate key.

    There is currently no support in existing SDKs to boot a HS-FS device directly, it can only support booting a KeyWriter image to convert the device into a HS-SE. The boot support for HS-FS devices as is will be added in a future SDK (~ 8.6 SDK slated for 2023 Mar).

    TS L said:
    4.for HS-FS device,even if I burn something into eFuse,but not burn KEYREV,it is still the same/similar as GP,right or not?

    The KEYREV burning is what turns the HS-FS device into a HS-SE device, and the KeyWriter can no longer run once this is done. So, all the other keys should have been programmed earlier or together with the KEYREV field. The device will continue to remain a HS-FS device until KEYREV is burned, and the same response as #3 applies here.

    Bottom-line, HS-FS is closer to a GP device, and is mostly similar, with the primary difference being the signed TIFS binary, and the state of the JTAG.

    regards

    Suman