• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 99 subscribers
  • Views 331 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TDA4VM: Self built sysfw.itb does not work

yongfeng liu
Prodigy 70 points

Part Number: TDA4VM

Hello TI experts,

I have a question about how to build a customer key signed sysfw.itb file.

I tried to regenerate sysfw.itb with TI dummy key, but the output file does not work. Here is the steps I did.

First add tool chain path to $PATH, then set TI_SECURE_DEV_PKG to folder “......board-support/core-secdev-k3”, and custMpk.pem(TI dummy key) exists under “core-secdev-k3/keys” folder. 

Then run the following commands:

cd ti-process-sdk-linux-j7-evm-08_00_00_08/board-support/k3-image-gen-2021.05 

make clean

make SOC=j721e HS=1

 

The build log is as follows:

arm-none-linux-gnueabihf-gcc -fno-builtin -Wall -Iinclude/soc/j721e -Isoc/j721e/evm -Iinclude -c -o out/soc/j721e/evm/sec-cfg.o-pre-validated ./soc/j721e/evm/sec-cfg.c

python3 ./scripts/sysfw_boardcfg_validator.py -b out/soc/j721e/evm/sec-cfg.o-pre-validated -i -o out/soc/j721e/evm/sec-cfg.o -s j721e -l out/soc/j721e/evm/sec-cfg.o.log

cat ti-fs-firmware-j721e-hs-certs.bin ti-fs-firmware-j721e-hs-enc.bin > out/soc/j721e/evm/sysfw.bin

arm-none-linux-gnueabihf-objcopy -S -O binary out/soc/j721e/evm/board-cfg.o out/soc/j721e/evm/board-cfg.bin.unsigned

/home/aaa/bbb/ti-processor-sdk-linux-j7-evm-08_00_00_08/board-support/core-secdev-k3/scripts/secure-binary-image.sh out/soc/j721e/evm/board-cfg.bin.unsigned out/soc/j721e/evm/board-cfg.bin

arm-none-linux-gnueabihf-objcopy -S -O binary out/soc/j721e/evm/pm-cfg.o out/soc/j721e/evm/pm-cfg.bin.unsigned

/home/aaa/bbb/ti-processor-sdk-linux-j7-evm-08_00_00_08/board-support/core-secdev-k3/scripts/secure-binary-image.sh out/soc/j721e/evm/pm-cfg.bin.unsigned out/soc/j721e/evm/pm-cfg.bin

arm-none-linux-gnueabihf-objcopy -S -O binary out/soc/j721e/evm/rm-cfg.o out/soc/j721e/evm/rm-cfg.bin.unsigned

/home/aaa/bbb/ti-processor-sdk-linux-j7-evm-08_00_00_08/board-support/core-secdev-k3/scripts/secure-binary-image.sh out/soc/j721e/evm/rm-cfg.bin.unsigned out/soc/j721e/evm/rm-cfg.bin

arm-none-linux-gnueabihf-objcopy -S -O binary out/soc/j721e/evm/sec-cfg.o out/soc/j721e/evm/sec-cfg.bin.unsigned

/home/aaa/bbb/ti-processor-sdk-linux-j7-evm-08_00_00_08/board-support/core-secdev-k3/scripts/secure-binary-image.sh out/soc/j721e/evm/sec-cfg.bin.unsigned out/soc/j721e/evm/sec-cfg.bin

./gen_its.sh j721e evm sysfw.bin board-cfg.bin pm-cfg.bin rm-cfg.bin sec-cfg.bin > out/soc/j721e/evm/sysfw-j721e-evm.its

mkimage -f out/soc/j721e/evm/sysfw-j721e-evm.its -r sysfw-j721e-evm.itb

FIT description: SYSFW and Config Fragments

Created:         Tue Dec  6 16:19:11 2022

Image 0 (sysfw.bin)

  Description:  sysfw

  Created:      Tue Dec  6 16:19:11 2022

  Type:         Firmware

  Compression:  uncompressed

  Data Size:    263828 Bytes = 257.64 KiB = 0.25 MiB

  Architecture: ARM

  OS:           Unknown OS

  Load Address: unavailable

Image 1 (board-cfg.bin)

  Description:  board-cfg

  Created:      Tue Dec  6 16:19:11 2022

  Type:         Firmware

  Compression:  uncompressed

  Data Size:    1676 Bytes = 1.64 KiB = 0.00 MiB

  Architecture: ARM

  OS:           Unknown OS

  Load Address: unavailable

Image 2 (pm-cfg.bin)

  Description:  pm-cfg

  Created:      Tue Dec  6 16:19:11 2022

  Type:         Firmware

  Compression:  uncompressed

  Data Size:    1649 Bytes = 1.61 KiB = 0.00 MiB

  Architecture: ARM

  OS:           Unknown OS

  Load Address: unavailable

Image 3 (rm-cfg.bin)

  Description:  rm-cfg

  Created:      Tue Dec  6 16:19:11 2022

  Type:         Firmware

  Compression:  uncompressed

  Data Size:    5358 Bytes = 5.23 KiB = 0.01 MiB

  Architecture: ARM

  OS:           Unknown OS

  Load Address: unavailable

Image 4 (sec-cfg.bin)

  Description:  sec-cfg

  Created:      Tue Dec  6 16:19:11 2022

  Type:         Firmware

  Compression:  uncompressed

  Data Size:    1997 Bytes = 1.95 KiB = 0.00 MiB

  Architecture: ARM

  OS:           Unknown OS

  Load Address: unavailable

rm out/soc/j721e/evm/rm-cfg.bin.unsigned out/soc/j721e/evm/board-cfg.bin.unsigned out/soc/j721e/evm/sec-cfg.bin.unsigned out/soc/j721e/evm/pm-cfg.bin.unsigned

 But generated file is 1716 bytes smaller than previous good one, with the generated file and previous good tiboot3.bin, when the board starts, it continually shows ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ characters.

I compared the bad file with the good one, the byte size difference is because there seems to be an additional certificate at the header part of for sysfw.bin, but the bad one does not contain this. But for sysfw.bin, the remaining bytes are the same. For other files in sysfw.itb, like board-cfg.bin/pm-cfg.bin/rm-cfg.bin/sec-cfg.bin, they seem to have similar length but have different bytes in certificate part. Both the good and bad sysfw.itb attached in the zip file.

So is the command I use correct ? Is there something that I missed in the building process ?

 

Thanks and regards,

Yongfeng Liusysfw.itb.zip

  • 0
    TI__Guru** 121445 points

    Hi Yongfeng,

    The base commands look ok, I suspect you probably have some left-over build artifacts. Please specify the exact commands you used for the exported variables.

    Please also execute the clean command passing in the SOC and HS variables.

    $ make SOC=j721e HS=1 clean

    $ make SOC=j721e HS=1

    The sysfw.bin is indeed mismatched, you should see similar artifacts as below generated in the k3-image-gen-2021.05 folder after the build. The sysfw.bin size should be the total of the sizes of the ti-fs-firmware-j721e-hs-enc.bin and ti-fs-firmware-j721e-hs-certs.bin files. The ti-fs-firmware-j721e-hs-certs.bin file is a signed version of the inner certificate file, ti-fs-firmware-j721e-hs-cert.bin. This seems to be your delta.

    -rw-rw-r-- 1 suman suman 1684 Dec 6 10:02 ti-fs-firmware-j721e-hs-cert.bin
    -rw-rw-r-- 1 suman suman 3398 Dec 6 10:02 ti-fs-firmware-j721e-hs-certs.bin
    -rw-rw-r-- 1 suman suman 262144 Dec 6 10:02 ti-fs-firmware-j721e-hs-enc.bin

    regards

    Suman

  • 0 in reply to Suman Anna
    Prodigy 70 points

    Thank you Suman, it was the clean command that caused this issue. After I use "make SOC=j721e HS=1 clean", and make it again, the file size matches now, and it works.

    Thank you again for your prompt reply.