This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM6442: SE mode verify issue

Genius 13655 points
Part Number: AM6442

Hello Champs,

Customer followed AM64X_AM243X_OTP_Keywriter_User_Guide_08.02.pdf verify signature.

After write tiboo3.bin(Build by gen_keywr_cert.sh) , he can get info as following:

He think the SoC had work on SE type.  But he used the tiboot3.bin(Build by U-boot) has sign image to boot DUT, it has no massage. His verify steps as following:

keywriter:

1. run:   mcu_plus_sdk_am64x_08_04_00_17-linux-x64-installer.run , otp_keywriter_am64x_am243x_08.04-linux-installer.run , sysconfig-1.13.0_2553-setup.run , CCS12.1.0.00007_web_linux-x64/ccs_setup_12.1.0.00007.run

2. cd ~/mcu_plus_sdk_am64x_08_04_00_17/source/security/tifs/sbl_keywriter/scripts/cert_gen/

3. ./gen_keywr_cert.sh -g && cp -a keys/* keys_devel/am64x/

4. ./gen_keywr_cert.sh -t tifek/am64x/ti_fek_public.pem --msv 0xC0FFE -b keys_devel/am64x/bmpk.pem --bmek keys_devel/am64x/bmek.key -s keys_devel/am64x/smpk.pem --smek keys_devel/am64x/smek.key --keycnt 1 --keyrev 1

5. python3 ../../../../../../tools/bin2c/bin2c.py ../x509cert/final_certificate.bin keycert.h KEYCERT

6. cp keycert.h ../x509cert/

7. cd ~/ti/mcu_plus_sdk_am64x_08_04_00_17/source/security/tifs/sbl_keywriter/am64x-evm/r5fss0-0_nortos/ti-arm-clang && make -sj clean PROFILE=debug && make -sj PROFILE=debug

8. Switch DUT to "UART BOOT MODE"    and    Use "Tera Term" write the tiboot3.bin

9. He can get 02000000011a0000616d3634780000000000000048535345000002000000020002a6000001000200b018658ad99dc903c8c9bfb27b12751099920a042ad1dfea7b7ba57369f15546de285edde6a7b39a8bdc40a27b237f8fb1e57f245e80b929c1e28b024aa2ecc623da28ddd59a7e2899a02c21cfcebf536c2d474e59ba0b770807365be63e8c28efcbeb841d0dbd6867aa9b96661d3bc402d18570c81462dd7c2e643bc934a6c19cad200a569aca739adeef2239029e33b0d9898fbaff27f6beba954edb0284c4C02000000011a0000616d3634780000000000000048535345000002000000020002a6000001000200b018658ad99dc903c8c9bfb27b12751099920a042ad1dfea7b7ba57369f15546de285edde6a7b39a8bdc40a27b237f8fb1e57f245e80b929c1e28b024aa2ecc623da28ddd59a7e2899a02c21cfcebf536c2d474e59ba0b770807365be63e8c28efcbeb841d0dbd6867aa9b96661d3bc402d18570c81462dd7c2e643bc934a6c19cad200a569aca739adeef2239029e33b0d9898fbaff27f6beba954edb0284c4

10. python ./tools/boot/socid_parser/uart_boot_socid.py ./source/security/tifs/sbl_keywriter/tools/socid.txt (Can read the boot massage)

-----------------------
SoC ID Header Info:
-----------------------
NumBlocks            : [2]
-----------------------
SoC ID Public ROM Info:
-----------------------
SubBlockId           : 1
SubBlockSize         : 26
DeviceName           : am64x
DeviceType           : HSSE
DMSC ROM Version     : [0, 2, 0, 0]
R5 ROM Version       : [0, 2, 0, 0]
-----------------------
SoC ID Secure ROM Info:
-----------------------
Sec SubBlockId       : 2
Sec SubBlockSize     : 166
Sec Prime            : 0
Sec Key Revision     : 1
Sec Key Count        : 2
Sec TI MPK Hash      : b018658ad99dc903c8c9bfb27b12751099920a042ad1dfea7b7ba57369f15546de285edde6a7b39a8bdc40a27b237f8fb1e57f245e80b929c1e28b024aa2ecc6
Sec Cust MPK Hash    : 23da28ddd59a7e2899a02c21cfcebf536c2d474e59ba0b770807365be63e8c28efcbeb841d0dbd6867aa9b96661d3bc402d18570c81462dd7c2e643bc934a6c1
Sec Unique ID        : 9cad200a569aca739adeef2239029e33b0d9898fbaff27f6beba954edb0284c4

Q1: How to get  "Cust MPK Hash"  by openssl?? openssl dgst -sha512 smpk.pem??
Q2: Sign his tiboot3.bin, tispl, uboot.img by the private key smpk.pem at keys_devel/am64x/ ??

Thanks.
Rgds
Shine