• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 101 subscribers
  • Views 257 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM6442: AM64xx boot sequence

Walter Stoll
Intellectual 320 points
Part Number: AM6442

Hi team

We develop a new platform based on the AM64xx family of CPUs. We don't fully understand how the very first image tiboot3.bin is selected based on the bootmode pins and the correctness of the image. Note, that we use QSPI as primary boot mode and USB as backup boot mode.

The "AM64x /AM243x Processors Silicon Revision 2.0" TRM section "4.4.1.3.1.1 QSPI Initialization Process" says the following:


"If the image fails to be read correctly from offset 0x0 of the flash memory, the ROM will attempt to obtain the image at offset 0x400000. This is the only redundant image location supported by the ROM."

Question 1: We presume, that first the image at offset 0x0 on QSPI is checked. If invalid, the image at offset 0x400000 is checked. If invalid, the image from backup boot media (USB in our case) is fetched. Is this correct for both, GP and HS devices ?

Question 2: What exactly means "If the image fails to be read correctly" in the sentence above ? What exactly is checked to find out if the image is correct ? We presume that the check is different for GP and HS devices. For HS devices, we guess that authentication fails. What about GP devices ?

  • 0
    TI__Guru 68950 points

    1.  Yes this would be the correct sequence for both types of devices

    2.  The ROM will request the DMSC ROM to perform certificate parsing and integrity checks on the image for GP and HSFS devices.  For HSSE device, additionally it will force authentication to provide secure booting.   

    Regards,

    James

  • 0 in reply to JJD
    Intellectual 320 points

    Question to reply (2): Is is guaranteed, that the check will fail if only part of the tiboot3.bin image is stored in QSPI flash ? Background: During firmware update,only part of the image may be stored in flash, e.g. if we face a power-cycle during update.

  • 0 in reply to Walter Stoll
    TI__Guru 68950 points

    Walter,

    i'm pretty sure this will fail the integrity checks.  Let me double check with the ROM team

    Regards,

    James

  • 0 in reply to JJD
    TI__Guru 68950 points

    Walter, comments from the ROM team:

    If the image is corrupted in the flash then the SHA-512 hash of the image while it is read/copied should not match the value in the certificate. That being the case boot would fail for that particular image.

    Note that this is a check during transmission of the image from flash to internal memory.  The actual write to the memory is not checked, so a subsequent software function would have to re-perform the checksum if you want to check that the image landed in the internal memory correctly

    So if the ROM's computed SHA-512 does not match the certificate then the image is considered bad.

    Regards,

    James

  • 0 in reply to JJD
    Intellectual 320 points

    Perfect, thanks a lot for your effort.