Part Number: AM6412
Hi Support Team,
I would like to know the definition of TI because I would like to explain Secure Boot
in simple terms to customers who are not familiar with it.
Q1. The following website is very confusing to me, so please let me know
if my understanding is correct and point out any areas where I understand it incorrectly.
software-dl.ti.com/.../SECURE_BOOT.html
Secure boot is a two-stage boot, just like a normal device.
In the first step, the hardware security module (HSM) runtime is loaded into the HSM core in the processor
by the processor's built-in ROM boot loader (RBL), and a second boot loader (SBL)
with a signature (key code) is loaded beforehand into the built-in Cortex-R5 F core.
In the second step, the SBL loaded into the R5F reads a "signed and encrypted boot image"
from external ROM or other boot media, authenticates, decrypts, and completes the boot.
Through this, it is possible to prevent booting from modified, malicious code by non-users.
Q2. Once the boot device is converted to a Secure boot device (HS-SE), can it be converted back to HS-FS (GP device equivalent)?
Q3. Does OTPkeywriter encrypt the boot image to be stored in the external ROM and create the SBL?
Best Regards,
Kanae
