Part Number: AM5708
Hi,
We have AM5708 HS custom board, We use SMPK configuration for generate secure keys. we have generated key and flash OTP MLO to board and verify hash with bootable MLO.
Hash values of SMPK log and signed bootable MLO log are matching, but issue during the flash we got log as per image.
We are expecting something similar to
++++SMPK hash check pass (check log from image)
but we did not receive similar log.
Later we tried to boot with signed bootable MLO but board is not booting (even if MPKH hash values are matching)
To debug the issue we configure board to boot from USB and check logs as per usb_boot_standalone log
MPKH hash values are matching for TI OTP writter log and bootable MLO, but USB debug shows MPKH hash value different
Do we miss some steps in procedure or it is flashing time issue?
Can any one from TI help on same.
Attached:
1). MLO OTP flash log flash_MLO_log.png image
2). TI OTP writter log during OTP MLO generation (20230221181557.log)
3). Signed MLO hash verification log (using getmpkh_mlo_j6 script)
4). USB standalone debug log (usb_boot_standalone.log)
Thanks
user@BRT2L00009:~/Desktop/Secure_key_release_1.0_20022023/Secure_key_release_1.0/build_env/board-support/u-boot-2019.01+gitAUTOINC+350f3927b8-r32/spl$ ./getmpkh_mlo_j6-01.sh MLO
-----------ROOT KEY--------
Header : 0100000001003300010000000001000001000100
ID : 01000000
Type : 01003300
Rights : 01000000
Size : 00010000
Exponent : 01000100
Modules :
bb3c39d9fa7e7a2b3825df886f3d840b65520f9610b7ddff6f5186953e3d1b7b
8f14299da5e4925897650ac0cebb5475ed6e292b9db3e0e026c2a3408bbe6b19
54832d45dcc2ec512bef951ed9f1076519f86db31445f9c7458be03756041b0a
bffbd8d74d9337f9b5fe04e17a94adc9959cf49384a7a7ac94d7fb0ec975c79a
5c6e1aaac53292c29c8962df29f7a3c808cd6f58c2e8350571f51ccd4940ac46
cb88a31f5e42b7ac9f43d9bdb00d4bcf195299dd4b382800b73d14f224aaf953
4599e71c3e7146b8a60c9c4e127e87aff317066c03f0163cb00b8fb82b99590e
c997b1350af92aa8524fab8927a95de1fda4ae9f7496527e200c40587dadb7a8
--------------------------
--------ROOT KEY HASH---------
MPKH : a9a50cbee71647c626bce0db3b23bfa58f73a4569fe23eef98a9133250c7159a
**************************************
* MPK Hash calculation: *
**************************************
--------------------------------------
./smpk.sh 1 1
Tue Feb 21 18:15:57 IST 2023
--------------------------------------
dbg flag != 0 : release run
KEY_DIR : ./rel/ift/keys
KEY REV : 1
Input File Name : ./rel/ift/cfg_mtm/key_m_mtm_priv.cfg
Output File Name : ./rel/ift/cfg_mtm/key_m_mtm_priv_1.cfg
In String : rsa2048_1
Out String: rsa2048_MPK_rel_1
MPK RSA key : ./rel/ift/keys/rsa2048_MPK_rel_1.pem
MPK KEY CONFIG : ./rel/ift/cfg_mtm/key_m_mtm_priv_1.cfg
MPK-H File Name : ./rel/ift/output/MPK_H_rel_1.txt
MPK_PKC Name : ./rel/ift/output/MPK_PKC_rel_1.bin
--------------------------------------
MPK key exists : rsa2048_MPK_rel_1.pem
**************************************
* 1. MPK-H text file generation *
**************************************
>>>> rm -r ./rel/ift/output/MPK_H_rel_1.txt
**************************************
* 2. MPK-H binary file generation *
**************************************
===========================================================
Run on Tue Feb 21 18:15:57 2023
MPK Input File Name : ./rel/ift/output/MPK_H_rel_1.txt
MPK Output File Name: ./rel/ift/output/MPK_H_rel_1.txt.log
MPK-H BIN File Name : ./rel/ift/output/MPK_H_rel_1.txt.bin
MPK HASH Input:
MPK_HASH_0 = 0xBE0CA5A9
MPK_HASH_1 = 0xC64716E7
MPK_HASH_2 = 0xDBE0BC26
MPK_HASH_3 = 0xA5BF233B
MPK_HASH_4 = 0x56A4738F
MPK_HASH_5 = 0xEF3EE29F
MPK_HASH_6 = 0x3213A998
MPK_HASH_7 = 0x9A15C750
MPK HASH Stream:
a9a50cbee71647c626bce0db3b23bfa58f73a4569fe23eef98a9133250c7159a
===========================================================
**************************************
* 3. BCH on MPK-H binary *
**************************************
Input binary file name: ./rel/ift/output/MPK_H_rel_1.txt.bin
Input binary file size: 32 bytes
Input keytype: smpk
>>>> verbose = 0
>>>> BCH calculation
>>>> Output pKey_bch to ./rel/ift/output/MPK_H_rel_1.txt.bin_bch
>>>> Output pKey_bch to ./rel/ift/output/MPK_H_rel_1.txt.bin_bch.h
>>>> key is SMPK
**************************************
* 4. SMPK certificate generation *
**************************************
*********************************************************************************
* (C) 2016 TEXAS INSTRUMENTS, Inc. All rights reserved. *
* M-Shield Image Formatting Tool ==> IFT: Release 2.7.1 *
*********************************************************************************
* This product includes software developed by the OpenSSL Project for use *
* in the OpenSSL Toolkit (http://www.openssl.org/). *
* IFT is linked against OpenSSL 1.0.2f 28 Jan 2016. *
* This product includes software written by Tim Hudson (tjh@cryptsoft.com) *
* This product includes cryptographic software written by Eric Young *
* (eay@cryptsoft.com). Please read LICENSE file *
*********************************************************************************
Image MultiTask format
Info: OMAP chip version set to VAYU_PG1
- Source cfg files
- key cfg
Info: sourcing file ./rel/ift/cfg_mtm/key_m_mtm_priv_1.cfg
- ppa cfg not provided!
- isw cfg not provided!
- rdm cfg not provided!
- rds cfg not provided!
- ki cfg not provided!
- cust cfg not provided!
- local cfg not provided!
- Key loading
# import MPK:
# OpenSSL RSA public-only key
# FILE: keys/rsa2048_MPK_rel_1.pem
# ID: 0x01
# PKCS2.1 (PSS) mode with: SHA256 for both MSG and MGF / Bin integrity: SHA1
# certificate rights: pk
Info: loaded master public key from PKCert cfg!
# import PKC aux key:
# OpenSSL RSA public-only key
# FILE: keys/rsa2048_MPK_rel_1_pub.pem
# ID: 0x02
# PKCS2.1 (PSS) mode with: SHA256 for both MSG and MGF / Bin integrity: SHA256
# certificate rights: This key has no rights - may be an error.
Info: loaded 1 keys from PKCert cfg!
Info: no RDM cfg provided!
Info: no RDS cfg provided!
Info: no KI cfg provided!
--- Generating Multitask Public Key Certificates----
- PK certificate build...
- PK certificate key importation
# get MPK:
# OpenSSL RSA public-only key
# FILE: keys/rsa2048_MPK_rel_1.pem
# ID: 0x01
# PKCS2.1 (PSS) mode with: SHA256 for both MSG and MGF / Bin integrity: SHA1
# certificate rights: pk
- PK certificate aux keys importation
# get PKC aux key:
# OpenSSL RSA public-only key
# FILE: keys/rsa2048_MPK_rel_1_pub.pem
# ID: 0x02
# PKCS2.1 (PSS) mode with: SHA256 for both MSG and MGF / Bin integrity: SHA256
# certificate rights: This key has no rights - may be an error.
Info: key ID 0x01 is used for PK certificate signature
Warning: Signing key is a public-only key and cannot sign this certificate.
The certificate signature field will contain the raw hash/digest of the certificate.
- PK certificate build: OK!
output hash filename: ./rel/ift/output/MPK_PKC_rel_1.bin.hash size: -> 0x20
output filename: ./rel/ift/output/MPK_PKC_rel_1.bin size: -> 0x960
user@linux:~/secure_keys/board3$ sudo ./usbboot-stand-alone -S
[sudo] password for user:
reading ASIC ID
CHIP: 4a45
rom minor version: 02
IDEN: 76d74f156714699a475f31d402f021a42612ba25
MPKH: 39e6d0aa388ae3a309280c86254cdec6d6caab701ccac7e101694cbde21a0257
CRC0: a7c8764b
CRC1: b2752f0f
device is ED/HD (EMU/HS)
unable to load signed HS/HD iboot.ift
cannot load '(null)'
usbboot syntax and options:
usbboot [ <2ndstage> ] <image>
------------------------------------------------------
example: ./out/<board>/usbboot -s <file>
OR
./out/<board>/usbboot -S <file>
=> Download and execute <file> in internal memory
without waiting for any response.