I have access to the MySecureSoftware. I have downloaded the SDK and the keywriter zip files from the links mentioned below.
- K2G_Prod_keywriter_images.zip from https://software-dl.ti.com/secure/software/sitara-sec/K2G_RESTRICTED_SW/index_FDS.html?__gda__=1704757541_e4ecb027b0325fdbb9eddf79f7230011
- Secure Dev SKD ti-processor-sdk-secdev-k2g-hs-01.06.00.05.tar.gz from https://software-dl.ti.com/secure/software/sitara-sec/K2G_RESTRICTED_SW/linux/06_03_00_106/index_FDS.html
Ques 1. Where are the binaries/images signed with TI production keys (keys part of OTP)? I would to try TI signed image on the board first.
Ques 2. In K2G_Prod_Keywriter_images.zip, there is folder K2G_Prod_keywriter_images/processor_sdk_secdev_k2g-hs_keywriter/keywriter_uart0, how do we use these binaries? Any documentation about this? Application_Notes_on_Secure_Key_writer_on_HS_K2G_devices.pdf in this zip file doesn't seem to be relevant, looks bit outdated.
Ques 3. What are the steps to install secure image on the K2GEVMXS?
Ques 4. Any instructions on integrating secure sdk to general purpose sdk?
Ques 5. Could I get some documentation about the scripts folder in proc-sdk-secdev?
Following is a snippet from document Application_Notes_on_Secure_Key_writer_on_HS_K2G_devices.pdf(Page 5) included in above mentioned zip file and attached in this email.
Append dummy secondary keys to key writer
The first step in the process requires users to practice the OTP key writing process on the TI secure EVM. In order to enable key programming on HS devices, the users are required to use the files:
seckeywriter.toc.ccs : Keywriter CCS TOC binary signed using TI production keys
Location: download from MySecureSW
seckeywriter_append.cfg: Configuration file specifies location of secondary keys and TI Fek key and notification mechanism
Location: proc-sdk-secdev_01_xx_xx_xx\otp_writer\sec_key_writer
Secondary Keys: Reuse TI development keys or generate dummy keys for practicing
Location: proc-sdk-secdev_01_03_00_00\sec\ks2keys\dev
Note: For the purpose of this document, we will re-use TI development keys as the secondary keys. For production environment please point to custom location where keys reside.
The document refers to otp_writer directory (as highlighted above) in the Sec Dev SDK but I don’t see any such directory, hence I’m missing seckeywriter_append.cfg. Is there something I’m missing or is the document itself outdated?
The document refers to proc-sdk-secdev_01_xx_xx_xx, but only 03_xx_xx_xx onwards are available on MySecureSoftware.
Could this secserver.cfg (location: proc-sdk-secdev/secure_server) be possibly the renamed configuration file instead of seckeywriter_append.cfg?
I do see TiFek in the SDK (location: proc-sdk-secdev/sec/keys/fekkeys/), are these the TI production dummy keys you were referring to?
Thanks.