• State TI Thinks Resolved
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 98 subscribers
  • Views 614 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

PROCESSOR-SDK-J721E: How to adapt secure boot on the GP board?

chang dou
Prodigy 60 points
Part Number: PROCESSOR-SDK-J721E
Other Parts Discussed in Thread: TDA4VM

I'm currently working on RTOS SBL boot adaptation on the GP board of TDA4VM,  and attempting to use the X509 format app image for secure boot. But I‘m not sure if this plan is feasible and what needs to be noted. Can you provide some suggestions in this regard.

The SDK V09_00 is used.

  • 0
    TI__Guru** 113435 points

    Hi Dou,

    The TDA4 ROM always requires a x509 certificate in front of our Bootloader and TIFS binaries, so the SBL image always requires a x509 certificate at the front of the binary.

    The GP devices use a regular degenerate key for signing the SBL. 

    I am not sure what you are trying to different from above. A HS-SE device requires that you sign the SBL specifically with the SMPK-Private key, and a binary signed with any other key will fail the boot.

     regards

    Suman

  • 0 in reply to Suman Anna
    Prodigy 60 points

    Thank you for your reply.

    We would like to try using our own key pairs for image signing and verification, but we still have some questions about the source code:

    1. How to obtain the source code for  image generation and secure boot verification?

    2. Where is the regular degenerate key defined in the code? How do I use the regular degenerate key to implement image signature?

    3. How to enable verification of image files during system startup? Which files record the source code for verification?

  • 0 in reply to chang dou
    TI__Guru** 113435 points

    Hi Duo,

    I recommend you to read through the Chapter 4 Initialization of the TDA4VM TRM to get a basic understanding of these questions, especially the Boot Image Format sub-chapter.

    The PDK should have all the build infrastructure pieces needed to build a SBL firmware image, and it's signing with a key. Please look through the makefile rules in the <RTOS_SDK>/<PDK>/packages/ti/build.

    The ROM degenerate key is the rom_degenerateKey.pem file in the above path.

    regards

    Suman

  • 0 in reply to Suman Anna
    Prodigy 60 points

    I generated a signed App.img using x509Certificate Gen.sh and tested. Result display: Verification failed,Ignoed on GP.

    In the source code, it can be seen that calling Sciclient_procBootAuthAndStart can achieve "Request DMSC to authenticate the image" and complete image verification. What specific information does the authReq passed in Sciclient_procBootAuthAndStart contain?

    After reviewing the relevant documentation, I found that the security x509 certificate document states "System Firmware does not include a X509 parser on GP devices."  What is the specific function of X509 Parser?  Which step of image verification cannot be completed without X509 parser?

  • 0 in reply to chang dou
    TI__Guru** 113435 points

    Hi Dou,

    chang dou said:
    I generated a signed App.img using x509Certificate Gen.sh and tested. Result display: Verification failed,Ignoed on GP.

    Are you still talking about bootloader image, or now talking about an application image?

    The regular application image does not need to be signed on a GP device. Are you signing this GP image with your private key or degenerate key? You can probably do this on a HS-FS device, but not a GP device. The TIFS binary (different between GP vs HS-FS vs HS-SE) doesn't have any authentication services enabled on a GP device.

    chang dou said:
    I found that the security x509 certificate document states "System Firmware does not include a X509 parser on GP devices."  What is the specific function of X509 Parser?  Which step of image verification cannot be completed without X509 parser?

    Correct, this is meant for HS devices. There are no efuses nor any provision to authenticate against any type of keys on a GP device.

    regards

    Suman

  • 0 in reply to Suman Anna
    Prodigy 60 points
    Suman Anna said:
    Are you still talking about bootloader image, or now talking about an application image?

    I‘m attempting to authenticate application image on a GP device. 

    I plan to use a preset key for X509 certificate verification, but I am not sure where the source code for X509 certificate verification is? Does the missing X509 parser affect my ability to parse X509 certificate formats?

  • 0 in reply to chang dou
    TI__Guru** 113435 points

    Hi Dou,

    TIFS is the primary Security root-of-trust once it is up and running, and is responsible for all authentication services on HS devices.

    The X509 parser logic is all within the closed-source TIFS binary.

    Please use a HS-FS device if you want to test application authetication. I don't expect it to work on a GP device at all. You can try with a degenerate key (ROM can deal with this), but AFAIK, TIFS should fail the application authentication images.

    This is also mentioned as an imporant note at the top of the TI-SCI System Firmware Authentication and Decryption Requests documentation.

    regards

    Suman