• State
  • Locked Locked
  • Replies 3 replies
  • Subscribers 98 subscribers
  • Views 404 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

PROCESSOR-SDK-AM64X: Extended OTP Test

PROCESSOR-SDK-AM64X: OTP Questions

Christopher Holland
Intellectual 310 points
Part Number: PROCESSOR-SDK-AM64X


Hi,

Q. Can you change Keys and other values after you program them?
A. Please note that irrespective of the device state, if any bit in Extended OTP is flipped from 0 to 1 then that particular bit can never be flipped again in its lifetime.

Q. What is the purpose of write protect if the bit can't be changed once its programmed. (Is this a matter of "Incremental programming where the 'other bits' might be written? i.e. 1010 --> 1011 or 1110 or 1111)
A.

Q. What is the purpose of the ovrd option in the key writing script? (There is no mention of why in the script help)
A.

Q. What does read protect option do. (I don't quite understand any situation in which the rp bit should be set?)
A.

Q. What are the optional bits in the keys using the key writing script used for? (--mpk-opt, --mek-opt)
A.

Q. Can you "Incrementally verify" OTP? (Maybe by reading memory at bootloader i.e. => mdl.l 0x43000000 2) (It would be nice to verify the values, before burning them.)(Once the key are written they can't be changed, just read.) 
A.

Q. Is there a way to replace the AM64x on the EVM Board? (Since the processor is not socketed, if there is an error writing to the OTP, I don't believe there is an easy way to just replace the processor)
A.

Q. Can the script gen_keywr_cert.sh generate a textual certificate. (The binary is unreadable. It would be nice to see the certificate. I might need to dissect the script.)
A.

Thank you,

  • 0
    TI__Guru* 76201 points

    Hi Christopher,

    Changing Keys & `ovrd` option

    As long as the device is HSFS, you can override the already programmed fields multiple times if supported via `ovrd` option. Let's say you already programmed SMPK but not yet KEYREV meaning the device is still HSFS, you can reprogram a different SMPK with the addition flag `--smpk-ovrd`.

    Christopher Holland said:
    Please note that irrespective of the device state, if any bit in Extended OTP is flipped from 0 to 1 then that particular bit can never be flipped again in its lifetime.

    This comment in the other thread was in respect to the Extended OTP.

    Please note there are two OTP areas:

    1 => One is for secure booting used by ROM/Sysfw

    2 => Other is Extended OTP primarily reserved for general purpose usage.

    Read/Write Protect Options

    These options are used to prevent further R/W to the OTP area by the non-secure world.  

    --------------

    Christopher Holland said:
    Is there a way to replace the AM64x on the EVM Board?

    This is not possible. If you have done everything right according to the OTP Keywriter guidelines then you can trust the process to be flawless.

    Christopher Holland said:
    Q. Can the script gen_keywr_cert.sh generate a textual certificate. (The binary is unreadable. It would be nice to see the certificate. I might need to dissect the script.)

    The script generates configs for input to openssl to generate the final certificate binary. These configs can be found at: <otp_keywriter_path>/sbl_keywriter/scripts/cert_gen/am64x/configs

    I will check on the other two unanswered questions and get back to you. 

    Regards,

    Prashant

  • 0 in reply to Prashant Shivhare
    TI__Guru* 76201 points

    Hi Christopher,

    Prashant Shivhare said:
    As long as the device is HSFS, you can override the already programmed fields multiple times if supported via `ovrd` option. Let's say you already programmed SMPK but not yet KEYREV meaning the device is still HSFS, you can reprogram a different SMPK with the addition flag `--smpk-ovrd`.

    Please hold on to this point. I am checking internally to confirm if this is really the case.

    Thanks!

  • 0 in reply to Prashant Shivhare
    TI__Guru* 76201 points

    Hi Christopher,

    Sorry, I have to take my words back.

    The whole OTP is built on the concept that a bit once flipped from 0 -> 1 can not be flipped again in its lifetime which makes this truly one time programmable. So, the ovrd option is there for overwriting the already programmed fields but the change in value should not result in a bit flip of 1 -> 0 otherwise the operation will fail.

    I am still checking on the remaining two questions.

    Thanks for the understanding!!!