Hi, TI experts,
After refer the thread we had post before: https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1343208/tda4vm-q1-tda4vm-q1-tda4vm88t5balfq1-sr1-1-hs-fs-how-to-build-and-flash-keywriter
we can build keywriter app on 8.4 linux/rtos SDK, but it can not run, we can't see any logs from MCU_UART, it was really strange.
Our build proccess:
by refer to https://www.ti.com/lit/pdf/sprad04, we do below modifications:
1. psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/common.mk
From 569daf672aba0c26cdf9cad997e9697309d76948 Mon Sep 17 00:00:00 2001
From: "Yihao.Che" <cheyihao@mit.cn>
Date: Thu, 28 Mar 2024 14:04:09 +0800
Subject: [PATCH] =?UTF-8?q?pdk:=20=E5=A2=9E=E5=8A=A0SBL=20tiboot3.bin?=
=?UTF-8?q?=E7=9A=84=E5=8A=A0=E5=AF=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
note: 使用的是ti dummy key
参考文档: https://www.ti.com/sitesearch/en-us/docs/universalsearch.tsp?langPref=en-US&searchTerm=hs-fs&nr=1196#q=hs-fs&sort=relevancy&numberOfResults=25
Change-Id: Ie6f3def8da094080e13ed410d1d03a5873b69ba9
---
.../packages/ti/build/makerules/common.mk | 2 +-
.../packages/ti/build/makerules/platform.mk | 1 +
.../packages/ti/build/makerules/x509CertificateGen.sh | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/common.mk b/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/common.mk
index c2471f764a..fd7944b5df 100644
--- a/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/common.mk
+++ b/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/common.mk
@@ -624,7 +624,7 @@ ifeq ($(SOC),$(filter $(SOC), $(keywriter_SOCLIST)))
ifneq ($(OS),Windows_NT)
$(CHMOD) a+x $(SBL_CERT_GEN)
endif
- $(SBL_CERT_GEN) -b $(SBL_BIN_PATH) -o $(SBL_TIIMAGE_PATH) -c R5 -l $(SBL_RUN_ADDRESS) -k $($(APP_NAME)_KEYWR_CERT_KEY) -d DEBUG -j DBG_FULL_ENABLE -m $(SBL_MCU_STARTUP_MODE)
+ $(SBL_CERT_GEN) -b $(SBL_BIN_PATH) -o $(SBL_TIIMAGE_PATH) -c R5 -l $(SBL_RUN_ADDRESS) -k $($(APP_NAME)_KEYWR_CERT_KEY) -y ENCRYPT -e $(SBL_ENCRYPT_KEY_HS) -d DEBUG -j DBG_FULL_ENABLE -m $(SBL_MCU_STARTUP_MODE)
else
$(ECHO) $(SOC) "not yet supported"
endif
diff --git a/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/platform.mk b/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/platform.mk
index 5d4977d393..0c7316a7c0 100644
--- a/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/platform.mk
+++ b/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/platform.mk
@@ -200,6 +200,7 @@ endif
# SBL related macro
export SBL_CERT_KEY_HS=$(ROOTDIR)/ti/build/makerules/k3_dev_mpk.pem
export SBL_CERT_KEY=$(ROOTDIR)/ti/build/makerules/rom_degenerateKey.pem
+export SBL_ENCRYPT_KEY_HS=$(ROOTDIR)/ti/build/makerules/k3_dev_mek.txt
#
# Derive Target/ISA from CORE
diff --git a/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/x509CertificateGen.sh b/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/x509CertificateGen.sh
index 68ffae0c57..ab26b272ac 100755
--- a/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/x509CertificateGen.sh
+++ b/psdkra/pdk_jacinto_08_04_00_21/packages/ti/build/makerules/x509CertificateGen.sh
@@ -116,7 +116,7 @@ image_encrypt() {
truncate -s %16 enc_tmp.bin
xxd -r -p $ENC_RS enc_rs.bin
cat enc_tmp.bin enc_rs.bin > enc_bin_rs.bin
- ENC_BIN=$CERT_SIGN"-ENC-"$(basename $BIN)
+ ENC_BIN=$BIN"-ENC-"$CERT_SIGN
echo "$ENC_BIN"
if [ "$IMG_ENC" == "ENCRYPT" ];then
openssl aes-256-cbc -e -K `cat $ENC_KEY` -iv $ENC_IV_VAL -in enc_bin_rs.bin -out $ENC_BIN -nopad
--
2.17.1
2. download the OTP keywriter Add on package: OTP_KEYWRITER_ADD_ON_j721e_sr1_1_v2021.05b-linux-installer.run
3. write an shell script to complete the build proccess:
#!/bin/bash
PDK_PATH=../../../../../../../psdkra/pdk_jacinto_08_04_00_21
# copy form addon package
cp ${PDK_PATH}/../../addon/ti_fek_public.pem ${PDK_PATH}/packages/ti/boot/keywriter/scripts/ti_fek_public.pem
cp ${PDK_PATH}/../../addon/ti-fs-keywriter.bin ${PDK_PATH}/packages/ti/boot/keywriter/tifs_bin/j721e/ti-fs-keywriter.bin
cp ${PDK_PATH}/packages/ti/build/makerules/k3_dev_mpk.pem ${PDK_PATH}/packages/ti/boot/keywriter/scripts/keys/smpk.pem
md5sum ${PDK_PATH}/packages/ti/build/makerules/k3_dev_mpk.pem ${PDK_PATH}/packages/ti/boot/keywriter/scripts/keys/smpk.pem
echo -e "\n\n"
sleep 1
xxd -p -r ${PDK_PATH}/packages/ti/build/makerules/k3_dev_mek.txt ${PDK_PATH}/packages/ti/boot/keywriter/scripts/keys/smek.key
cat ${PDK_PATH}/packages/ti/build/makerules/k3_dev_mek.txt
echo -e "\n"
xxd -p ${PDK_PATH}/packages/ti/boot/keywriter/scripts/keys/smek.key
echo -e "\n\n"
sleep 1
cp ${PDK_PATH}/packages/ti/boot/keywriter/scripts/ti_fek_public.pem ${PDK_PATH}/packages/ti/boot/keywriter/scripts/keys/tifekpub.pem
md5sum ${PDK_PATH}/packages/ti/boot/keywriter/scripts/ti_fek_public.pem ${PDK_PATH}/packages/ti/boot/keywriter/scripts/keys/tifekpub.pem
echo -e "\n\n"
sleep 1
echo -e "\n\n\033[36mgenerate the x509 certificate...\033[0m\n"
cd ${PDK_PATH}/packages/ti/boot/keywriter/scripts/
./gen_keywr_cert.sh -s keys/smpk.pem --smek keys/smek.key -t keys/tifekpub.pem -a keys/aes256.key
md5sum ../x509cert/final_certificate.bin
echo -e "\n\n"
sleep 1
echo -e "\n\n\033[36mgenerate keywriter application...\033[0m\n"
cd ${PDK_PATH}/packages/ti/build
make keywriter_img_clean -j8
make keywriter_img -j8
We are testing the OTP efuse proccess on custom board, and using the SD card boot mode. When using the tiboot3.bin which can run on the GP EVM board, the Custom board can show the SBL version on the MCU_UART console, so we think that the MCU_UART is ok. So if the OTP keywriter can be loaded and run, there should show the OTP version at least, it was weird.. We have no idea what happened, becanuse there is no log. the keywriter app we using is attached below:
keywriter_img_j721e_release.tiimage.txt
Thanks.
