TDA4VM: x509CertificateGen.sh Signing

Hi I O

I am bit confused over here you are usinbg RTOS SDK but the images which you want to sign is of linux sdk 

I O said:

I'm using the j784s4-evm-09_01_00_06 rtos sdk for development.

I O said:

My current goal is to sign tispl.bin, tiboot3.bin & u-boot.img with TI provided keys

Can you clarify on this thing ?

Linux SDK already have a build infra which does the signing of all the images for HS-SE devices with TI dummy keys.Not sure what is the need of explicitly signing these images inside PDK.

Regards
Diwakar

I would like to explicitly sign these 3 boot files for the goals of my team and my own understanding. Using the Linux sdk is fine, but it's important that I understand exactly how the signing is being done when 'make u-boot' is run.

I have used the Linux sdk to successfully create the signed boot images with TI dummy keys already.

I would now like to sign these files with my own keys instead of dummy keys and have them pass authentication on boot.

Had some difficulty finding exact signing steps in the makefiles of the Linux sdk, so I tried using the x509 script to generate these signed boot images.

If using the rtos x509 script is not the correct way to sign these 3 boot files I would like detailed steps on how the Linux sdk's build infrastructure achieves this.

There are multiple files in the <linux sdk>/board-support/ti-uboot*/build/a72 and <linux sdk>/board-support/ti-uboot*/build/r5 directories:

Files such as the following:
- input.ti-spl.fit.images.*
- config.ti-spl.fit.images.*
- cert.ti-spl.fit.images.*

- input.u-boot.fit.images.*
- config.u-boot.fit.*
- cert.u-boot.fit.images.*

- input.tiboot3-j784s4-*
- config.tiboot3-j784s4-*
- cert.tiboot3-j784s4-*

that appear to be part of the process in building the boot files: tispl.bin, tiboot3.bin, and u-boot.img. It's unclear how these intermediary files are generated & how they are used with the dummy keys to create the final signed boot files.

Clarification on the signing process would be greatly appreciated.

Hi IO 

The process of generating the signed binary is depend on the binary which you are generating. Like to generate the signed tiboot3.bin in cmbined boot flow 

we need to have R5 SPL + signed / encrypted tifs binary +signed boad config file  then you will sign the whole combined binary, whereas for tispl and u-boot.img you will just the signing the image with the root keys  

How the packing is done can be found out in <linux_sdk>/<u-boot>/arch/arm/dts/k3-j784s4-binman.dtsi

If you want to sign the images with your keys you just need to replace the custMpk.pem (<linux_sdk>/<u-boot>/board/ti/keys/custMpk.pem)

You can also have look to the git commit for the same:

https://git.ti.com/cgit/ti-u-boot/ti-u-boot/commit/?h=ti-u-boot-2023.04&id=dd467d4f53808c92dd4b47d7e3f57825607670cf

Regards
Diwakar

Using the information in k3-j784s4-binman.dtsi I did the following to generate my image, but it does not boot:

Example for tiboot3.bin Image:

/ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/build/makerules/x509CertificateGen.sh \
-a combined \
-c R5 \
-l 0x41c00000 \
-b /ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/boot/sbl/binary/j784s4_evm/uart/bin/sbl_uart_img_mcu1_0_release.bin \
-w /ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/drv/sciclient/soc/sysfw/binaries/ti-fs-firmware-j784s4-hs-fs-enc.bin \
-v 0x40000 \
-g /ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/drv/sciclient/soc/V6/combined-tifs-cfg.bin \
-n 0x66800 \
-t /ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/drv/sciclient/soc/V6/combined-dm-cfg.bin \
-p 0x41c80000 \
-q /ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/drv/sciclient/soc/sysfw/binaries/ti-fs-firmware-j784s4-hs-fs-cert.bin \
-k /ti-processor-sdk-linux-j784s4-evm-09_01_00_06/board-support/ti-u-boot-2023.04+gitAUTOINC+b0d868ee08-gb0d868ee08/board/ti/keys/devKey.pem \
-o tiboot3.bin

Signed with:
openssl dgst -sign <ti-uboot>/board/ti/keys/custMpk.pem -keyform PEM -sha512 -binary tiboot3.bin -out tiboot3.bin.signed

A few things:
- Would you be able to show the correct steps to generate boot images (i.e. script flags, openssl commands, etc...) using the combined boot flow you mentioned?
- By root keys are you referring to the TI dummy keys?
- It looks like the 'binman' tool can be used to build these images according to a particular device tree configuration. Do you have any information about the manual usage of the binman tool in the linux sdk?
        - After following the setup instructions in 'binman.rst' I ran into a 'QUIET_NOTFOUND' error message from libfdt.

Thanks for your expertise.

HI IO 

I am bit confused here what is your boot flow initially it seems you want to use SPL.

Now seeing this you are using SBL.

I O said:

-c R5 \
-l 0x41c00000 \
-b /ti-processor-sdk-rtos-j784s4-evm-09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/boot/sbl/binary/j784s4_evm/uart/bin/sbl_uart_img_mcu1_0_release.bin \

Can you confirm which boot flow you want to use SBL and SPL.what is your exact boot flow?

Regards
Diwakar

I would like to use the SPL boot flow. tiboot3.bin boots tispl.bin on a72; tispl.bin boots uboot.img on a72; uboot.img boots linux kernel.

Hi IO 

I O said:

09_01_00_06/pdk_j784s4_09_01_00_22/packages/ti/boot/sbl/binary/j784s4_evm/uart/bin/sbl_uart_img_mcu1_0_release.

There are two boot flow we have one is SBL and other is SPL in the above response you are trying to sign the SBL not SPL.

In the Linux SDK already we have things are in place to sign the image , linux build system uses k3-j784s4-binman.dtsi to package the image and signed it.

As mentioned in the above response you just need to replace the key with you key and you are good to go.

Diwakar Dhyani said:

If you want to sign the images with your keys you just need to replace the custMpk.pem (<linux_sdk>/<u-boot>/board/ti/keys/custMpk.pem)

After replacing the key, build the uboot , kernel then you will be able to boot your own signed images if the same root trust keys are also burned into the efuses.

Regards
Diwakar

I ran 'make clean' and then replaced the dummy key my own dev key:
$ cp /devkey/dev-key.pem <linux_sdk>/<u-boot>/board/ti/keys/custMpk.pem

I then ran 'make all' to rebuild u-boot & the kernel.

I have not yet used key writer to burn my dev keys into the board's efuses.
After loading (dev key signed) tispl.bin, tiboot3.bin, and u-boot.img onto my board, I received "Authentication Passed" messages when I booted:

Diwakar Dhyani said:

then you will be able to boot your own signed images if the same root trust keys are also burned into the efuses.

I expected to see some kind of authentication failed messages because the dev key was not burned into the efuses.

What are the expected authentication messages when boot images are signed with a key that has not been burned into the  efuses?
How can I check that my images are signed with my dev key?

Hi IO,

To authenticate the images R5 SPL/ A72 SPL / UBOOT uses tisci API TISCI_MSG_PROC_AUTH_BOOT to authenticate the image.

As your device is HS-FS tifs will only perform the integrity check and will skip the root of trust key comparison check that is the reason you are seeing "Authentication Passed" logs.

You can refer to the TISCI documentation for the same.

https://software-dl.ti.com/tisci/esd/09_01_08/2_tisci_msgs/security/PROC_BOOT.html#tisci-msg-proc-auth-boot-authenticate-image-and-configure-processor

Regards
Diwakar

Thanks for the helpful information.

Can you provide any information on how the API authenticates?

I'm interested to know if it relies on any open source tools/software (or if it relies only on TI created tools). Any instructions on how the API is used would also be great to know, I didn't find much of this info in the link you sent.

Also is there another way to do the root of trust key comparison on my HS-FS device? I'd just like to know how to prove that my images are signed with my dev key.

Hi IO

I O said:

Can you provide any information on how the API authenticates?

Suggested you to check the check SBL_VerifyMulticoreImage function  in <RTOS_SDK>/<pdk>/packages/ti/boot/sbl/soc/k3/sbl_soc.c

I O said:

I'm interested to know if it relies on any open source tools/software (or if it relies only on TI created tools). Any instructions on how the API is used would also be great to know, I didn't find much of this info in the link you sent.

The image get signed with the root trust keys using openssl command , please go through the TISCI document to understand the authentication process

https://software-dl.ti.com/tisci/esd/latest/6_topic_user_guides/authentication.html#sysfw-authentication-and-decryption-requests

I O said:

Also is there another way to do the root of trust key comparison on my HS-FS device? I'd just like to know how to prove that my images are signed with my dev key.

You can rely on the logs while signing the image with the keys and with the boot process on HS-SE device also you can confirm that.Also you can get the public key of the signed image using openssl command and can compare with the hash burned in the efuses  to see if your images  are signed properly.

You can get the hash of the root trust keys on the HS-SE devices using UART boot mode

Ref:software-dl.ti.com/.../Foundational_Components_Migration_Guide.html

Regards
Diwakar