Part Number: AM623
Other Parts Discussed in Thread: SYSCONFIG
Tool/software:
Hello TI experts,
I use a custom board to achieve secure boot, the environment is as follows:
a. Ubuntu 22.04
b. Mcu_plus_sdk_am62x version 09.00.00.19
c. Ti_cgt_armllvm version 2.1.3 LTS
d. CCS version 12.3.0.00005
e. Openssl version 1.1.1q
f. sbl_keywriter version 08.06.00 (I just got this keywriter version from my FAE)
I blocked keywriter_setVpp() in $HOME/ti/mcu_plus_sdk_am62x/source/security/tifs/sbl_keywriter/am62x sk/r5fss0-0_2ortos/main. c because custom board defaults to pulling up to 1.8V on VPP, the process of compiling keywriter tiboot3 is as follows:
a. cd $HOME/ti/mcu_plus_sdk_am62x/source/security/tifs/sbl_keywriter/scripts/cert_gen/am62x
./gen_keywr_cert.sh -t tifek/ti_fek_public.pem --msv 0xC0FFE -b-def --bmek-def -s-def --smek-def --keycnt 2 --keyrev 1
b. cd $HOME/ti/mcu_plus_sdk_am62x/source/security/tifs/sbl_keywriter/scripts/x509cert
python3 ../../../../../../tools/bin2c/bin2c.py final_certificate.bin keycert.h KEYCERT
c. cd $HOME/ti/mcu_plus_sdk_am62x/source/security/tifs/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang
make -sj clean PROFILE=debug
make -sj PROFILE=debug
d. Copy tiboot3.bin to the SD card (custom board support SD bootup or eMMC bootup) then bootup from SD, it seems success.
e. Change boot pin mode for Uart bootup then I got socid log and Soc ID Header Info, it already change DeviceType to HSSE.
But when I copied $HOME/ti/mcu_plus_sdk-am62x/source/security/tifs/sbl_keywriter/scripts/Certgen/am62x/keysdevel/smpk.pem to u boot/board/ti/keys/custMpk.pem and recompiled tiboot3, tispl, and u boot, the startup failed without any logs, my u-boot from SDK 09.00.00.03(U-Boot 2023.04 (May 22 2024 - 08:52:15 +0800))
