PROCESSOR-SDK-AM64X: openssl version

Owen Mears

Expert 5115 points

Part Number: PROCESSOR-SDK-AM64X

Tool/software:

Hello,

A question about openssl version:

Based on OTP Keywriter User Guide:

Note

OpenSSL (1.1.1 11 Sep 2018) is required for building the OTP Keywriter.

You can check if OpenSSL is installed by typing “openssl version” in your command prompt.

If it's not installed, download and install OpenSSL for your OS.

We use Ubuntu 22 Linux which has openssl version of :

Package: openssl

Architecture: amd64

Version: 3.0.2-0ubuntu1

Multi-Arch: foreign

Then I tried to do openssl packages:

# download binary openssl packages

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.22_amd64.deb

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2.22_amd64.deb

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.22_amd64.deb

# install downloaded binary packages

sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.22_amd64.deb

sudo dpkg -i libssl-dev_1.1.1f-1ubuntu2.22_amd64.deb

sudo dpkg -i openssl_1.1.1f-1ubuntu2.22_amd64.deb

sudo ldconfig -v

Validate the version

openssl version -a

OpenSSL 1.1.1f 31 Mar 2020

built on: Fri Feb 16 15:41:31 2024 UTC

platform: debian-amd64

options: bn(64,64) rc4(16x,int) des(int) blowfish(ptr)

compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-ANcB0E/openssl-1.1.1f=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2

OPENSSLDIR: "/usr/lib/ssl"

ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"

Seeding source: os-specific

I am wondering if it is good or not to meet document requirements?

I am going to use default keys under folder of keys_devel/ to generate Keywriter Certificate by command:

./gen_keywr_cert.sh -t tifek/ti_fek_public.pem --msv 0xC0FFE -b keys_devel/bmpk.pem

--bmek keys_devel/bmek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key --keycnt 2 --keyrev 1

I want to make sure that this won't brick the AM64x EVM!

Thank you very much!

over 1 year ago

0 Weijun Zhu over 1 year ago

Prodigy 70 points

1, cd $HOME/ti/mcu_plus_sdk_am64x_09_00_00_31/source/security/sbl_keywriter/scripts/cert_gen/am64x

./gen_keywr_cert.sh -t tifek/ti_fek_public.pem --msv 0xC0FFE -b keys_devel/bmpk.pem --bmek keys_devel/bmek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key --keycnt 2 --keyrev 1

2, cd $HOME/ti/mcu_plus_sdk_am64x_09_00_00_31/source/security/sbl_keywriter/scripts/x509cert

python3 ../../../../../tools/bin2c/bin2c.py final_certificate.bin keycert.h KEYCERT

3, cd $HOME/ti/mcu_plus_sdk_am64x_09_00_00_31/source/security/sbl_keywriter/am64x-evm/r5fss0-0_nortos/ti-arm-clang

make -sj clean PROFILE=debug
make -sj PROFILE=debug

4, Copy tiboot3.bin to the SD card, then bootup from SD, it looks success.

Starting Keywriting
Enabled VPP
keys Certificate found: 0x70042b00
Keywriter Debug Response:0x0
Success Programming Keys

5, Set the boot mode switches into UART boot mode, then power up board. The terminal will print the SoC ID followed by "CCC" (ping characters). Copy the entire string up until "CCC" (ping characters)

02000000011a0000616d3634780000000000000048535345000002000000020002a6000001000200b018658ad99dc903c8c9bfb27b12751099920a042ad1dfea7b7ba57369f15546de285edde6a7b39a8bdc40a27b237f8fb1e57f245e80b929c1e28b024aa2ecc61f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d2b64b3c78c81e0b285febd4cb3d6f503944485f0daac9ffd672fdf600546c1e8

6, Paste the string in <MCU_PLUS_SDK_INSTALL_DIR>/source/security/sbl_keywriter/
tools/socid.txt

7, Run the command below in the following directory: <MCU_PLUS_SDK_INSTALL_DIR>/source/
security/sbl_keywriter/tools
$ python parse_uart_boot_socid.py socid.txt

This will parse the SoC ID and show the information below.

-----------------------
SoC ID Header Info:
-----------------------
NumBlocks : 2
-----------------------
SoC ID Public ROM Info:
-----------------------
SubBlockId : 1
SubBlockSize : 26
DeviceName : am64x
DeviceType : HSSE
DMSC ROM Version : [0, 2, 0, 0]
R5 ROM Version : [0, 2, 0, 0]
-----------------------
SoC ID Secure ROM Info:
-----------------------
Sec SubBlockId : 2
Sec SubBlockSize : 166
Sec Prime : 0
Sec Key Revision : 1
Sec Key Count : 2
Sec TI MPK Hash : b018658ad99dc903c8c9bfb27b12751099920a042ad1dfea7b7ba57369f15546de285edde6a7b39a8bdc40a27b237f8fb1e57f245e80b929c1e28b024aa2ecc6
Sec Cust MPK Hash : 1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d
Sec Unique ID : 2b64b3c78c81e0b285febd4cb3d6f503944485f0daac9ffd672fdf600546c1e8

8, copy ~/ti/mcu_plus_sdk_am64x_09_00_00_31/source/security/sbl_keywriter/scripts/cert_gen/am64x/keys_devel/smpk.pem to u boot/board/ti/keys/custMpk.pem and cp custMpk.pem to custMpk.key and use blow command make custMpk.crt:
openssl req -batch -new -x509 -key custMpk.pem -out custMpk.crt

last step to recompiled tiboot3.bin, tispl.bin, and u-boot.img

9, copy tiboot3.bin, tispl.bin, and u-boot.img to SD card

10, power up board and fail to load Fit-image

U-Boot SPL 2023.04 (Jun 04 2024 - 17:37:06 -0400)
Resetting on cold boot to workaround ErrataID:i2331
Please resend tiboot3.bin in case of UART/DFU boot
resetting ...

U-Boot SPL 2023.04 (Jun 04 2024 - 17:37:06 -0400)
SYSFW ABI: 3.1 (firmware rev 0x0009 '9.0.5--v09.00.05 (Kool Koala)')
SPL initial stack usage: 13376 bytes
Trying to boot from MMC2
Authentication passed
Authentication passed
Authentication passed
Authentication passed
Loading Environment from MMC... *** Warning - No MMC card found, using default environment

Starting ATF on ARM64 core...

NOTICE: BL31: v2.8(release):v2.8-226-g2fcd408bb
NOTICE: BL31: Built : 17:35:44, Jun 4 2024
I/TC:
I/TC: OP-TEE version: 3.20.0 (gcc version 11.3.1 20220712 (Arm GNU Toolchain 11.3.Rel1)) #1 Tue Jun 4 21:36:54 UTC 2024 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check optee.readthedocs.io/.../porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: SYSFW ABI: 3.1 (firmware rev 0x0009 '9.0.5--v09.00.05 (Kool Koala)')
I/TC: HUK Initialized
I/TC: Activated SA2UL device
I/TC: Enabled firewalls for SA2UL TRNG device
I/TC: SA2UL TRNG initialized
I/TC: SA2UL Drivers initialized
I/TC: Primary CPU switching to normal world boot

U-Boot SPL 2023.04 (Jun 04 2024 - 17:38:44 -0400)
SYSFW ABI: 3.1 (firmware rev 0x0009 '9.0.5--v09.00.05 (Kool Koala)')
Trying to boot from MMC2
Authentication passed
Authentication passed

U-Boot 2023.04 (Jun 04 2024 - 17:38:44 -0400)

SoC: AM64X SR2.0 HS-SE
Model: Texas Instruments AM642 EVM
Board: AM64-EVM rev C
DRAM: 2 GiB
Core: 59 devices, 29 uclasses, devicetree: separate
MMC: mmc@fa10000: 0, mmc@fa00000: 1
Loading Environment from MMC... OK
In: serial@2800000
Out: serial@2800000
Err: serial@2800000
Unidentified board claims AM64-EVM in eeprom header
Net: eth0: ethernet@8000000port@1
Hit any key to stop autoboot: 0
switch to partitions #0, OK
mmc1 is current device
SD/MMC found on device 1
Failed to load 'boot.scr'
Failed to load 'uEnv.txt'
Failed to load '/boot/fitImage'
name_fit_config=conf-ti_k3-am642-evm.dtb
Wrong Image Format for bootm command
ERROR: can't get kernel image!
switch to partitions #0, OK
mmc0(part 0) is current device
Scanning mmc 0:1...
No EFI system partition
No EFI system partition
Failed to persist EFI variables
BootOrder not defined
EFI boot manager: Cannot load any image
switch to partitions #0, OK
mmc1 is current device
Scanning mmc 1:1...
BootOrder not defined
EFI boot manager: Cannot load any image
starting USB...
No working controllers found
USB is stopped. Please issue 'usb start' first.
starting USB...
No working controllers found
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
missing environment variable: pxeuuid
Retrieving file: pxelinux.cfg/01-1c-63-49-1a-d7-81
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/00000000
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/0000000
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/000000
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/00000
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/0000
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/000
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/00
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/0
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/default-arm-k3-am64x
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/default-arm-k3
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/default-arm
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Retrieving file: pxelinux.cfg/default
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
Config file not found
starting USB...
No working controllers found
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
ethernet@8000000port@1 Waiting for PHY auto negotiation to complete......... TIMEOUT !
am65_cpsw_nuss_port ethernet@8000000port@1: phy_startup failed
am65_cpsw_nuss_port ethernet@8000000port@1: am65_cpsw_start end error
=>

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Hi Weijun,

I see you have successfully converted the device to HSSE and could also boot U-Boot successfully.

May I know what the open issue is now?

Regards,

Prashant

0 Weijun Zhu over 1 year ago in reply to Prashant Shivhare

Prodigy 70 points

Hello Prashant,

yes, you are right.

as what you might see is the "Failed to load '/boot/fitImage' " in dumping information.

We are wondering to know what reason causes failing to load fitImage?

The fitimage is the same as what was when AM64x evm was HSFS.

Do we need to update fitimage and how to do it?

Thank you

Regards

Weijun

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Hello,

The issue to me looks more like the U-Boot failing to even read the Kernel fitimage.

Could you please run the following commands from the U-Boot commands and share the output

=> printenv mmcdev
=> printenv bootpart
=> ls mmc $mmcdev:1
=> ls mmc $mmcdev:2 /boot

Regards,

Prashant

0 Weijun Zhu over 1 year ago in reply to Prashant Shivhare

Prodigy 70 points

sure, all are listed below:

=> printenv mmcdev
mmcdev=1
=> printenv bootpart
bootpart=1:2
=> ls mmc $mmcdev:1
521430 tiboot3-am64x-gp-evm.bin
524019 tiboot3-am64x_sr2-hs-evm.bin
524019 tiboot3-am64x_sr2-hs-fs-evm.bin
524019 tiboot3.bin
847535 tispl.bin
1006843 u-boot.img
System Volume Information/

6 file(s), 1 dir(s)

=> ls mmc $mmcdev:2 /boot
<DIR> 4096 .
<DIR> 4096 ..
53765120 Image
<SYM> 28 initrd.img
<DIR> 4096 dtb
11333874 vmlinuz-6.6.25-arm64-vyos
<SYM> 25 vmlinuz
<DIR> 4096 grub
13688710 initrd.img-6.6.25-arm64-vyos
241900 config-6.6.25-arm64-vyos
3942599 System.map-6.6.25-arm64-vyos
=>

it looks that we did not have fitimage under boot/

thank you.

Weijun

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Weijun Zhu said:
it looks that we did not have fitimage under boot/

Yes. That explains the failure.

How are you flashing the rootfs to SD card? The prebuilt WIC image already comes with Kernel fitimage in the boot directory

=> ls mmc 1:2 /boot
<DIR>       4096 .
<DIR>       4096 ..
<DIR>       4096 EFI
<SYM>         24 Image
        20302336 Image-6.1.46-g247b2535b2
<DIR>       4096 dtb
<SYM>         27 fitImage
         8686514 fitImage-6.1.46-g247b2535b2

0 Weijun Zhu over 1 year ago in reply to Prashant Shivhare

Prodigy 70 points

Hi Prashant,

We are using ti-bdebstrap to build custom bootstrap images for TI platforms.

we use our buildvyosti.sh script instead of default build.sh to build bsp images with am64x_bookworm_09.00.00.006 package.

then use create-sdcard.sh to create SD card.

I did use the same scripts as what I did for HSFS before.

I will compare our buildvyosti.sh with build.sh to figure out what problem it is. I did not pay any attention to it though.

Regards

Weijun

update after hours:

By comparing buildvyosti.sh and build.sh and check out the root file system of tisdk-bookworm-am64x-am64xx-evm-rootfs/.

there is not a fitIamge file under boot/.

It sounds that ti-bdebstrap only takes care of bootstrap images and does not take care of kernel and fitImage though.

Hi Prashant,

What do you recommend us to do test with my current HSSE device?

Regards

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Hi Weijun,

Weijun Zhu said:
It sounds that ti-bdebstrap only takes care of bootstrap images and does not take care of kernel and fitImage though.

I am not the expert on these supposedly Yocto things. So, I don't really know if this is expected or not. You may raise this query on a separate thread so it could be assigned to the right expert.

For now, you can actually generate the FitImage manually from the Linux Kernel and DTB.

https://software-dl.ti.com/processor-sdk-linux/esd/AM64X/latest/exports/docs/linux/Foundational_Components_Kernel_Users_Guide.html#fitimage-for-hs

On another note, the things were working on HSFS because U-Boot loads the Kernel Image, DTB as separate images. It uses fitimage only on HSSE.

https://software-dl.ti.com/processor-sdk-linux/esd/AM64X/latest/exports/docs/linux/Foundational_Components_Migration_Guide.html#linux-kernel

Regards,

Prashant

0 Weijun Zhu over 1 year ago in reply to Prashant Shivhare

Prodigy 70 points

Hi Prashant,

I created a fitImage following instructions of link

https://software-dl.ti.com/processor-sdk-linux/esd/AM64X/latest/exports/docs/linux/Foundational_Components_Kernel_Users_Guide.html#fitimage-for-hs

with message of mkimage: verify_header failed for FIT Image support with exit code 1.

the fitImage fails to boot up with dumping information below:

U-Boot 2023.04 (Jun 13 2024 - 12:24:08 -0400)

do you have any idea about it?

have a good weekend.

Weijun

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Hi Weijun,

Weijun Zhu said:
with message of mkimage: verify_header failed for FIT Image support with exit code 1.

Do you mean the mkimage itself failed to create the correct fitImage on the host machine?

Regards,

Prashant

0 Weijun Zhu over 1 year ago in reply to Prashant Shivhare

Prodigy 70 points

Hi Prashant,

yes, you are right. we can boot up our AM64x EVM board(HSSE state) with fitImage-6.1.33-g40c32565ca which is from Ti though.

addition information:

mkimage -l fitImage-my-2024-06-14

GP Header: Size d00dfeed LoadAddr 139c29b

Thank you.

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Hi Weijun,

Can you please once go through the following thread which discusses booting FIT image on HSSE device

https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1345798/processor-sdk-am62x-am6231-secure-boot-hs-se-verifying-hash-integrity-fit_config_verify_required_keys-no-signature-node-found-fdtd-bad-data-hash

There is also a reference FIT image config is available in the PSDK as shown

❯ cat ~/ti/psdk/am64x/09.02.01.10/board-support/prebuilt-images/am64xx-evm/fitImage-its-am64xx-evm
/dts-v1/;

/ {
        description = "Kernel fitImage for Arago/6.1.83+gitAUTOINC+c1c2f1971f/am64xx-evm";
        #address-cells = <1>;

        images {
                kernel-1 {
                        description = "Linux kernel";
                        data = /incbin/("linux.bin");
                        type = "kernel";
                        arch = "arm64";
                        os = "linux";
                        compression = "gzip";
                        load = <0x81000000>;
                        entry = <0x81000000>;
                        hash-1 {
                                algo = "sha512";
                        };
                };
                fdt-ti_k3-am642-sk.dtb {
                        description = "Flattened Device Tree blob";
                        data = /incbin/("arch/arm64/boot/dts/ti/k3-am642-sk.dtb");
                        type = "flat_dt";
                        arch = "arm64";
                        compression = "none";
                        load = <0x83000000>;
                        hash-1 {
                                algo = "sha512";
                        };
                };
                fdt-ti_k3-am642-evm.dtb {
                        description = "Flattened Device Tree blob";
                        data = /incbin/("arch/arm64/boot/dts/ti/k3-am642-evm.dtb");
                        type = "flat_dt";
                        arch = "arm64";
                        compression = "none";
                        load = <0x83000000>;
                        hash-1 {
                                algo = "sha512";
                        };
                };
                fdt-ti_k3-am642-evm-icssg1-dualemac.dtbo {
                        description = "Flattened Device Tree blob";
                        data = /incbin/("arch/arm64/boot/dts/ti/k3-am642-evm-icssg1-dualemac.dtbo");
                        type = "flat_dt";
                        arch = "arm64";
                        compression = "none";
                        load = <0x83080000>;
                        hash-1 {
                                algo = "sha512";
                        };
                };
                fdt-ti_k3-am642-evm-nand.dtbo {
                        description = "Flattened Device Tree blob";
                        data = /incbin/("arch/arm64/boot/dts/ti/k3-am642-evm-nand.dtbo");
                        type = "flat_dt";
                        arch = "arm64";
                        compression = "none";
                        load = <0x83080000>;
                        hash-1 {
                                algo = "sha512";
                        };
                };
                fdt-ti_k3-am642-evm-icssg1-dualemac-mii.dtbo {
                        description = "Flattened Device Tree blob";
                        data = /incbin/("arch/arm64/boot/dts/ti/k3-am642-evm-icssg1-dualemac-mii.dtbo");
                        type = "flat_dt";
                        arch = "arm64";
                        compression = "none";
                        load = <0x83080000>;
                        hash-1 {
                                algo = "sha512";
                        };
                };
        };

        configurations {
                default = "conf-ti_k3-am642-sk.dtb";
                conf-ti_k3-am642-sk.dtb {
                        description = "1 Linux kernel, FDT blob";
                        kernel = "kernel-1";
                        fdt = "fdt-ti_k3-am642-sk.dtb";



                        hash-1 {
                                algo = "sha512";
                        };
                        signature-1 {
                                algo = "sha512,rsa4096";
                                key-name-hint = "custMpk";
                                padding = "pkcs-1.5";
                                sign-images = "kernel", "fdt";
                        };
                };

                conf-ti_k3-am642-evm.dtb {
                        description = "0 Linux kernel, FDT blob";
                        kernel = "kernel-1";
                        fdt = "fdt-ti_k3-am642-evm.dtb";



                        hash-1 {
                                algo = "sha512";
                        };
                        signature-1 {
                                algo = "sha512,rsa4096";
                                key-name-hint = "custMpk";
                                padding = "pkcs-1.5";
                                sign-images = "kernel", "fdt";
                        };
                };

                conf-ti_k3-am642-evm-icssg1-dualemac.dtbo {
                        description = "0 FDT blob";

                        fdt = "fdt-ti_k3-am642-evm-icssg1-dualemac.dtbo";



                        hash-1 {
                                algo = "sha512";
                        };
                        signature-1 {
                                algo = "sha512,rsa4096";
                                key-name-hint = "custMpk";
                                padding = "pkcs-1.5";
                                sign-images = "fdt";
                        };
                };

                conf-ti_k3-am642-evm-nand.dtbo {
                        description = "0 FDT blob";

                        fdt = "fdt-ti_k3-am642-evm-nand.dtbo";



                        hash-1 {
                                algo = "sha512";
                        };
                        signature-1 {
                                algo = "sha512,rsa4096";
                                key-name-hint = "custMpk";
                                padding = "pkcs-1.5";
                                sign-images = "fdt";
                        };
                };

                conf-ti_k3-am642-evm-icssg1-dualemac-mii.dtbo {
                        description = "0 FDT blob";

                        fdt = "fdt-ti_k3-am642-evm-icssg1-dualemac-mii.dtbo";



                        hash-1 {
                                algo = "sha512";
                        };
                        signature-1 {
                                algo = "sha512,rsa4096";
                                key-name-hint = "custMpk";
                                padding = "pkcs-1.5";
                                sign-images = "fdt";
                        };
                };
        };
};

Regards,

Prashant

0 Weijun Zhu over 1 year ago in reply to Prashant Shivhare

Prodigy 70 points

Hi Prashant,

~/ti/psdk/am64x/09.02.01.10/board-support/prebuilt-images/am64xx-evm/fitImage-its-am64xx-evm

this is a good example for me.

after I update my fitImage.its, I successfully get my fitImage and boot up Linux kernel.

thank you a lot.

Weijun

0 Prashant Shivhare over 1 year ago in reply to Weijun Zhu

TI__Guru 70871 points

Thanks for the update, Weijun.

Closing the thread...

Processors

Processors forum

PROCESSOR-SDK-AM64X: openssl version