PROCESSOR-SDK-AM62X: How to use custMpk.key to encrypt binary files in Linux_SDK?

Pengfei Lu

Tool/software:

Regarding the above flowchart, there is the relevant implementation logic process in MCU_SDK, just set ENC_ENABLED to "yes". But in the LINUX_SDK in uboot/board/ti/keys file below custMpk. CRT, custMpk. Key, custMpk. Pem; So far we have only used custMpk.pem to sign a binary, how can we use custMpk.key to encrypt a binary? Does custMpk.crt play a role in building uboot? Even if uboot/board/ti/keys only have custMpk.pem and ti-degrade-key.pem, uboot can still be built

9 months ago

0 Hong Guan64 9 months ago

TI__Guru 65445 points

The "optional" binary decryption on the first stage binary (i.e. tiboot3.bin) by ROM and the next stage binary (i.e. tispl.bin, u-boot.img...) by TIFS are currently not supported out-of-box in AM62x Linux SDK.
Best,
-Hong

0 Pengfei Lu 8 months ago in reply to Hong Guan64

Prodigy 120 points

So can the user develop binman and uboot in AM62x_Linux_SDk, so as to realize the same binary encryption and decryption function as on MCU? At the moment, I don't know how to operate binman to encrypt binary files and pass iv and RS parameters to the certificate template of openssl.py

0 Hong Guan64 8 months ago in reply to Pengfei Lu

TI__Guru 65445 points

Here're relevant changes on adding binman support of signing binary. Hopefully helpful for your work on adding binary encryption/decryption.
https://git.ti.com/cgit/ti-u-boot/ti-u-boot/commit/?id=ce46f5199033ee2e9d8ea56d70d930c3d3302a6e
https://git.ti.com/cgit/ti-u-boot/ti-u-boot/commit/?id=78144826bb8209df0a703a4a0dd88f7b57ad12cb
Best,
-Hong

Processors

Processors forum

PROCESSOR-SDK-AM62X: How to use custMpk.key to encrypt binary files in Linux_SDK?