Other Parts Discussed in Thread: SYSCONFIG
Tool/software:
Hi Team,
Im trying to write keys to efuse and migrate the device to HS-SE, what have done is attached below ,
>>>> use keys from keys_devl for testing purpose
>>>> ./gen_keywr_cert.sh -t tifek/ti_fek_public.pem --msv 0xC0FFE -b keys_devel/bmpk.pem
--bmek keys_devel/bmek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key --keycnt
2 --keyrev 1
>>>>mek.key -s keys_devel/smpk.pem --smek keys_devel/smek.key --keycnt 2 --keyrev 1
# Using MSV[19:0]: 0x000C0FFE
# Using Key Count: 0x00000003
# Using Key Rev: 0x00000001
Generating Dual signed certificate!!
GEN: AES256 key generated, since not provided
# encrypt aes256 key with tifek public part
The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.
# encrypt SMPK-priv signed aes256 key(hash) with tifek public part
The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.
The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.
# encrypt smpk-pub hash using aes256 key
writing RSA key
# encrypt smek (sym key) using aes256 key
# encrypt BMPK-priv signed aes256 key(hash) with tifek public part
The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.
The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead.
# encrypt bmpk-pub hash using aes256 key
writing RSA key
# encrypt bmek (sym key) using aes256 key
1701 secondary_cert.bin
5414 primary_cert.bin
7115 ../../x509cert/final_certificate.bin
# SHA512 Hashes of keys are stored in verify_hash.csv for reference..
>> ~/ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/scripts/x509cert$ python3 ../../../../../tools/bin2c/bin2c.py final_certificate.bin keycert.h KEYCERT
Traceback (most recent call last):
File "/ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/scripts/x509cert/../../../../../tools/bin2c/bin2c.py", line 13, in <module>
* Copyright (C) ''' + sys.argv[4] +''' Texas Instruments Incorporated
IndexError: list index out of range
>>~/ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/scripts/x509cert$ python3 ../../../../../tools/bin2c/bin2c.py final_certificate.bin keycert.h KEYCER 2022
>> then it genearted keycert.h in /scripts/x509cert path
>> then clean and build tiboot3
>>:~/ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang$ make -sj clean PROFILE=debug
Cleaning: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out ...
>> ~/ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang$ make -sj PROFILE=debug
Generating SysConfig files ...
Running script...
Validating...
Generating Code (example.syscfg)...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_dpl_config.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_dpl_config.h...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_drivers_config.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_drivers_config.h...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_drivers_open_close.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_drivers_open_close.h...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_pinmux_config.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_power_clock_config.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_board_config.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_board_config.h...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_board_open_close.c...
Writing /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/generated/ti_board_open_close.h...
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: ../main.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: ../keywriter_utils.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: ../board.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_drivers_config.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_drivers_open_close.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_board_config.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_board_open_close.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_dpl_config.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_pinmux_config.c
Compiling: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out: generated/ti_power_clock_config.c
.
Linking: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out ...
Linking: am62x:r5fss0-0:nortos:ti-arm-clang sbl_keywriter.debug.out Done !!!
.
Boot image: am62x:r5fss0-0:nortos:ti-arm-clang /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/sbl_keywriter.debug.tiimage ...
Boot image: am62x:r5fss0-0:nortos:ti-arm-clang /ti/mcu_plus_sdk_am62x_09_02_01_06/source/security/sbl_keywriter/am62x-sk/r5fss0-0_nortos/ti-arm-clang/sbl_keywriter.debug.tiimage Done !!!
-------------------------------------------------------------
Q1. When i flashed the tiboot3 it doesn't seems to boot and log is not visible , when checked with document its seems that can only write 5400 bytes in shot, then how should i write bmpk smpk keys and pem.
Q2. Should i generate each tiboo3 and flash for every smpk , bmpk without exceeding 5400 bytes, how do it properly ?.
Q3. Is vpp 1.8 will enable at time for flashing tiboot3.?
regards,
-RJ
