• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 99 subscribers
  • Views 263 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

SK-AM62B-P1: Building OTP keywriter with PROFILE=release possible?

Benjamin Gruhler
Prodigy 20 points
Part Number: SK-AM62B-P1


Tool/software:

Dear Support Team,

we are in the progress of getting our own keys into the OTP keywriter.

To build the keywriter we use the makefile, like described in the  "AM62X_OTP_Keywriter_User_Guide", with "make -sj PROFILE=debug".

But, when inserting both sets of keys (SMEK,SMPK, BMEK, BMPK), the size of primary_cert.bin exceeds the length of 5400 bytes. So we would need to program the keys in an incremental way.

Would it also be possible to use the PROFILE=release option to use the size optimization, or is this not recommend for the keywriter?

This would be nice, because we would love to speed up the programming for our devices.

Best Regards

Benjamin

  • 0
    TI__Guru 73881 points

    Hello,

    Benjamin Gruhler said:
    But, when inserting both sets of keys (SMEK,SMPK, BMEK, BMPK), the size of primary_cert.bin exceeds the length of 5400 bytes.

    It looks like you may not be using the correct OpenSSL version because the certificate generation is tested for One Shot (program everything at once) with the tools versions mentioned in the user guide.

    For reference, following are the certificate generation logs with OpenSSL v1.1.x showing sizes of the primary & secondary certificate within 5400 bytes.

    ❯ ./gen_keywr_cert.sh -t tifek/ti_fek_public.pem --msv 0xC0FFE -s-def --smek-def -b-def --bmek-def --keycnt 2 --keyrev 1
# Using MSV[19:0]: 0x000C0FFE
INFO: Using default SMPK for programming
INFO: Using default SMEK for programming
INFO: Using default BMPK for programming
INFO: Using default BMEK for programming
# Using Key Count: 0x00000003
# Using Key Rev: 0x00000001
Generating Dual signed certificate!!
GEN: AES256 key generated, since not provided
# encrypt aes256 key with tifek public part
# encrypt SMPK-priv signed aes256 key(hash) with tifek public part
# encrypt smpk-pub hash using aes256 key
writing RSA key
# encrypt smek (sym key) using aes256 key
# encrypt BMPK-priv signed aes256 key(hash) with tifek public part
# encrypt bmpk-pub hash using aes256 key
writing RSA key
# encrypt bmek (sym key) using aes256 key
1668    secondary_cert.bin
5383    primary_cert.bin
7051    ../../x509cert/final_certificate.bin
# SHA512 Hashes of keys are stored in verify_hash.csv for reference..

    Regards,

    Prashant

  • 0 in reply to Prashant Shivhare
    Prodigy 20 points

    Thanks for the fast reply - I'll have to doublecheck that.

    We are using OpenSSL 3.0.15, and with the certificate creation command you where referring to, we got  5414 bytes for primary_cert.bin

    # encrypt bmek (sym key) using aes256 key
1701    secondary_cert.bin
5414    primary_cert.bin
7115    ../../x509cert/final_certificate.bin
# SHA512 Hashes of keys are stored in verify_hash.csv for reference..

  • +1 in reply to Benjamin Gruhler
    TI__Guru 73881 points

    Hi,

    Benjamin Gruhler said:
    We are using OpenSSL 3.0.15

    This is incompatible version. The OpenSSL version should be as mentioned in the user guide which is OpenSSL v1.1.x.