[FAQ] J721S2XSOMXEVM: How to Enable Out of Place authentication in SBL

Part Number: J721S2XSOMXEVM

Tool/software:

How to Enable Out of Place authentication in SBL?

  • Please follow below steps to enable out of place authentication:

    1. In the certificate template you need to <pdk_path>/ti/build/makerules/x509CertificateGen.sh you need to change the authInPlace type to 0 
      ref:https://software-dl.ti.com/tisci/esd/20_04_01/2_tisci_msgs/security/sec_cert_format.html?highlight=encryption#sysfw-load-extension
    2. You need to have a output buffer for that you can increase the size of the DSBL_SCRATCH_MEM_SIZE it can be OCMC or DDR based on the sbl image you are using)eg: <pdk_path>/ti/boot/sbl/sbl_component.mk.

      CUST_SBL_TEST_FLAGS =" -DSBL_LOG_LEVEL=1 -DSBL_SCRATCH_MEM_START=0xB8000000 -DSBL_SCRATCH_MEM_SIZE=0x5000000 -DSBL_ENABLE_PLL -DSBL_ENABLE_CLOCKS -DSBL_ENABLE_DDR -DSBL_SKIP_MCU_RESET -DBOOT_OSPI ${OCM_RAT

      Here i am using CUST SBL and DDR as a scratch memory increased from 0x4000000 to 0x5000000 ;
    3. Make the changes in <pdk_path>ti/boot/sbl/soc/k3/sbl_soc.c to define where the input buffer is present.
    4. Pass the load address while signing the image : 


      x509CertificateGen.sh -b xyz.appimage -o xyz.appimage.signed  -c R5 -l 0x0 -k key.pem -d DEBUG -j DBG_FULL_ENABLE -m SPLIT_MODE -l 0xB8000000
      here we are dividing our DDR scratch memory in to two parts first one is as output buffer and the rest is input buffer.
    5. Rebuild the SBL and boot the device.

    Regards
    Diwakar