TDA4VM: TDA4VM: HS-FS chip with no secure boot

Hi Expert 

We are currently testing a TDA4VM 5C HS-FS customer board. With the image combination below, we are not seeing any boot logs when using SDCARD boot mode:

(1) SDCARD Boot Configuration for 5C HS-FS:

• Replace sysfw-j721e_gp-evm.itb
  ➜ with sysfw-j721e_sr2_0-hs-fs-evm.itb

• Replace tiboot3-j721e-gp-evm.bin
  ➜ with tiboot3-j721e-sr2_0-hs-fs-evm.bin

• All other images remain as GP versions

=>Result: No UART log output is observed in SDCARD boot mode.

(2) UART Boot Mode:

When switching to UART boot mode, UART log output is visible, and the device prints  string, for example:

02000000011a00006a376573000000000000000048534653010901000109010002a600000000000078ec546294cdf3fc0bfbbb146bf8621bd4d1c312f1bc76b67811e1c5dcbe820067f4156a94c70d9cbae981aa4cce04b7f83390ed79f92e8448d72881fe37f830ad0bc40b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd3ada1f7aa6b24c10a56e65e294a9ec05ac2662dc4bdd422e836e9b05e88339C

Please advise any modify for SDCARD boot.

BR

JAY

Hi Jay,

• Once functional verification is complete, we will proceed to program the device with Keywriter, effectively converting it to a  HS-FS state.

I hope it is a typo and you will convert the sample to HS-SE state.

Jay Sun said:

Our question is whether it is acceptable for early-stage HS-FS bring-up to temporarily use GP-signed images (except tiboot3 and sysfw).

Yes you can use that , as the keys are not fused onto the device secure boot is not enforced. 

Regards
Diwakar

Hi

We also compiled with the OTP_KEYWRITER_ADD_ON_j721e_sr2_09_02_00_05-linux-installer.run version and found that there is no output from either the MCU domain or the WKUP domain serial ports after performing the keywriter burn-in.

Hi Diwakar 

Diwakar Dhyani said:

I hope it is a typo and you will convert the sample to HS-SE state.

Jay Sun said:

Our question is whether it is acceptable for early-stage HS-FS bring-up to temporarily use GP-signed images (except tiboot3 and sysfw).

Yes you can use that , as the keys are not fused onto the device secure boot is not enforced. 

• Yes, that was a typo — the sample will indeed be converted to HS-SE state later.

• However, based on our current test results, we are still unable to successfully boot the HS-FS device using this image combination.
  Is there anything else we need to modify or check to enable boot?

BR
Jay

Hi Jay,

Jay Sun said:

Replace tiboot3-j721e-gp-evm.bin
➜ with tiboot3-j721e-sr2_0-hs-fs-evm.bin

You mentioned that you are trying this on a Customer board. The tiboot3.bin is the name of the bootloader binary, and the appropriate version of the customer bootloader binary needs to be used.

You cannot use the TI EVM bootloader.

The first part of the boot flow starts from tiboot3.bin. Please use a JTAG to connect to the MCU R5F core, and see where the PC is. It would give a hint whether the MCU R5F is still in Public ROM (0x418xxxxx) or has launched the tiboot3.bin successfully (0x41Cxxxxxx). 

regards

Suman

Hi

I used my own uboot.img and recompiled the keywriter, but I commented out the OTP_VppEn(); and

status = Sciclient_otpProcessKeyCfg((uint32_t *)keywriter_cert,
                                    SCICLIENT_SERVICE_WAIT_FOREVER,
                                    &debug_response);

code segment in the source code to test whether the board has entered the keywriter burn-in process. However, there are no logs printed on the serial port. The image is the log captured by JTAG. How can I confirm where the program is running? Could you please help analyze this?

Br

zhangbo

Hi

I made the changes following this link ([FAQ] TDA4VM-Q1: SR2.0 update Keywriter process) and added my own logs, but strangely only the middle part of the logs is printed out. The logs I added at the beginning and the end are not printed, and it seems that the state of the keywriter is also not correct.Below are the images with added logs and debugging results。

Br

zhangbo

HI zhangbo

I notice we have two separate topics in this discussion:

1. The process of booting High Security-Field Securable (HS-FS).
2. The procedure for running the Key Writer utility on HS-FS devices

To better address your concerns, could you please clarify which specific topic you'd like to focus on first?

Regards
Diwakar

Hi Diwakar

Thanks for outlining the two topics.

Let me clarify our background and current focus:

Background

We have already completed bring-up on the same customer board using a TDA4VM GP (GC) device.
All hardware functions are working correctly in that setup.

Now we’ve swapped the SoC to a 5C HS-FS device, and we’re using the same Linux PDK build, with only the following image changes:

• sysfw → sysfw-j721e_sr2_0-hs-fs-evm.itb

• tiboot3.bin → tiboot3-j721e-sr2_0-hs-fs-evm.bin
  (All other images remain GP versions.)

 Current Issue

With this setup, the HS-FS board fails to boot, and we do not see any UART log when booting from SD card.

We also tried UART boot mode and confirmed the device shows UART log as above mention.

 Alternative Action

Since boot isn't working, we’ve started evaluating Key Writer to convert the device to HS-SE, in hopes of proceeding with signed images.

 Our Question

To get the board to boot and verify functions:

• Should we continue debugging the HS-FS boot flow?

• Or is it better to run Key Writer first and work with HS-SE?

Any documentation or guidance on recommended steps would be greatly appreciated.

BR
Jay

Hi

Sorry, let's discuss the second question further e2e.ti.com/.../5870486 This is discussed above

Hi Zhang,

What are these two pictures representing?

The right-side picture showcases that you are still stuck in MCU ROM code, implying your tiboot3.bin image is not signed properly or has authentication issues.

Your left-side picture shows the MCU R5F in an exception state, not sure when this was arrived at.

regards

Suman

Hi Zhang,

zhang bo said:

Sorry, let's discuss the second question further e2e.ti.com/.../5870486 This is discussed above

Yes, this is the recommended approach to keep the discussion streamlined to only one issue.

Please confirm/clarify whether you are using the tiboot3-j721e-sr2_0-hs-fs-evm.bin built for TI EVM or your custom board?

regards

Suman

Hi Zhang,

zhang bo said:

and we can boot up normally now,

OK, glad to see that this issue is resolved. It is not clear what change made the boot work. Can you elaborate on what step was missed?

zhang bo said:

but we still cannot burn the keywriter into the device. We need to continue researching the issue of keywriter programming

OK. The KeyWriter programming can be discussed on the separate thread that you have on the topic.

regards

Suman