Tool/software:
Hi ,
I’m working with a Yocto build for the AM623, which generates tiboot3 images for both HS-SE and HS-FS variants. I have the following questions:
1.Why is there no specific HS-SE build for tispl.bin and u-boot.img?
2.How does the chain of trust work across these boot stages?
3.Since the same tispl.bin and u-boot.img are used for both HS-SE and HS-FS devices, does the boot process skip authentication on HS-FS?
4.On an HS-FS device, can it boot using a signed tiboot3-hs.bin image?
5. I performed a test using two builds with different keys. One build successfully boots on my HS-SE device, while the other—signed with a different SMPK key—does not. In my test, I took only the tiboot3-hs.bin file from the working build and used it to boot the device. This booted successfully. Then, I loaded the tipsl.bin from the other (incorrect) build, and encountered an error in the log. Can you explain what is actually happening here? Specifically, how do these binaries determine the root of trust? Log is attached below.
U-Boot SPL 2023.04-ti- g2bedcd265ca6 (Dec 07 2024 - 07:04:35 +0000)
SYSFW ABI: 4.0 (firmware rev 0x000a '10.1.8--v10.01.08 (Fiery Fox)')
SPL initial stack usage: 13408 bytes
Trying to boot from DFU
###########################################################DOWNLOAD ... OK
Corl+C to exit
...
ti sci system-controller@44043000: Message not acknowledgedAuthentication failed!
### ERROR ### Please RESET the board ###
Regards,
RJ
