[FAQ] J721S2: How to Enable HSM Boot Using eMMC UDA Partition on HS Device

Diwakar Dhyani

Part Number: TDA4VM

By default, the SBL does not support HSM boot when using eMMC UDA (User Data Area) partition on High Security (HS) devices.
The HSM boot support was only available for MMCSD, OSPI NOR, OSPI NAND, and UART boot modes.

15 days ago

+1 Diwakar Dhyani 15 days ago

TI__Guru 58955 points

This document describes two patches that enable High Security (HS) boot functionality when using the eMMC UDA partition on J721S2, J784S4, and J742S2 devices.

### 1. 0001-Add-sbl_emmc_uda_img_hs-build-support.patch

This patch adds build support for the HS variant of the eMMC UDA SBL.

https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/0001_2D00_Add_2D00_sbl_5F00_emmc_5F00_uda_5F00_img_5F00_hs_2D00_build_2D00_support.patch

### 2. 0002-Add-HSM-binary-loading-support-for-eMMC-UDA.patch

This patch implements HSM binary loading support for eMMC UDA boot mode.

https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/0002_2D00_Add_2D00_HSM_2D00_binary_2D00_loading_2D00_support_2D00_for_2D00_eMMC_2D00_UDA.patch

## Prerequisites

- TI Processor SDK RTOS for J721S2/J784S4/J742S2
- HS device or HS-FS device with appropriate signing keys
- eMMC with UDA partition formatted as FAT file system
- Valid HS signing certificate key configured as `SBL_CERT_KEY_HS`

## How to Apply the Patches

git am 0001-Add-sbl_emmc_uda_img_hs-build-support.patch
git am 0002-Add-HSM-binary-loading-support-for-eMMC-UDA.patch

## Building the HS eMMC UDA SBL

make sbl_emmc_uda_img_hs BOARD=j721s2_evm

Copy generated sbl_emmc_uda_img_mcu1_0_release.tiimage as tiboot3.bin in your boot partition of emmc UDA. Copy tifs.bin(HS binary), hsm.bin. Change the boot mode to emmc UDA and boot.

Dummy HSM binary can be found at:

<RTOS_SDK>/<pdk>packages/ti/boot/sbl/tools/hsm.bin

Processors

Processors forum

[FAQ] J721S2: How to Enable HSM Boot Using eMMC UDA Partition on HS Device