AM62P: Secure Boot key usage replacement

Hi Prashant,

Thanks for clarification.

For Secure Boot keys usage, we have another question:

As we know for HS-FS device, the customer keys are not injected, so the secure boot will use TI Root key set (MPK / MEK) to sign the TIFS and R5F_DM images. I think this is clear.

But for HS-SE device, after Customer keys injected, for TIFS and R5F_DM image, will use which keys? also use TI root keys (MPK and MEK)  or Customer Keys (SMPK / SMEK).

According to this diagram, the TIFS image of HE-SE, does it mean signed by TI root keys firstly, and sign with customer keys again?

 The confused info is according to below diagram, for HS-SE device, the TI keys will be invalid, does it mean after customer keys injected, the TI root keys will be never used any more?

BR

Tim.

Hello Prashant,

Almost clear for this.

The SBL and other user application image will be signed and encrypted by customer keys, but for TIFS, seems also have conflict info in "K3 Security Hardware Architecture" (SPRUIM0C.pdf) - chapter 9 Security Booting Flow:

could you help to confirm? 

BR.

Tim

Hi Prashant,

Thanks for clarify, So for AM62Px SoC, the TIFS is only need to signed and encrypted by TI root Key set. no need to use Customer keys sign again. during secure boot, the Secure ROM will only use MPK to verify it directly. 

For SBL image, Secure Rom will verify it use SMPK/BMPK;

For other images, TIFS will verify them use SMPK/BMPK too.

BR.

That is correct.

Hello Prashant, 

Because the TIFS is only signed by TI MPK, I think TI will use RSA4096 private key,  If yes:

1. The image from TI SDK, the TIFS image's certificate or signature is available, correct? because customer don't have TI MPK private key, cannot sign it. So I guess it is available yet for customer.

2. what about the padding of RSA4096: also use PCKS v1.5 or PSS?

3. From AM62Px MCU+ SDK, where we can found the TIFS images and its Cert?

Thanks

BR.

Tim.

Hello Prashant,

For am62px SDKs, we only have the binary file of TIFS, is there any diagram or architecture to introduce it?

we got the TIFS package of am263px, its SW component as below:

for am62px TIFS, is there mainly differences compared with this? 

Thanks

BR

Hello,

AM62P and AM263 are two different devices with different architectures. The TIFS is a closed source software and so provided as binary blobs only in the SDKs.

Hello 

For other images (except TIFS), will be signed by customer private key (SMPK), and will be verified by Customer public key SMPK during Secure boot, this SMPK public key will included in X.509 Cert, so the OTP area only have SMPK hash is enough, the hash is only used to verify the SMPK (from X.509 Cert) validation. at the end will use the SMPK public (from X.509 Cert) to verify the images signature. I think this process it clearly and reasonably.

But for TIFS, The TIFS image is signed by TI MPK (private), and the Signature also included in SDK. then during secure boot sequence, I think it will be verified by Secure ROM used TI MPK (public). but the OTP area, it only stored TI MPK hash, do not stored MPK key itself, how to verify it?

OR whether TI provide the TI MPK combined in TIFS X.509 Cert? If yes, that means all of the device, will use the same MPK? This is not reasonable.

BR.

The X.509 certificate itself contains the public key which is applicable for both normal images and TIFS certificate. The Secure ROM extracts the TI MPK public key from the certificate, calculates the SHA512 hash, and matches it with the SHA512 hash of the TI MPK programmed in the efuses.

Thanks for clarification.

So the TI MPK is fleet key available for all devices? not device unique key.

BR

hello Prashant,

We found `tiboot3.bin` in the SDK, which is a combined binary file signed by SYSFW. I believe it was generated by the script "rom_image_gen.py", but upon examining the script, I found that it uses the key `custMpk.pem` instead of TI MPK. This confuses me; which key does the TIFS format actually use?

Or, does this mean that the files "sysfw-hs-enc-cert.bin" and "sysfw-hs-enc.bin" are each signed by TI-MPK and encrypted by TI-MEK from original SYSFW, then used as input to the "rom_image_gen.py" script, which then signs them again using `custMPK`? The final result is the `tiboot3` file.

Thanks.

Tim Wang said:

Or, does this mean that the files "sysfw-hs-enc-cert.bin" and "sysfw-hs-enc.bin" are each signed by TI-MPK and encrypted by TI-MEK from original SYSFW, then used as input to the "rom_image_gen.py" script, which then signs them again using `custMPK`?

The images themselves aren't signed but the certificate only. The "sysfw-hs-enc.bin" is just the SYSFW binary encrypted by the TI-MEK while "sysfw-hs-enc-cert.bin" is the corresponding certificate signed by the TI-MPK.

These blobs are just concatenated to the SBL binary and their hashes are put into the outer certificate signed by "custMpk". The certificate signed by the "custMpk" are concatenated with the SBL binary, SYSFW blobs, Board configuration blob to make the "tiboot3.bin"

Yes, only the Cert has to be signed. my description has a mistake.

So according to your comment, all binary file combined and calculate a new hash, it will be merged into the outer Cert, and then this outer Cert will be signed by custMPK, this new sign will be part of the outer Cert. this outer Cert also include custMPK.

At the end, the outerCert, SBL_enc, SYSFW_enc, SYSFW_enc_Cert, board cfg... will be combined as tiboot3.

During Secure boot, this tiboot3 file will be parsed by public ROM, and the outer Cert will be verified by Secure ROM firstly?

The SYSFW_enc_cert will be verified by TI-MPK. The SYSFW_enc will be decrypted by TI-MEK stored in OTP.

Am I understanding correct?

Thanks very much!