• State TI Thinks Resolved
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 98 subscribers
  • Views 750 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

SPI and USB in Secure Kernel

Tuyen Nguyen
Prodigy 180 points
Other Parts Discussed in Thread: OMAP-L138, TMS320C6748

Hi TI experts,

I am working on secure boot for an application which runs on C6748 E version. And I really appreciate for your support on the following problems.

1. I am writing a sample application which simply prints something over UART0. I generate the application AIS with bootExitType = SECUREWITHSK. When I boot the AIS from UART0, it runs well. When I flash it to SPI memory and config RBL to boot it from SPI memory, the application does not show any response. With the same application, if AIS is generated with bootExitType = NONSECURE and flashed into SPI and booted from there, it runs well.

So my question is "Can application booted from SPI run in Secure Kernel?"

I can misunderstand but "TMS320C6748/OMAP-L138 Security User’s Guide" seems to tell me that application can switch between secure and non-secure?

2. I have an simple application that can receive and send data through USB bulk (device mode). The application runs well. But when I boot it through UART0 with bootExitType = SECUREWITHSK, the application hangs as soon as I enable global interrupt IntDSPINTCInit();

I don't know what is happening with USB in secure kernel. Am I allowed to do so?

All applications are developed based on StarterWare without BIOS.

Thank you very much for your support.

Best regards,

Tuyen Nguyen

  • 0
    TI__Guru** 116170 points

    Can you attach your ini file that you used for creating the SPI AIS boot image and the UART AIS image. I wish to check the IOPU and MPU settings.

     Are you doing some device configuration related to UART (PLL, PINMUX settings)in code that is not taking effectin secure kernel mode. Can you single step in your code to see if all SYSCFG register settings are the same in both the SECURE and NONSECURE modes. When secure kernel is enabled due to memory protection mechanism or IO protection mechanism sometimes device level settings may not take effect as expected. Can you try to put all of these settings in the ini file instead of the code, this will make sure that the ROM code does all the device settings rather than application code.

    Is there a reason why you want to exit secure boot in secure kernel mode. Unless you have to use an encrypted module, you should exit the secure boot device in Nonsecure mode so that application can run without any memory protection or IO protection restrictions.

    In general, an application booted from SPI should be able to run in secure kernel mode and application can switch from secure to non-secure using the SK_switchNonSec API.

    Even in case of the global interrupt initialization,can you boot over UART with BootExitType as SECUREWITHSK but use JTAG to analyze this issue. I believe the syscfg registers are protected in secure kernel mode and provide access only to secure supervisor (ROM code or secure kernel APIs).DSPINTCInit initializes and tries to write to some of the syscfg registers so I think this might be issue there as well. Once you send the ini file, I might be able to send you further instructions.

    If you could connect JTAG and get me the difference in the SYSCFG register when in SECUREKERNEL mode and in NONESECURE mode,  it might be useful info for me to debug.

    Regards,

    Rahul

  • 0 in reply to Rahul Prabhu
    Prodigy 180 points

    Dear Mr. Rahul,

    Thanks a lot for your detailed response! I suspected that it was because of MPU and IOPU but I am really dump about these two. So first step, to save your time I will look into these two guys and follow your suggestions one by one. In case I am still stuck, I will bother you more.

    Thanks in advance.

    Tuyen Nguyen