OMAP L138E Secure Boot problem with starting in SECURE_WITH_SK mode

Karol Szumski

Other Parts Discussed in Thread: OMAPL138

I'm currently trying to encrypt my key with KEK and send back the whole encrypted header over UART.

I've made a program that works on a secure device (while in NONSECURE boot mode) that configures the hardware (pinmux, clocks, uart, gpio) and sends the part of the memory where the encrypted header will be over UART. This works.

For the SECURE_WITH_SK boot I've changed the main() function to read:

void main( void ) {
encrypted = SK_setUserKey( keystruct );
SK_switchNonSec( main_non_sec );
}

all the code from the tested program is in main_non_sec(), which means hardware init, UART communication and status notification via LEDs turned on/off with GPIO.

The .ini for SecureHexAIS (simple test keys for now, just to make sure it works) contains this:

[General]
busWidth=8
BootMode=UART
crcCheckType=NO_CRC
seqReadEn=ON

[Security]
securityType=GENERIC
bootExitType = SECUREWITHSK
encryptSections=ALL
encryptionKey=000102030405060708090A0B0C0D0E0F
genericSHASelection = SHA256

[TAPSCONFIG]
TAPSCFG = 0x0000FFFF

[AIS_Set]
TYPE = 2
ADDRESS = 0x80000000
DATA = 0xBE40C0DE
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x80000004
DATA = 0x00000000
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x80000008
DATA = 0x00000001
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x8000000C
DATA = 0x01234567
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x80000010
DATA = 0x10111213
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x80000014
DATA = 0x14151617
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x80000018
DATA = 0x18191A1B
SLEEP = 128

[AIS_Set]
TYPE = 2
ADDRESS = 0x8000001C
DATA = 0x1C1D1E1F
SLEEP = 128

Yes, the keystruct resides at 0x80000000 and has the NOINIT flag set in the linker. The whole program seems to load and run fine:

(File IO): Read 8700 bytes from file C:\Program Files (x86)\Texas Instruments\SecureHexAIS\DSP_Bootstrap.bin.
(Serial Port): Opening COM1 at 115200 baud...
(AIS Parse): Read magic word 0x41504954.
(AIS Parse): Waiting for BOOTME... (power on or reset target now)
(AIS Parse): BOOTME received!
(AIS Parse): Performing Start-Word Sync...
(AIS Parse): Performing Ping Opcode Sync...
(AIS Parse): Processing command 0: 0x58535920.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Secure key loading, entering secure mode.
(AIS Parse): Processing command 1: 0x58535923.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Setting boot exit mode...
(AIS Parse): Set exit mode to 0x00000001.
(AIS Parse): Processing command 2: 0x5853590D.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Executing function...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 3: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 4: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 5: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 6: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 7: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 8: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 9: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 10: 0x58535907.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading boot table...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): Processing command 11: 0x58535921.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading encoded section...
(AIS Parse): Loaded 7520-Byte section to address 0x80000020.
(AIS Parse): Processing command 12: 0x58535921.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading encoded section...
(AIS Parse): Loaded 84-Byte section to address 0x800026B4.
(AIS Parse): Processing command 13: 0x58535921.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Loading encoded section...
(AIS Parse): Loaded 512-Byte section to address 0x80002800.
(AIS Parse): Processing command 14: 0x58535906.
(AIS Parse): Performing Opcode Sync...
(AIS Parse): Performing jump and close...
(AIS Parse): Secure mode; sending signature.
(AIS Parse): AIS complete. Jump to address 0x80001C00.
(AIS Parse): Waiting for DONE...
(AIS Parse): Boot completed successfully.
(Serial Port): Closing COM1.

However it doesn't work. When I connect with JTAG, the processor is stuck at 0x007F7FF0, which according to the OMAPL138 memory map (taken from SPRS586H) is the DSP L2 ROM, which means it still hasn't left the original bootloader. For a while I thought I might've made a mistake while copying the SK_* functions from the documentation, but putting an infinite loop before SK_setUserKey() makes no difference - the processor is still stuck at 0x007F7FF0 after boot.

over 9 years ago

0 Titusrathinaraj Stalin over 9 years ago

TI__Guru** 116100 points

Dear Karol,
Can you please use the debug gel file and check ?
processors.wiki.ti.com/.../OMAP-L1x_Debug_Gel_Files

0 Karol Szumski over 9 years ago in reply to Titusrathinaraj Stalin

Prodigy 170 points

Print_Device_Info outputs:

C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: | Device Information |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: DEV_INFO_00 = 0x1B7D102F
C674X_0: GEL Output: DEV_INFO_01 = 0x00000000
C674X_0: GEL Output: DEV_INFO_02 = 0x00000017
C674X_0: GEL Output: DEV_INFO_03 = 0x00000025
C674X_0: GEL Output: DEV_INFO_04 = 0x00000000
C674X_0: GEL Output: DEV_INFO_05 = 0x000003E0
C674X_0: GEL Output: DEV_INFO_06 = 0x00000080
C674X_0: GEL Output: DEV_INFO_07-DEV_INFO_08-DEV_INFO_09-DEV_INFO_10-DEV_INFO_11-DEV_INFO_12 = 0-0-5725664-5-27-20
C674X_0: GEL Output: DEV_INFO_13,DEV_INFO_14,DEV_INFO_15,DEV_INFO_16 = 5,1,0,10067
C674X_0: GEL Output: -----
C674X_0: GEL Output: DEV_INFO_17 = 0x00030007
C674X_0: GEL Output: DEV_INFO_18 = 0x0000000E
C674X_0: GEL Output: DEV_INFO_19 =C674X_0: GEL Output: 0C674X_0: GEL Output: 0C674X_0: GEL Output: 0C674X_0: GEL Output: 0C674X_0: GEL Output: 0C674X_0: GEL Output:
C674X_0: GEL Output: -----
C674X_0: GEL Output: DEV_INFO_20 = 0x30303864
C674X_0: GEL Output: DEV_INFO_21 = 0x3830306B
C674X_0: GEL Output: DEV_INFO_22 = 0x30303864
C674X_0: GEL Output: DEV_INFO_23 = 0x3830306B
C674X_0: GEL Output: -----
C674X_0: GEL Output: DEV_INFO_24 = 0x0501401B
C674X_0: GEL Output: DEV_INFO_25 = 0x00575DE0
C674X_0: GEL Output: DEV_INFO_06 = 0x00000080
C674X_0: GEL Output: DEV_INFO_26 = 0x4EA60025
C674X_0: GEL Output:

Print_PLL_Configuration prints:

C674X_0: GEL Output:
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: |              Clock Information             |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output:
C674X_0: GEL Output: PLLs configured to utilize crystal.
C674X_0: GEL Output: ASYNC3 = PLL0_SYSCLK2
C674X_0: GEL Output:
C674X_0: GEL Output: NOTE: All clock frequencies in following PLL sections are based
C674X_0: GEL Output: off OSCIN = 24 MHz. If that value does not match your hardware
C674X_0: GEL Output: you should change the #define in the top of the gel file, save it,
C674X_0: GEL Output: and then reload.
C674X_0: GEL Output:
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: |              PLL0 Information             |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output:
C674X_0: GEL Output: PLL0_SYSCLK1 = 24 MHz
C674X_0: GEL Output: PLL0_SYSCLK2 = 24 MHz
C674X_0: GEL Output: PLL0_SYSCLK3 = 24 MHz
C674X_0: GEL Output: PLL0_SYSCLK4 = 24 MHz
C674X_0: GEL Output: PLL0_SYSCLK5 = 24 MHz
C674X_0: GEL Output: PLL0_SYSCLK6 = 24 MHz
C674X_0: GEL Output: PLL0_SYSCLK7 = 24 MHz
C674X_0: GEL Output: Error: PLL0_SYSCLK2 must equal PLL0_SYSCLK1 / 2
C674X_0: GEL Output: Error: PLL0_SYSCLK4 must equal PLL0_SYSCLK1 / 4
C674X_0: GEL Output:
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: |              PLL1 Information             |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output:
C674X_0: GEL Output: PLL1_SYSCLK1 = 24 MHz
C674X_0: GEL Output: PLL1_SYSCLK2 = 24 MHz
C674X_0: GEL Output: PLL1_SYSCLK3 = 24 MHz
C674X_0: GEL Output:

Print_PSC_Status prints:

C674X_0: GEL Output:
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: |              PSC0 Information             |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output:
C674X_0: GEL Output: State Decoder:
C674X_0: GEL Output: 0 = SwRstDisable (reset asserted, clock off)
C674X_0: GEL Output: 1 = SyncReset (reset assered, clock on)
C674X_0: GEL Output: 2 = Disable (reset de-asserted, clock off)
C674X_0: GEL Output: 3 = Enable (reset de-asserted, clock on)
C674X_0: GEL Output: >3 = Transition in progress
C674X_0: GEL Output:
C674X_0: GEL Output: Module 0:   EDMA3CC (0)        STATE = 0
C674X_0: GEL Output: Module 1:   EDMA3 TC0          STATE = 43
C674X_0: GEL Output: Module 2:   EDMA3 TC1          STATE = 0
C674X_0: GEL Output: Module 3:   EMIFA (BR7)        STATE = 43
C674X_0: GEL Output: Module 4:   SPI 0              STATE = 0
C674X_0: GEL Output: Module 5:   MMC/SD 0           STATE = 43
C674X_0: GEL Output: Module 6:   AINTC              STATE = 0
C674X_0: GEL Output: Module 7:   ARM RAM/ROM        STATE = 43
C674X_0: GEL Output: Module 9:   UART 0             STATE = 43
C674X_0: GEL Output: Module 10:   SCR 0 (BR0/1/2/8) STATE = 0
C674X_0: GEL Output: Module 11:   SCR 1 (BR4)        STATE = 43
C674X_0: GEL Output: Module 12:   SCR 2 (BR3/5/6)    STATE = 0
C674X_0: GEL Output: Module 13:   PRUSS              STATE = 43
C674X_0: GEL Output: Module 14:   ARM                STATE = 0
C674X_0: GEL Output: Module 15:   DSP                STATE = 43
C674X_0: GEL Output:
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: |              PSC1 Information             |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output:
C674X_0: GEL Output: State Decoder:
C674X_0: GEL Output: 0 = SwRstDisable (reset asserted, clock off)
C674X_0: GEL Output: 1 = SyncReset (reset assered, clock on)
C674X_0: GEL Output: 2 = Disable (reset de-asserted, clock off)
C674X_0: GEL Output: 3 = Enable (reset de-asserted, clock on)
C674X_0: GEL Output: >3 = Transition in progress
C674X_0: GEL Output:
C674X_0: GEL Output: Module 0:   EDMA3CC (1)        STATE = 0
C674X_0: GEL Output: Module 1:   USB0 (2.0)         STATE = 43
C674X_0: GEL Output: Module 2:   USB1 (1.1)         STATE = 0
C674X_0: GEL Output: Module 3:   GPIO               STATE = 43
C674X_0: GEL Output: Module 4:   UHPI               STATE = 0
C674X_0: GEL Output: Module 5:   EMAC               STATE = 43
C674X_0: GEL Output: Module 6:   DDR2 and SCR F3    STATE = 0
C674X_0: GEL Output: Module 7:   MCASP0 + FIFO      STATE = 43
C674X_0: GEL Output: Module 8:   SATA               STATE = 0
C674X_0: GEL Output: Module 9:   VPIF               STATE = 43
C674X_0: GEL Output: Module 10:   SPI 1              STATE = 0
C674X_0: GEL Output: Module 11:   I2C 1              STATE = 43
C674X_0: GEL Output: Module 12:   UART 1             STATE = 0
C674X_0: GEL Output: Module 13:   UART 2             STATE = 43
C674X_0: GEL Output: Module 14:   MCBSP0 + FIFO      STATE = 0
C674X_0: GEL Output: Module 15:   MCBSP1 + FIFO      STATE = 43
C674X_0: GEL Output: Module 16:   LCDC               STATE = 0
C674X_0: GEL Output: Module 17:   eHRPWM (all)       STATE = 43
C674X_0: GEL Output: Module 18:   MMC/SD 1           STATE = 0
C674X_0: GEL Output: Module 19:   UPP                STATE = 43
C674X_0: GEL Output: Module 20:   eCAP (all)         STATE = 0
C674X_0: GEL Output: Module 21:   EDMA3 TC2          STATE = 43
C674X_0: GEL Output: Module 24:   SCR-F0 Br-F0       STATE = 0
C674X_0: GEL Output: Module 25:   SCR-F1 Br-F1       STATE = 43
C674X_0: GEL Output: Module 26:   SCR-F2 Br-F2       STATE = 0
C674X_0: GEL Output: Module 27:   SCR-F6 Br-F3       STATE = 43
C674X_0: GEL Output: Module 28:   SCR-F7 Br-F4       STATE = 0
C674X_0: GEL Output: Module 29:   SCR-F8 Br-F5       STATE = 43
C674X_0: GEL Output: Module 30:   Br-F7 (DDR Contr) STATE = 0
C674X_0: GEL Output: Module 31:   L3 RAM, SCR-F4, Br-F6 STATE = 43

Second run of Print_ROM_info shows:

C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: | BOOTROM Info |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: ROM ID: d800k008
C674X_0: GEL Output: Silicon Revision 2.1
C674X_0: GEL Output: Boot pins: 23
C674X_0: GEL Output: Boot Mode: UART1C674X_0: GEL Output: , 24 MHz or 12 MHz input clock
C674X_0: GEL Output:
ROM Status Code: 0x00000000
Description:C674X_0: GEL Output: No error
C674X_0: GEL Output:
Program Counter (PC) = 0x007F7FF0

When the Print_ROM_Info was run for the first time (as part of Run_All) it showed this:

C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: |               BOOTROM Info                |
C674X_0: GEL Output: ---------------------------------------------
C674X_0: GEL Output: ROM ID: d800k008
C674X_0: GEL Output: Silicon Revision 2.1
C674X_0: GEL Output: Boot pins: 23
C674X_0: GEL Output: Boot Mode: UART1C674X_0: GEL Output: , 24 MHz or 12 MHz input clock
Run_All() cannot be evaluated.
Security violation occurred reading 0x11F00700
   at BLCfgStruct=*((unsigned int *) 0x11F00700) [OMAPL1x_debug.gel:199]
   at Print_ROM_Info() [OMAPL1x_debug.gel:65]
   at Run_All()

After some testing it turns out that Print_ROM_Info succedes if ran after Print_PLL_Configuration or Print_PSC_Status and fails if ran after Print_Device_Info or Print_ROM_Info

0 Karol Szumski over 9 years ago in reply to Karol Szumski

Prodigy 170 points

After viewing some other threads on the subject I found info that 0x007F7FF0 is the address of a Secure Kernel infinite loop function that is called when the program does something it's not supposed to. After adding

[MPUCONFIG]
MPUSELECT = 0x000001FF
STARTADDR = 0x00000000
ENDADDR = 0x00000000
MPPAVALUE = 0xFFFFFFFF

[MPUCONFIG]
MPUSELECT = 0x000002FF
STARTADDR = 0x00000000
ENDADDR = 0xFFFFFFFF
MPPAVALUE = 0xFFFFFFFF

to the .ini file the program boots to my code (I can see it stuck on the infinite loop I've put in), but goes back to 0x007F7FF0 when I exit the loop (change a variable in memory using debugger) and call SK_setUserKey() on my data (which resides at 0x80000000). I assume this means that the inital problem was due to some form of memory protection. Unfortunately I'm unable to find more extensive info on what those MPUCONFIG entries actually did (Appendix D of SPRAB41E doesn't cover this command). For now I'll be checking the contents of MPU registers to see whether this problem is also connected to memory protection.

0 Karol Szumski over 9 years ago in reply to Karol Szumski

Prodigy 170 points

Ah, my bad. This new problem was due to me running SK_setUserKey() as if it was the example code, setUserKey().

So to reiterate:

1. The original problem was due to restricted access to shared RAM region. Solved by adding MPUCONFIG sections to .ini file

2. The new problem was due to me making a mistake when reading SPRUGQ9 ( OMAP-L1x Security User's Guide ) and implementing the key encryption incorrectly. Solved (hopefully) by adhering to the guide.

Processors

Processors forum

OMAP L138E Secure Boot problem with starting in SECURE_WITH_SK mode