• State Resolved
  • Locked Locked
  • Replies 20 replies
  • Answers 3 answers
  • Subscribers 98 subscribers
  • Views 2917 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320c6748 SPI SECURE BOOT PROBLEMS

Manjula Ellepola
Expert 1335 points
Other Parts Discussed in Thread: OMAP-L138

Hi Titus

HELP I NEED YOUR HELP PLS PLS!

https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/spi_5F00_test.ini

For the past three weeks I have been trying to make our firmware secure-bootable. But no luck yet. This has turned to be another TI mini (turning to major)project that you and I love and enjoy solving :)


Before gong into more details have you got a .INI file specifically for SPI booting that can be used with the  for the secure hex AIS tool?

I am able to connect to the secure chip and open the JTAG, write an image to the SPI flash and verify that the image is correct. However the DSP won't boot when power is cycled. I suspect that the .ini file I am using is not quite correct ( attached). My understanding is that the secure chip should be able to boot the SPI flash even though it hasn't gone through the binding process. Is this understanding and a mis?

This is urgent and your early and kind attention is sought !

Best regards

Manjula

  • 0
    TI__Guru** 116100 points
    Dear Manjula,

    I am able to connect to the secure chip and open the JTAG, write an image to the SPI flash and verify that the image is correct. However the DSP won't boot when power is cycled. I suspect that the .ini file I am using is not quite correct ( attached). My understanding is that the secure chip should be able to boot the SPI flash even though it hasn't gone through the binding process. Is this understanding and a mis?

    No, we need to do binding process for secure boot from flash based devices.

    Firstly, you need to flash the binary (which has unencrypted headers) into SPI then need to run the binding code, it would read the headers of your code and encrypt it with KEK of SoC then binding code would write the encrypted headers in SPI flash.
    In next boot, SoC will decrypt your headers with its KEK, if its correct image, load into RAM then execute.

    Please let me know if anything.

    You can boot the image via UART (GenericSecureUartHost.exe) without using binding process.

    What type of code are you running ?
    Can you please try some LED or UART based code ?
    Like minimal stuff.

    Refer to this post.
    e2e.ti.com/.../381405
  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points

    https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/Titus_5F00_magic_5F00_c6748sec.iniHi Titus

    Firstly let me thank you for your prompt reply. Without your support we would surely be lost!

    Good news is that I am able to boot from SPI flash now. I have got a simple serial echo program from starter-ware going.

    From one of your old posts I got the attached .INI file and modified it to SPIMASTER boot....and it worked! Wow!

    I am able to boot the unbound image in the SPI flash. So it is possible to boot an unbound image but it is not secure as the headers are not encrypted and the CEK is exposed. Please check this point.

    Now onto the next step of binding the UartEco to the chip. Wish me luck! Will let you know if I run into problems.

    Thank you very much and best regards

    Manjula

  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points
    Sounds good.
    Thanks for the update.
  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points

    Hi Titus

    I am trying to bind the SerialEcho program to the chip now. I have come to the banging my head on the wall stage now.   I need your help!

    I can write the app to flash and boot it reliably using the app_spi_flash program (that you sent me some time ago). However when I try to bind and boot no luck. Can you please verify the following: That is the SerialApp witll run without binding on the secure chip.

    1. Has the Secureboot (for spi flash) program being tested and verified with current silicon? The files are from 2011!

    2. Have you tried this and succeeded? I want to make sure that there are no bugs in the binding program as it is heavy with hashing algorithms etc

    3. Is there a later version of this software?

    4. Have you got an example .INI file that you have used to bind the application to the secure chip?

    I can run the Secureboot program and it reports that it has encrypted successfully however after binding the program does not boot :(( The SerialEcho sits entirely in the L3 shared RAM. The .ini I am using for the SerialEcho has got the debug taps enabled. Is this a problem?

    Thank you and looking forward to your valuable feedback...

    -Manjula

  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points

    Dear Manjula
    1) I have tried to boot the NAND flash with newer silicon.
    2) Yes, I have succeed. As far as I know, I haven't heard any bugs.
    3) No.
    4) I have used the LED blinking code.

    I have done the following steps to boot the secure boot from NAND flash.
    i) I have binary to unlock the JTAG so that I can load and run the NANDwriter CCS project to flash the binary(which is unencrypted headers) into NAND flash.
    ii) Run the NANDwriter project, erase and flash the AIS binary.
    iii) Again load and run the unlock binary using secure UART boot exe.

    Edited:
    iv) Run the binding code through secure UART boot exe, it would read the headers of your binary from NAND flash and do encrypt it with KEK of processor and re-write the encrypted headers in the same location.
    v) Now binding process is get completed.
    vi) Set boot mode to NAND flash then observer the LED blinking.

  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points
    Hi Titus

    Good news that you have verified that the binding program works :))

    I have a question regarding step iv) of yours above. I have tried this and it does not work in CCS as the processor cannot do SK calls in debug mode. When I tried this the binding does not happen and the image is left untouched. I thought we would have to load a secure program via GenericSecureHost to do the binding which is the SecureBoot program you sent me. Can you please clarify this?

    Can you please send me the .INI file you used to do the above successfully?

    Thank you for your continued support!
    Best regards
    Manjula
  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points
    Dear Manjula,

    I have a question regarding step iv) of yours above. I have tried this and it does not work in CCS as the processor cannot do SK calls in debug mode. When I tried this the binding does not happen and the image is left untouched. I thought we would have to load a secure program via GenericSecureHost to do the binding which is the SecureBoot program you sent me. Can you please clarify this?

    I'm very sorry about that, you are right.
    Yes, we should not run the binding code in CCS debug mode, you will see the SK_allocSC failure, now I can remember the older issues which were I faced.

    I will try that secure boot from NAND flash and confirm now.
  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points

    Dear Manjula,

    I am able to do secure boot successfully from NAND flash. on C6748 secure SoC.

    I have followed the same steps which I mentioned above.

    I have attached the *.ini file which I used to convert the binding code.

    SecureHexAIS_OMAP-L138.exe -ini secureboot.ini -otype binary -o Secure_boot_NAND.ais Secure_boot_NAND_new.out

    This is the "Secure_boot_NAND.ais" binding app which I used to load and run using "GenericSecureUartHost.exe" UART secure host tool.

    Use "BootMode" as SPIMASTER for SPI device. (also try as "none")

    https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/secureboot.ini

  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points
    Hi Titus
    Yes please do and verify the binding process again as it doesn't work for me.
    I can boot the program before binding and it works well. However after I bind it it does not work. I read the images to file before and after binding and I can see the headers has changed after binding. You mentioned that there were issues with the binding before??
    Please let me know as soon as you have a result....
    Best regards
    Manjula
  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points
    Hi Titus

    I checked the .ini file is the same as the one I am using for the secure_boot. However I think there is an issue with the secure_boot software. Can you please send me the Secure_boot_NAND_new software package please? That is the CCS project and all the source files. I can convert this to SPI boot and try. You can send me through private chat.

    Next what is the .ini file you use for the BlinkLED program?

    I am nearing one month just to get this process done. Your help to get us through this is appreciated very much.

    Best regards

    Manjula
  • 0 in reply to Manjula Ellepola
    Expert 1335 points
    Dear Titus

    Can you PLEASE PLEASE send me the Secure_boot_NAND_new software package please? I want to check that the secure_boot software I got here is correct and not buggy...I have already found differences with this one and another file in the same package you sent me i.e in the encryption part of the program....which is correct ..

    WE are working under a very difficult environment here where TI support documentation and tool support is dismal and we have to depend on SE's like you to keep things going. I would have spent a good 40% of my time on this project solving issues due to the bad documentation and tools and scattered information!!!

    -Manjula
  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points
    Sure, I will send you through email.
    BTW, Its strange to me that you are able to boot without doing binding process.
    Are you just flashing the AIS binary into SPI flash and booting ?

    Let me check with some secure experts on this.
  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points
    Hi Titus
    Yes definitely I can boot without binding. Yes I am just flashing AIS binary to SPI flash and booting. I have done this maybe a few hundred times now. This kind of makes sense as you are able to boot through the serial port.

    When I do the binding it fails to boot. So there is a problem with the binding process it seems.
    I look forward to receiving the above package through email....thank you very much!

    Best regards
    Manjula
  • 0 in reply to Manjula Ellepola
    Expert 1335 points
    Hi Titus

    Yes!! found differences between your version and the version I have in the header encryption binding process!
    I will next test your version and see how things go.
    Can TI make a tool for this process? Would make our life heck of a lot easier. I now there are differences in custom boards but most are based on eval boards from TI and also there could be a config window in the tool so we could specify what memory is on the board etc....
    Would be highly valuable tool. Currently we are getting stuck after we jump out of the CCS environment.

    Thank you and best regards
    Manjula
  • 0 in reply to Manjula Ellepola
    Expert 1335 points
    YESSSSSS SIR TITUS the greatest SE on TI it works! Your Code Works! Thank you sooooo much :)))
    Best regards
    Manjula
    PS I can sleep tonight after one month of worry :)
  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points

    Wow! glad to hear.
    Sounds good.
    Thanks for the update.

  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points
    Hi Titus the best TI SE,
    I had a good sleep last night thanks to you :)
    Do you want me to highlight the section of code that was not correct in the SP_SECURE boot package for future reference?
    Thanks and BR
    Manjula
  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points
    Dear Manjula,
    Glad to hear.
    Yes please, not with code, it would be good if its in words (due to security reasons) so that it would be useful for other community members.
    Thank you!
  • 0 in reply to Titusrathinaraj Stalin
    Expert 1335 points
    Hi Titus,

    The problems was in the secure_boot.c (in the SPI secure boot folder). What I found wrong were the following:

    1. The Key loads point to the wrong addresses of the loaded SPI buffer (i.e. buffer loaded with spi image) so that when the hashing is done the wrong parts are encrypted and the device aborts boots
    2. Incorrect arguments are passed to the SHA hashing algorithm.

    secure_boot.c seems to have been hurriedly thrown together and released and is a dismal piece of code and I am not sure if it has even been tested properly to see that it works correctly. There were things like allocating 4MB on the heap to change a few bytes in the header and write back to flash. The underlying hashing and SK code is good.

    Hope this helps.

    Thanks again

    Best regards

    Manjula
  • 0 in reply to Manjula Ellepola
    TI__Guru** 116100 points
    Dear Manjula,
    Superb.
    Thank you so much.
    I really appreciate your help.