TMS320C6748: C6784 / OMAP-L138 Secure binding examples - how can I get them?

Hi 

All the relevant collateral is in the secdev package 

https://www.ti.com/tool/SECDEVTOOL-OMAPL138C6748

and some additional guidance on the following wiki

There is no additional collateral. I also recommend searching for the E2E forums for previous Q&A on these topics.

Regards

Mukul

This is not a true statement

Mukul Bhatnagar said:

Hi 

All the relevant collateral is in the secdev package 

https://www.ti.com/tool/SECDEVTOOL-OMAPL138C6748

and some additional guidance on the following wiki

Basic Secure Boot for OMAP-L138 C6748 - Texas Instruments Wiki

processors.wiki.ti.com

There is no additional collateral. I also recommend searching for the E2E forums for previous Q&A on these topics.

Regards

Mukul

From searching the other forums, which is why I asked this question in the first place, this is a false statement. 

In https://e2e.ti.com/support/processors/f/791/t/528411?tisearch=e2e-sitesearch&keymatch=omap%25252520l138%25252520secure%25252520boot%25252520binding

The poster asks for example SPI binding code which is not in the SECDEVTOOL. TI's Titusrathinaraj Stalin then responds he will send it to him via PM. 

The wiki gives no information on the binding process other than that it needs to be done. 

Also,

From the Wiki: 

In addition to this, you will need to you need to include the C source of the secure kernel wrapper APIs to your build. These APIs exist in source form, and are assembly-based calls into Secure Kernel. The SK version of the DSP/BIOS libraries call into these C wrapper APIs, but the API definitions are not currently included in the DSP/BIOS product. The source is distributed only through an official TI contact.

Note: The bootloader needs to exit in secure kernel mode for these APIs to work as expected. This will be needed only in cases where you have a BIOS based secondary bootloader that loads the encrypted application image. This approach is not recommended especially since SYS BIOS 6.x does not support this functionality and the delays involved in enabling the functionality.

Does this mean if I'm using the TI-RTOS 6.x from the processor SDK, I shouldn't even bother with secure boot because it's not supported? If so I won't waste more time trying to figure out this poorly documented secure boot.

Hi

Titus is no longer with TI. Any work that he has done to support a specific customer, is likely not archived in an official package. The key expert supporting this secdev package is out of office for the next few weeks .  I do not have a way to point you to any archives specifically done for the thread you pointed us to and provide more indepth answers . 

AFAIK, the dependencies on BIOS5.4x is more to do with run time secure boot and not secure boot (assume secure boot is all you are looking for). 

If this is a new project and you need more secure features - I would recommend looking at newer processors. 

C6748/OMAPL138 is a pretty widely used device given its power/performance/integration/ We have a few customers who have taken the secure boot version to production with the same collateral and tools - I regret that you are having a tough time with the documentation and offering.

Will trace the code examples that Titus did to see if those can be productized - but likely will take a few months. 

Please feel free to evaluate newer devices, if secure boot  with more fully supported feature sets and documentation is important and you are on a time crunch.

Regards

Mukul 

Unfortunately I am stuck with inheriting a design and upgrading is not an option. And few newer devices include integrated ARM + DSP. The Sitara AM5x include A15 + C6000 DSP.

Also Titus was not the only one to provide the missing collateral. Other posts indicate these binding examples are in the available SECDEVTOOL, but they are not.

I found this recent (2018) post (https://e2e.ti.com/support/processors/f/791/t/749275?tisearch=e2e-sitesearch&keymatch=app_spi_flash#) and PM'ed Rahul Prabhu for the  "security_collateral_update.zip" and ''app_spi_flash" binding example.

Hi 

Understood.  We hope to be able to support you on this, if this is of interest to you. 

Rahul is the designated expert and is currently out of office for the next ~ 3 weeks. Once he is back i will ask him to share any material that is not part of public documentation and packages. 

You will need to wait till end of August - we regret the delay.

Regards

Mukul 

Mukul,

Thanks, end of August won't be a problem. I'll keep a watch for a reply. 

Great - feel free to ping us or create another post (this post may get locked) if you do not hear back from us by end of August.

Appreciate the patience.

Regards

Mukul