• State TI Thinks Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 862 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Compiler/AWR1642: Can I use Secondary Boot Loader on AWR1642-HS?

JuiYang Chi
Intellectual 860 points
Part Number: AWR1642
Other Parts Discussed in Thread: UNIFLASH, MMWAVE-SDK

Tool/software: TI C/C++ Compiler

I use SBL on AWR1642-HS.

I found the image (which is loaded) had to be unencrypted.

Can I load a encrypted image via SBL?

JuiYang

  • 0
    TI__Mastermind 22155 points
    Hello Juiyang Chi,

    Once the customer keys are configured to the device and the encrypted image is created using the HS image creator and configuration files where the key inputs to the certificate generation are specified you should be able to flash the encrypted image either using the Uniflash or the SBL.

    Do you have access to the AWR1642-HS device?


    -Raghu
  • 0 in reply to Raghunandan Kamath
    Intellectual 860 points
    Hello Raghu,

    First, I use HS image creator to encrypt SBL and flash SBL using the Uniflash .

    Then,I use HS image creator to encrypt image.
    I use SBL to download the image to Flash is successful.
    But the SBL can't download the metaimage to RAM.

    I found that if I use SBL to download unencrypt image to flash, SBL can download the metaimage to RAM successfully.
    But the unencrypt image without any encryption protection.

    Is it possible to download encrypted images to RAM with SBL?


    JuiYang
  • 0 in reply to JuiYang Chi
    TI__Mastermind 22155 points
    JuiYang,

    Can you please let me know what is the "IMAGE_ENCRYPTION_KEY_INDEX" that you have used in your "hsimage.cfg" for creating the SBL flashing binary ?

    If you have kept anything other than "ENC_ABSOLUTE" then most likely it would not work . Keeping the "IMAGE_ENCRYPTION_KEY_INDEX=ENC_ABSOLUTE" makes sure that the authentication of the image is made based on the key that is available in the certificate rather than the key that is present in the fuse-rom.

    Please create your SBL image with above mentioned IMAGE_ENCRYPTION_KEY_INDEX .

    Thanks,
    Raghu
  • 0 in reply to Raghunandan Kamath
    Intellectual 860 points

    Hello Raghu,

    If I use Uniflash to download xwr16xx_mmw_demo_secure.bin to META Image-1.
    It can be run.

    But if I use SBL to download the xwr16xx_mmw_demo_secure.bin to RAM.
    It can't be run. The error message is below:

    This is my parameters for X.509 Certificate now.
    HMAC_KEY_INDEX = 0
    IMAGE_ENCRYPTION_KEY_INDEX = ENC_ABSOLUTE

    JuiYang

  • 0 in reply to JuiYang Chi
    TI__Guru 69960 points
    Hello JuiYang,
    SBL provided in SDK doesn't support security feature where it decrypts the encrypted image (received over UART).
    You can use Crypto library of mmWave-SDK in SBL to decrypt the image encrypted with the same AES key.
    Please take a reference from Crypto test application to add this feature in SBL.

    Regards,
    Jitendra
  • 0 in reply to Jitendra Gupta
    Intellectual 860 points
    Hello Jitendra,

    Do I need to do Certificate Verification when I decrypt the Image?
    Can I just decrypt the Image without Certificate Verification?

    And what is the data format of Image?
    There are Certificate file, TI Image and Customer Image in contents of bin file(which is built with hs_image_creator and hsimage.cfg).
    Do I just need to decrypt the Customer Image?

    Thanks,
    JuiYang