Part Number: F29H850TU
Other Parts Discussed in Thread: UNIFLASH, F29H85X-SOM-EVM
Hello,
I am trying to perform Key Provisioning and Code Provisioning using TI CyberShield Toolkit 26.00.00 STS Release and ti_cst_f29h85x_addon_01_00_00_00. I have a XF29H850TU9T soldered onto a F29H85X-SOM-EVM. Based on the markings "ZEX 3LA-57C7PEW G1" I assume it is a Rev A (SR_10) microcontroller. I also have SDK and TIFS version 26_00_00, CCS 2050 and uniflash 9.5.0 installed.
Unfortunately, neither JTAG nor UART approach works. I am trying on both Ubuntu 24 and Windows 10. UART communication fails entirely. JTAG communication occurs only after modyfing the .ccmxl file. JTAG flow allows me to read the device state - as HSFS. I perform the Key Provisioning through JTAG. Provisioning Details window is empty. The Full Log File is as follows:
Loading OTP KW binary from: /home/kowalczykm/ti/TICST/addons/f29h85x/bin/otp_kw_f29h85x_hs_fs.hsmimage.bin
Loading certificate from: /home/kowalczykm/ti/f29h85x/certificates/final_certificate.bin
Writing CMD_CTRL_REG bitmask 0x00000003 to 0x30180508
Loading JTAG flash kernel from: /home/kowalczykm/ti/TI-CyberShield-Toolkit-main/host/bin/asm/f29h85x/secure_ram_based_jtag_kernel.out
Expecting target to not halt for 120 seconds
Success: we timed out while waiting for the target to halt
Log file contents:
!!! JTAG FLASH KERNEL LIVE !!!
I power reset the device when I'm asked to by the tool and the end result is "Verification Failed. Device is in HSFS state. Expected HSKP or HSSE state after keys provisioning."
This is the console log:
(venv) kowalczykm@rze-kowalcmlx-n:~/ti/TI-CyberShield-Toolkit-main$ cstgui
Device changed to: F29H85X
Setting up F29 development session with data: {'type': 'f29_development', 'smpk_algo': 'rsa4k', 'bmpk_algo': 'rsa4k'}
deleting the session Development
Creating Development Session
Saving Development session...
Generate certificate: {'device': 'f29h85x', 'flags': ['msv_protect', 's_protect', 'smek_protect', 'b_protect', 'bmek_protect', 'keycnt_protect', 'smpk', 'smek', 'bmpk', 'bmek'], 'output_dir_path': '/home/kowalczykm/ti/f29h85x/certificates', 'pub_key_path': '/home/kowalczykm/ti/TICST/addons/f29h85x/tifek/SR_10/ti_fek_public.pem', 'msv': '0x1E22D', 'dev_sr_ver': 'SR_10', 'keycnt': '2', 'keyrev': '1', 'sr_sbl': '1', 'sr_hsmRT': '1', 'sr_app': '1', 'sr_ssu': '1', 'smpk_signing_algorithm': 'rsa4k', 'bmpk_signing_algorithm': 'rsa4k'}
Generating certificate with data: {'device': 'f29h85x', 'flags': ['msv_protect', 's_protect', 'smek_protect', 'b_protect', 'bmek_protect', 'keycnt_protect', 'smpk', 'smek', 'bmpk', 'bmek'], 'output_dir_path': '/home/kowalczykm/ti/f29h85x/certificates', 'pub_key_path': '/home/kowalczykm/ti/TICST/addons/f29h85x/tifek/SR_10/ti_fek_public.pem', 'msv': '0x1E22D', 'dev_sr_ver': 'SR_10', 'keycnt': '2', 'keyrev': '1', 'sr_sbl': '1', 'sr_hsmRT': '1', 'sr_app': '1', 'sr_ssu': '1', 'smpk_signing_algorithm': 'rsa4k', 'bmpk_signing_algorithm': 'rsa4k'}
Using development session mode
DEBUG: F29 certificate generation command: script_name --device f29h85x --smpk_signing_algorithm rsa4k --bmpk_signing_algorithm rsa4k gencert -t /home/kowalczykm/ti/TICST/addons/f29h85x/tifek/SR_10/ti_fek_public.pem --msv 0x1E22D --msv_protect --bmpk --bmek --b_protect --bmek_protect --smpk --smek --s_protect --smek_protect --sr_sbl 1 --sr_hsmRT 1 --sr_app 1 --sr_ssu 1 --keycnt 2 --keycnt_protect --keyrev 1 -d f29h85x --devSrVer SR_10 -o /home/kowalczykm/ti/f29h85x/certificates
DEBUG: Calling f29_main()
-----------------------------------------------
F29H85x CyberShield Toolkit CLI
-----------------------------------------------
deleting the session Development
Creating Development Session
Saving Development session...
Generating Dual signed certificate!!
opening session: Development
signing AES key with SigningAlgorithm.PKCS1_V15
signing AES key with SigningAlgorithm.PKCS1_V15
primary cert: signing with SigningAlgorithm.PKCS1_V15
secondary cert: signing with SigningAlgorithm.PKCS1_V15
writing certificates into /home/kowalczykm/ti/f29h85x/certificates
Certificate generated successfully
DEBUG: F29 certificate generation completed successfully
DEBUG: Signing specific F29H85x binaries: ['ram_based_uart_sbl.temp.bin']
DEBUG: F29H85x specific binary signing requested
DEBUG: Using session: Development
DEBUG: Development session with SMPK: rsa4k, BMPK: rsa4k
DEBUG: Using prebuilt images directory: /home/kowalczykm/ti/TI-CyberShield-Toolkit-main/host/bin/asm/f29h85x
Signing ram_based_uart_sbl.temp.bin...
DEBUG: Signing binary ram_based_uart_sbl.temp.bin with parameters:
- Core: C29
- Boot: RAM
- KeyRev: 1
- LoadAddr: 0x200E1000
- SwRv: 1
- Debug: DBG_SOC_DEFAULT
- CCS Path: /home/kowalczykm/ti/ccs2050
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
writing signed images into /home/kowalczykm/ti/f29h85x/signedImages
Renamed ram_based_uart_sbl.temp.cert.bin → ram_based_uart_sbl.cert.bin
Detecting device with boot mode: JTAG, connection info: {'type': 'jtag', 'ccs_path': '/home/kowalczykm/ti/ccs2050'}
2026-06-25 10:07:49,518 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Running Get Device Type command: /home/kowalczykm/ti/ccs2050/ccs/scripting/run.sh /home/kowalczykm/ti/TI-CyberShield-Toolkit-main/host/src/apps/tifs/kp_cp_f29h85x/read_lifecycle.js
2026-06-25 10:07:51,398 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Command output:
Device is in HS_FS state
Device is in HS_FS state
2026-06-25 10:07:51,398 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Get Device Type completed successfully
DEBUG: Signing binary tifs_f29h85x_hs_se.release.bin with parameters:
- Core: HSM
- Boot: FLASH
- KeyRev: 1
- LoadAddr: 0x00000000
- SwRv: 1
- Debug: DBG_SOC_DEFAULT
- CCS Path: /home/kowalczykm/ti/ccs2050
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
writing signed images into /home/kowalczykm/ti/f29h85x/signedImages
DEBUG: Signing binary tifs_f29h85x_hs_se_code_provisioning.release.bin with parameters:
- Core: HSM
- Boot: RAM
- KeyRev: 1
- LoadAddr: 0x00000000
- SwRv: 1
- Debug: DBG_SOC_DEFAULT
- CCS Path: /home/kowalczykm/ti/ccs2050
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
writing signed images into /home/kowalczykm/ti/f29h85x/signedImages
DEBUG: Signing binary secure_boot_manager.bin with parameters:
- Core: C29
- Boot: FLASH
- KeyRev: 1
- LoadAddr: 0x10001000
- SwRv: 1
- CCS Path: /home/kowalczykm/ti/ccs2050
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
writing signed images into /home/kowalczykm/ti/f29h85x/signedImages
DEBUG: Signing binary combined_services_demo.bin with parameters:
- Core: C29
- Boot: FLASH
- KeyRev: 1
- LoadAddr: 0x10040000
- SwRv: 1
- CCS Path: /home/kowalczykm/ti/ccs2050
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
writing signed images into /home/kowalczykm/ti/f29h85x/signedImages
DEBUG: Signing Sec-Cfg default_seccfg_bankmode_0_ssumode1.out with parameters:
- KeyRev: 1
- SwRv: 1
- Boot: FLASH
- CCS Path: /home/kowalczykm/ti/ccs2050
Using CCS path: /home/kowalczykm/ti/ccs2050
Created temporary directory: /tmp/tmpfujks8at
Extracting CPU1 configuration...
Executing: Extracting CPU1 configuration
Command: /home/kowalczykm/ti/ccs2050/ccs/tools/compiler/ti-cgt-c29_2.2.0.LTS/bin/c29objcopy -O binary --only-section=.TI.bound:CPU1_Cfg /home/kowalczykm/ti/TICST/addons/f29h85x/bin/default_seccfg_bankmode_0_ssumode1.out /tmp/tmpfujks8at/seccfgCpu1.bin
SUCCESS: Extracting CPU1 configuration completed successfully
Extracting CPU2 configuration...
Executing: Extracting CPU2 configuration
Command: /home/kowalczykm/ti/ccs2050/ccs/tools/compiler/ti-cgt-c29_2.2.0.LTS/bin/c29objcopy -O binary --only-section=.TI.bound:CPU2_Cfg /home/kowalczykm/ti/TICST/addons/f29h85x/bin/default_seccfg_bankmode_0_ssumode1.out /tmp/tmpfujks8at/seccfgCpu2.bin
SUCCESS: Extracting CPU2 configuration completed successfully
Extracting CPU3 configuration...
Executing: Extracting CPU3 configuration
Command: /home/kowalczykm/ti/ccs2050/ccs/tools/compiler/ti-cgt-c29_2.2.0.LTS/bin/c29objcopy -O binary --only-section=.TI.bound:CPU3_Cfg /home/kowalczykm/ti/TICST/addons/f29h85x/bin/default_seccfg_bankmode_0_ssumode1.out /tmp/tmpfujks8at/seccfgCpu3.bin
SUCCESS: Extracting CPU3 configuration completed successfully
Checking for CPU configuration files in /tmp/tmpfujks8at
Found CPU1 configuration file: /tmp/tmpfujks8at/seccfgCpu1.bin (size: 2048 bytes)
Found CPU2 configuration file: /tmp/tmpfujks8at/seccfgCpu2.bin (size: 2048 bytes)
Found CPU3 configuration file: /tmp/tmpfujks8at/seccfgCpu3.bin (size: 2048 bytes)
Truncating CPU2 configuration file: /tmp/tmpfujks8at/seccfgCpu2.bin
Successfully truncated seccfgCpu2.bin from 2048 to 2032 bytes
CPU configuration file preparation completed successfully
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
writing certificates into /home/kowalczykm/ti/f29h85x/signedImages
Creating output directory: /home/kowalczykm/ti/f29h85x/signedImages
Successfully created or verified output directory: /home/kowalczykm/ti/f29h85x/signedImages
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
opening session: Development
primary cert: signing with SigningAlgorithm.PKCS1_V15
Creating combined output file: /home/kowalczykm/ti/f29h85x/signedImages/seccfg.bin
Successfully wrote combined SecCfg to: /home/kowalczykm/ti/f29h85x/signedImages/seccfg.bin
2026-06-25 10:08:26,732 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Running key provisioning with command: /home/kowalczykm/ti/ccs2050/ccs/scripting/run.sh /home/kowalczykm/ti/TI-CyberShield-Toolkit-main/host/src/apps/tifs/kp_cp_f29h85x/run_keyprov_flow.js --otp-kw-bin /home/kowalczykm/ti/TICST/addons/f29h85x/bin/otp_kw_f29h85x_hs_fs.hsmimage.bin --certificate /home/kowalczykm/ti/f29h85x/certificates/final_certificate.bin --jtag-kernel /home/kowalczykm/ti/TI-CyberShield-Toolkit-main/host/bin/asm/f29h85x/secure_ram_based_jtag_kernel.out
2026-06-25 10:09:30,578 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Key provisioning completed successfully
2026-06-25 10:09:30,594 - apps.qtgui.utils.log_parser - WARNING - Could not find repository base, using current directory
(gnome-text-editor:34470): Gtk-WARNING **: 10:09:37.630: Trying to snapshot GtkGizmo 0x59a8118029b0 without a current allocation
(gnome-text-editor:34470): Gtk-WARNING **: 10:09:41.500: Broken accounting of active state for widget 0x59a8129b48e0(GtkPopoverMenu)
2026-06-25 10:10:52,210 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Running Get Device Type command: /home/kowalczykm/ti/ccs2050/ccs/scripting/run.sh /home/kowalczykm/ti/TI-CyberShield-Toolkit-main/host/src/apps/tifs/kp_cp_f29h85x/read_lifecycle.js
2026-06-25 10:10:54,060 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Command output:
Device is in HS_FS state
Device is in HS_FS state
2026-06-25 10:10:54,060 - apps.tifs.kp_cp_f29h85x.jtag_provisioning - INFO - Get Device Type completed successfully
Contents of my .ccxml:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configurations XML_version="1.2" id="configurations_0">
<configuration XML_version="1.2" id="configuration_0">
<instance XML_version="1.2" desc="Texas Instruments XDS110 USB Debug Probe" href="connections/TIXDS110_Connection.xml" id="Texas Instruments XDS110 USB Debug Probe" xml="TIXDS110_Connection.xml" xmlpath="connections"/>
<connection XML_version="1.2" id="Texas Instruments XDS110 USB Debug Probe">
<instance XML_version="1.2" href="drivers/tixds510cs_dap.xml" id="drivers" xml="tixds510cs_dap.xml" xmlpath="drivers"/>
<instance XML_version="1.2" href="drivers/tixds510c29x.xml" id="drivers" xml="tixds510c29x.xml" xmlpath="drivers"/>
<instance XML_version="1.2" href="drivers/tixds510cortexM.xml" id="drivers" xml="tixds510cortexM.xml" xmlpath="drivers"/>
<instance XML_version="1.2" href="drivers/tixds510sec_ap.xml" id="drivers" xml="tixds510sec_ap.xml" xmlpath="drivers"/>
<property id="Debug Probe Selection" Type="choicelist" Value="0">
<choice Name="Select by serial number" value="0">
<property id="-- Enter the serial number" Type="stringfield" Value="NOserial"/>
</choice>
</property>
<platform XML_version="1.2" id="platform_0">
<instance XML_version="1.2" desc="F29H850TU9" href="devices/f29h850tu9.xml" id="F29H850TU9" xml="f29h850tu9.xml" xmlpath="devices"/>
<device XML_version="1.2" id="F29H850TU9" partnum="F29H850TU9" HW_revision="1" description="">
<router XML_version="1.2" id="CS_DAP_0" HW_revision="1.0" isa="CS_DAP" description="CS_DAP Router">
<subpath id="Subpath_0">
<cpu XML_version="1.2" id="C29xx_CPU1" HW_revision="1.0" isa="TMS320C29xx" description="C29xxCPU">
<property id="GEL File" Type="filepathfield" Value="../../../.."/>
</cpu>
<cpu XML_version="1.2" id="C29xx_CPU3" HW_revision="1.0" isa="TMS320C29xx" description="C29xxCPU">
<property id="GEL File" Type="filepathfield" Value="../../../.."/>
</cpu>
<cpu XML_version="1.2" id="C29xx_CPU2" HW_revision="1.0" isa="TMS320C29xx" description="C29xxCPU">
<property id="GEL File" Type="filepathfield" Value="../../../.."/>
</cpu>
</subpath>
<subpath id="Subpath_2">
<cpu XML_version="1.2" id="SEC_AP_HSM" HW_revision="1.0" isa="SEC_AP" description="Secure AP">
<property id="GEL File" Type="filepathfield" Value="../../../.."/>
</cpu>
</subpath>
</router>
</device>
</platform>
</connection>
</configuration>
</configurations>
What should I do or change to sucessfully perform Key Provisioning using this tool?