Dear TI Support,
We would like to use the secure boot feature of the AM243x, however we would like to ask for some clarification about it.
We have found some info about OSPI boot is not compatible with the secure boot, however in some support ticket answers it's the opposite. source: "Encryption of application image not possible in SBL OSPI"
- Could you please confirm that secure boot with OSPI boot option on the AM243x HS-FS is possible?
- Or is it possible, but the firmware image can't be encrypted, only signed?
I have found the otp_keywriter_am243x_09_00_00-windows-installer, which has a few scripts for generating x509 certifications.
- Would you recommend to use these or there's a possibility these are deprecated and it would be better to implement our own process (using openssl or similar)?
- Regarding the keywriter - I assume not - but is there any possibility to re-write the security key in a development environment (on a launchpad or EVM) for testing purposes?
Thanks,
Mark