• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 31 subscribers
  • Views 206 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

LP-AM243:Secure Boot logs

LP-AM243:Multi partition secure boot

Yukinobu Hasinoguti
Prodigy 210 points
Part Number: LP-AM243
Other Parts Discussed in Thread: UNIFLASH, SYSCONFIG

Tool/software:

We are checking the secure boot of multi-partitions on a device (LP-AM243x PROC109A) converted to HS-SE.

The sample used was this.

C:\ti\mcu_plus_sdk_am243x_09_02_01_05\examples\drivers\ipc\ipc_notify_echo

At this time, when making the appimage of r5fss0-0, we changed "CUST_MPK" to an invalid key,

and expected the appimage of r5fss0-0 to fail to start,

but judging from the log, it seems to have started normally.

In addition, we confirmed this using the following method.

1. Build ipc_notify_echo_am243x-lp_system_freertos_nortos with the correct "CUST_MPK".

2. Change the "CUST_MPK" setting in devconfig.mak and build only ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang.

Valid CUST_MPK
CUST_MPK=$(SIGNING_TOOL_PATH)/custMpk_am64x_am243x.pem
CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am64x_am243x.txt

Invalid CUST_MPK
CUST_MPK=$(SIGNING_TOOL_PATH)/mcu_custMpk.pem
CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am64x_am243x.txt

3. Flash with uart_uniflash.py.

I want to make an appimage fail to start on a multi-partition system. What is the correct procedure?

Regards,
Yukinobu

  • 0
    TI__Guru 59091 points

    Hi Yukinobu,

    Yukinobu Hasinoguti said:
    What is the correct procedure?

    The procedure looks correct.

    Have you checked the build logs of "ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang" to verify if the generated appimage is indeed signed by "mcu_custMpk.pem"?

    Have you also checked that the keys "custMpk_am64x_am243x.pem" & "mcu_custMpk.pem" differ?

    Regards,

    Prashant

  • 0 in reply to Prashant Shivhare
    Prodigy 210 points

    Hi Prashant,

    Prashant Shivhare said:

    Have you checked the build logs of "ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang" to verify if the generated appimage is indeed signed by "mcu_custMpk.pem"?

    I tried outputting the APP_SIGNING_KEY in the “makefile_ccs_bootimage_gen” of the project in question.
    As a result, I can confirm that it is signed by “mcu_custMpk.pem”.

    ' '
    'Arm Linker: "ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang.out"'
    ' '
    Boot image: am243x:r5fss0-0:freertos:ti-arm-clang C:/Users/hasinoguti/workspace_v12/ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang/Debug/ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang.appimage ...
    Boot image signing: Encryption is disabled.
    APP_SIGNING_KEY = C:/ti/mcu_plus_sdk_am243x_09_02_01_05/tools/boot/signing/mcu_custMpk.pem
    Generating certificate for C:/Users/hasinoguti/workspace_v12/ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang/Debug/ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang.appimage ...
    Boot image: am243x:r5fss0-0:freertos:ti-arm-clang C:/Users/hasinoguti/workspace_v12/ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang/Debug/ipc_notify_echo_am243x-lp_r5fss0-0_freertos_ti-arm-clang.appimage.hs Done !!!
    .

    Prashant Shivhare said:
    Have you also checked that the keys "custMpk_am64x_am243x.pem" & "mcu_custMpk.pem" differ?

    Yes. I have confirmed that "custMpk_am64x_am243x.pem" and "mcu_custMpk.pem" are different.


    Is there anything else I should check?

    Regards,
    Yukinobu

  • 0 in reply to Yukinobu Hasinoguti
    TI__Guru 59091 points

    Hi Yukinobu,

    By any chance, do you have this option checked in the SBL's sysconfig? If this options is checked, the SBL skips the authentication of the appimages before loading them.

    Regards,

    Prashant

  • 0 in reply to Prashant Shivhare
    Prodigy 210 points

    Hi Prashant,

    Thank you for your advice.
    SBL was definitely checked.
    I unchecked it and rebuilt SBL.

    As expected, there was an error at startup, but I have one question.
    There is no log for r5f0-1.
    Can I assume that this is because r5f0-0 has an authentication error, and r5f0-1 will not start?

    Success logs
    INFO: Bootloader_runCpu:155: CPU r5f1-0 is initialized to 800000000 Hz !!!
    INFO: Bootloader_runCpu:155: CPU r5f1-1 is initialized to 800000000 Hz !!!
    INFO: Bootloader_runCpu:155: CPU m4f0-0 is initialized to 400000000 Hz !!!
    INFO: Bootloader_loadSelfCpu:207: CPU r5f0-0 is initialized to 800000000 Hz !!!
    INFO: Bootloader_loadSelfCpu:207: CPU r5f0-1 is initialized to 800000000 Hz !!!

    Failure logs
    INFO: Bootloader_runCpu:155: CPU r5f1-0 is initialized to 800000000 Hz !!!
    INFO: Bootloader_runCpu:155: CPU r5f1-1 is initialized to 800000000 Hz !!!
    INFO: Bootloader_runCpu:155: CPU m4f0-0 is initialized to 400000000 Hz !!!
    Some tests have failed!

    Regards,
    Yukinobu

  • +1 in reply to Yukinobu Hasinoguti
    TI__Guru 59091 points

    Hi Yukinobu,

    Since the only delta between the two setup is the difference in signing, you can assume the failure is because of authentication failure.

    If in doubt, you may apply the following patch to dump the authentication status for each appimage

    diff --git a/source/drivers/bootloader/bootloader.c b/source/drivers/bootloader/bootloader.c
index 3aa46db1..aad3608f 100644
--- a/source/drivers/bootloader/bootloader.c
+++ b/source/drivers/bootloader/bootloader.c
@@ -666,6 +666,12 @@ int32_t Bootloader_parseMultiCoreAppImage(Bootloader_Handle handle, Bootloader_B
             status = SystemP_SUCCESS;
         }
 
+        if(status == SystemP_SUCCESS) {
+            DebugP_log("Authentication passed\r\n");
+        } else {
+            DebugP_log("Authentication failed\r\n");
+        }
+
         if(SystemP_SUCCESS == status)
         {
             memset(&mHdrCore[0], 0xFF, BOOTLOADER_MAX_INPUT_FILES*sizeof(Bootloader_MetaHeaderCore));

    You should then see the following logs which confirms the failure is because of the authentication failure of the R5F0-0 appimage.

    [12:27:48.275] DMSC Firmware Version 9.2.8--v09.02.08 (Kool Koala)
[12:27:48.277] DMSC Firmware revision 0x9
[12:27:48.277] DMSC ABI revision 3.1

[12:27:48.291] Authentication passed
[12:27:48.292] INFO: Bootloader_runCpu:155: CPU r5f1-0  is initialized to 800000000 Hz !!!
[12:27:48.323] Authentication passed
[12:27:48.324] INFO: Bootloader_runCpu:155: CPU r5f1-1 is initialized to 800000000 Hz !!!
[12:27:48.339] Authentication passed
[12:27:48.371] INFO: Bootloader_runCpu:155: CPU m4f0-0 is initialized to 400000000 Hz !!!
[12:27:48.387] Authentication failed
[12:27:48.388] Some tests have failed!!

    Regards,

    Prashant