• State
  • Replies 3 replies
  • Subscribers 101 subscribers
  • Views 92 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

Original question:

TDA4VL-Q1: J721S2 HS-FS: Enable Ethernet within the SBL

TDA4VL-Q1: J721S2 HS-FS: OTP Keywriter fails with ext_otp data in the certificate

Andreas K
Prodigy 120 points
Part Number: TDA4VL-Q1

Tool/software:

Dear TI-Support,

I am currently experiencing an issue with the OTP Keywriter (PSDK RTOS J721S2 08.04. + OTP_KEYWRITER_ADD_ON_j721s2_08_04_00_02):

Using the TI Dummy keys and a certificate without extension OTP data, the OTP Keywriter succeeds:

OTP Keywriter Version: 02.00.00.00 (Nov 21 2024 - 09:45:21)

OTP Keywriter ver: 8.4.6-v08.04_keywriter (Jolly J
Key programming sequence initialted
Taking OTP certificate from 0x41c73004
Debug response: 0x0
Key programming sequence completed

Using the TI Dummy keys and a certificate with extension OTP data, the OTP Keywriter fails with KEYWR_ERR_INTERAL_OP (debug response 0x20):

OTP Keywriter Version: 02.00.00.00 (Nov 21 2024 - 09:45:21)

OTP Keywriter ver: 8.4.6-v08.04_keywriter (Jolly J
Key programming sequence initialted
Taking OTP certificate from 0x41c73004
Sciclient_otpProcessKeyCfg returns: -1
Debug response: 0x20
Key programming sequence completed

Certificate generation

With extension OTP data:

./gen_keywr_cert.sh -s keys/smpk.pem --smek keys/smek.key -b keys/bmpk.pem --bmek keys/bmek.key -t ti_fek_public.pem -a keys/aes256.key --ext-otp ext_otp_data.bin --ext-otp-indx 0 --ext-otp-size 1024

ext otp data:

$ xxd ext_otp_data.bin

00000000: 0000 ccdd 0000 0000 0000 0000 0000 0000  ................
00000010: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000020: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000030: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000  ................

Without extension OTP data:

./gen_keywr_cert.sh -s keys/smpk.pem --smek keys/smek.key -b keys/bmpk.pem --bmek keys/bmek.key -t ti_fek_public.pem -a keys/aes256.key

Can you tell me what could be the error of the OTP Keywriter process when I am inserting ext_otp to the x509 extension fields?

Best regards,

Andreas

  • 0
    TI__Guru* 95855 points

    Hi Andreas,

    What build machine are you generating the certificate with, or alternatively what is the OpenSSL version you are using to generate the certificate?

    What is the size of the certificate in the passing case and the failing case? There is a maximum limit on the certificate length for the certificate to be processed correctly.

    regards

    Suman

  • 0 in reply to Suman Anna
    Prodigy 120 points

    Hi Suman,

    thanks for your patience!

    OpenSSL version: `OpenSSL 1.1.1f 31 Mar 2020`

    Certificate sizes:

    • passing case: 0x1B85 (7045) bytes
    • failing case: 0x1BA7 (7079) bytes

    I am looking forward to hearing from you!

    Best regards,

    Andreas

  • 0 in reply to Andreas K
    TI__Guru* 95855 points

    Hi Andreas,

    Andreas K said:
    OpenSSL version: `OpenSSL 1.1.1f 31 Mar 2020`

    Thanks for the version info on OpenSSL.

    Andreas K said:

    Certificate sizes:

    • passing case: 0x1B85 (7045) bytes
    • failing case: 0x1BA7 (7079) bytes

    The size differences look to be coming only from the Extended OTP.

    Have you been able to have a successful KeyWriter programming with just the Extended OTP efuses?

    Andreas K said:
    ext otp data:

    Your Extended OTP data seemed to contain only a few bytes. Did you try only a limited --ext-otp-size of only the needed bytes?

    regards

    Suman