TI中文支持网Part Number:AM2634
您好:
我在使用AM2634 OTP KeyWrite功能时,有以下问题:
1、OTP KeyWrite支持的key如下图所示:
请问其中的MSV、SWREV-APP、SWREV-SBL、SWREV-HSM等的作用是什么,是否由相关使用示例?
2、当OTP KeyWrite写入成功后,AM2634转为HS-SE设备,请问如何生成满足secure boot条件的tiimage文件?
Shine:
已把您的问题升级到英文e2e论坛,请关注下面帖子的回复。https://e2e.ti.com/support/microcontrollers/arm-based-microcontrollers-group/arm-based-microcontrollers/f/arm-based-microcontrollers-forum/1191992/am2634-questions-about-otp-keywrite
,
du rl:
好的,非常感谢
,
Shine:
不客气~
请看下面e2e工程师的回复。The SW Rev is Software Revision of Application, SW Revision of SBL and SW Revision of HSMRt Image. This is to prevent rollback protection in the device by HSM ROM and SBL.
For booting the SBL securely, you need to add the following options during the build with a valid HSMRt Firmware (that needs to be signed with customer keys as well)
It will build the SBL signed with customer keys.
,
du rl:
您好:
已看到e2e工程师的回复,没太理解其描述,问题如下:
问题1:
我将其提供的选项做为生成安全启动镜像文件的操作,根据其提示的操作后报错如下(我是windows环境,使用gmake命令):
问题2:
其描述中有关HSMRt的部分我没有理解,我本意是问开启secure boot功能后,如何生成满足启动条件的sbl二进制镜像文件与HSMRt。
问题3:
在目前的工程中,通过makefile_ccs_bootimage_gen文件生成SBL的tiimage文件,请问是否由一个类似的脚本能够将bin文件转化为SBL安全启动镜像文件?
,
Shine:
在e2e帖子上已更新您的问题,请关注帖子的回复。
,
Shine:
请看下面e2e工程师的回复。
Customer met below error message when generating secure boot image file (windows OS and gmake)
Please follow the following build steps to ensure that the build via makefile is stable and functional – https://software-dl.ti.com/mcu-plus-sdk/esd/AM263X/08_05_00_24/exports/docs/api_guide_am263x/MAKEFILE_BUILD_PAGE.html
How to generate SBL binary image file and HSMRt which can meet the boot requirements?
To generate the HSMRt Image you need to install the TIFS firmware from My Secure SW. Also follow the steps from tifs documentation – file:///C:/ti/tifs_am263x_08_05_00_07/docs/api_guide_am263x/html/hsm_runtime_firmware.html
:
3. Customer generates the SBL tiimage file by using makefile_ccs_bootimage_gen. Is there some script available which can convert bin file to SBL secure boot image file?The gmake command is suppose to be an end-to-end automated setup which will build the SBL in encrypted format.
