This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[参考译文] AM62P:如何使用我的个人密钥

Guru**** 2379760 points
请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1503612/am62p-how-use-my-personal-keys

部件号:AM62P

工具/软件:

大家好、团队

a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -g
Generating keys in PKCS#1 Format!!
a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -t  -b keys/v15/bmpk.pem \
--bmek keys/bmek.key -b-wp --bmek-wp -s keys/v15/smpk.pem \
--smek keys/smek.key -s-wp --smek-wp
ERR: -b doesn't exist. 
a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh   -b keys/v15/bmpk.pem --bmek keys/bmek.key -b-wp --bmek-wp -s keys/v15/smpk.pem --smek keys/smek.key -s-wp --smek-wp
ERR: TIFEK Public Key is required!!

我想使用自己的密钥来确保启动安全。 但我不确定我使用哪种通信。

另外、如果我输入密钥  sbl_keywriter/scripts/cert_gen/am62px/keys  文件夹"中所述、 下面的命令将生成随机密钥用于中的测试 sbl_keywriter/scripts/cert_gen/am62px/keys 文件夹 "、如何填充 devconfig.mak 路径。

else ifeq ($(DEVICE),am62px)
    CUST_MPK=$(SIGNING_TOOL_PATH)/custMpk_am62px.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am62px.txt
else
    CUST_MPK=$(SIGNING_TOOL_PATH)/custMpk_am64x_am243x.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am64x_am243x.txt
endif

# Encryption option for application (yes/no)
ENC_ENABLED?=no

# Encryption option for SBL (yes/no)
ENC_SBL_ENABLED?=yes

# Debug option for HS (yes/no)
DBG_ENABLED?=no

感谢您的支持。

此致、Kong XiangXu

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    Unknown 说:
    我想使用自己的密钥来确保启动安全。 但我不确定我使用的是哪种通信。

    请使用以下所用的相同命令 、并根据需要修改密钥的路径:

    https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1498468/am62p-secure-boot-keywrite/5763861#5763861

    Unknown 说:
    如何填写 devconfig.mak 路径。

    将 CUST_MPK 和 CUST_MEK 变量修改到编程键的路径。

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    我不知道如何生成我自己的密钥。

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px ./ gen_keywr_cert.sh -g 

    此命令在"密钥"文件夹中生成自定义密钥。

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    a@abc:~/ti/mcu_plus_sdk_am62px_10_00_00_14/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -g
    Generating keys in PKCS#1 Format!!
    a@abc:~/ti/mcu_plus_sdk_am62px_10_00_00_14/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -t tifek/SR_10/ti_fek_public.pem -b keys/v15/bmpk.pem --bmek keys/bmek.key -s keys/v15/smpk.pem --smek keys/smek.key --keycnt 2 --keyrev 1
    # Using Key Count: 0x00000003
    # Using Key Rev: 0x00000001
    Generating Dual PKCS#1v1.5 signed certificate!!
    GEN: AES256 key generated, since not provided
    # encrypt aes256 key with tifek public part
    # encrypt SMPK-priv signed aes256 key(hash) with tifek public part
    # encrypt smpk-pub hash using aes256 key
    # encrypt smek (sym key) using aes256 key
    # encrypt BMPK-priv signed aes256 key(hash) with tifek public part
    # encrypt bmpk-pub hash using aes256 key
    # encrypt bmek (sym key) using aes256 key
    1668 secondary_cert.bin
    5383 primary_cert.bin
    7051 ../x509cert/final_certificate.bin
    # SHA512 Hashes of keys are stored in verify_hash.csv for reference..
    
    
    

    我是否应该在此处使用-t tifek/SR_10/ti_fek_public.pem?

    如何生成像 custMek_am62px.txt 这样的 txt 文件?

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    1.我是否应该在此处使用-t tifek/sr_10/ti_fek_public.pem?

    是的、是必需的。

    2.如何生成像 custMek_am62px.txt 这样的 txt 文件?

    您可以使用以下命令将加密密钥转换为 MCU+ SDK 预期的格式:

    ❯ xxd -p -c 10000 smek.key | tr -d $'\n' | tee smek.txt
    

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    a@abc:~/ti/mcu_plus_sdk_am62px_10_00_00_14/source/security/sbl_keywriter/scripts/cert_gen/am62px ./gen_keywr_cert.sh -t tifek/sr_10/ti_fek_public.pem -b keys/v15/bmpk.pem --bmek keys/bmek.key -s keys/v15/smpk.pem --smek keys/smek.key --keycnt 2 --keyrev 1. 

    您是否按照该日志中的建议为 Keywriter 使用了 SDK v10.0?

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    Drivers_open()
    
    SYSFW Firmware Version 10.0.8--v10.00.08 (Fiery Fox)
    SYSFW Firmware revision 0xa
    SYSFW ABI revision 4.0
    
    Sciclient_getVersionCheck(1)
    Bootloader_Handle bootHandleLinux
    Bootloader_Params_init
    Bootloader_BootImageInfo_init(&bootImageInfoLinux);
    noOfFiles < BOOTLOADER_SD_MAX_NO_OF_FILES
    pp_OpenloadableImage(pFiles[noOfFiles]) == SystemP_SUCCESS
    bootHandle = Bootloader_open(CONFIG_BOOTLOADER_APP, &bootParams);
    bootHandle != NULL
    in  Bootloader_getMulticoreImageSize
    
    --- Bootloader Configuration ---
    bootMedia:        0xB0070001
    bootImageSize:    0 bytes
    coresPresentMap:  0x00000000
    enableDma:        false
    scratchMemPtr:    00000000
    socCoreOpMode:    43C275D4
    fxns:             43C27064
    args:             43C27504
    
    Core Presence Map Interpretation:
    
    --- Bootloader Configuration ---
    bootMedia:        0xB0070001
    bootImageSize:    0 bytes
    coresPresentMap:  0x00000000
    enableDma:        false
    scratchMemPtr:    00000000
    socCoreOpMode:    43C275D4
    fxns:             43C27064
    args:             43C27504
    
    Core Presence Map Interpretation:
    Multicore image size: 0 bytes
    Bootloader_Config *bootConfig;
    bootConfig->coresPresentMap = 0;
      before Check if the certificate length is within valid range
      after Check if the certificate length is within valid range
      struct tisci_msg_proc_auth_boot_req authReq;
     Sciclient_procBootAuthAndStart(&authReq, SystemP_WAIT_FOREVER);0
      after Bootloader_socAuthImage(certLoadAddr);
    Bootloader_parseMultiCoreAppImage
    (SystemP_SUCCESS == status) && (TRUE == Bootloader_isCorePresent(bootHandle, CSL_CORE_ID_MCU_R5FSS0_0)
    Bootloader_loadCpu(bootHandle, &(bootImageInfo->cpuInfo[CSL_CORE_ID_MCU_R5FSS0_0]));
    Image loading status: 0
    status = App_loadImages(bootHandle, &bootImageInfo);
    noOfFiles++;
    noOfFiles < BOOTLOADER_SD_MAX_NO_OF_FILES
    pp_OpenloadableImage(pFiles[noOfFiles]) == SystemP_SUCCESS
    bootHandle = Bootloader_open(CONFIG_BOOTLOADER_APP, &bootParams);
    bootHandle != NULL
    in  Bootloader_getMulticoreImageSize
    
    --- Bootloader Configuration ---
    bootMedia:        0xB0070001
    bootImageSize:    57920 bytes
    coresPresentMap:  0x00000001
    enableDma:        false
    scratchMemPtr:    00000000
    socCoreOpMode:    43C275D4
    fxns:             43C27064
    args:             43C27504
    
    Core Presence Map Interpretation:
      Core 0: Present
    
    --- Bootloader Configuration ---
    bootMedia:        0xB0070001
    bootImageSize:    57920 bytes
    coresPresentMap:  0x00000001
    enableDma:        false
    scratchMemPtr:    00000000
    socCoreOpMode:    43C275D4
    fxns:             43C27064
    args:             43C27504
    
    Core Presence Map Interpretation:
      Core 0: Present
    Multicore image size: 57920 bytes
    Bootloader_Config *bootConfig;
    bootConfig->coresPresentMap = 0;
      before Check if the certificate length is within valid range
      after Check if the certificate length is within valid range
      struct tisci_msg_proc_auth_boot_req authReq;
     Sciclient_procBootAuthAndStart(&authReq, SystemP_WAIT_FOREVER);0
      after Bootloader_socAuthImage(certLoadAddr);
    Bootloader_parseMultiCoreAppImage
    Bootloader_loadSelfCpu(bootHandle, &(bootImageInfo->cpuInfo[CSL_CORE_ID_WKUP_R5FSS0_0]));
    Bootloader_profileAddProfilePoint(App_loadImages(CSL_CORE_ID_WKUP_R5FSS0_0));
    Image loading status: 0
    status = App_loadImages(bootHandle, &bootImageInfo);
    noOfFiles++;
    if(App_OpenloadableImage(BOOTLOADER_SD_A53_APPIMAGE_FILENAME) == SystemP_SUCCESS)
    SystemP_SUCCESS == status A1
    bootHandleLinux != NUL
    in  Bootloader_getMulticoreImageSize
    
    --- Bootloader Configuration ---
    bootMedia:        0xB0070001
    bootImageSize:    283248 bytes
    coresPresentMap:  0x00000002
    enableDma:        false
    scratchMemPtr:    00000000
    socCoreOpMode:    43C275D4
    fxns:             43C27064
    args:             43C27504
    
    Core Presence Map Interpretation:
      Core 1: Present
    
    --- Bootloader Configuration ---
    bootMedia:        0xB0070001
    bootImageSize:    283248 bytes
    coresPresentMap:  0x00000002
    enableDma:        false
    scratchMemPtr:    00000000
    socCoreOpMode:    43C275D4
    fxns:             43C27064
    args:             43C27504
    
    Core Presence Map Interpretation:
      Core 1: Present
    appImageSize+=Bootloader_getMulticoreImageSize(bootHandleLinux);
      before Check if the certificate length is within valid range
      after Check if the certificate length is within valid range
      struct tisci_msg_proc_auth_boot_req authReq;
     Sciclient_procBootAuthAndStart(&authReq, SystemP_WAIT_FOREVER);0
      after Bootloader_socAuthImage(certLoadAddr);
    status = Bootloader_parseMultiCoreAppImage(bootHandle, bootImageInfo);
    bootImageInfo->cpuInfo[CSL_CORE_ID_A53SS0_0].clkHz = Bootloader_socCpuGetClkDefault(CSL_CORE_ID_A53SS0_0);
     Bootloader_loadCpu(bootHandle, &(bootImageInfo->cpuInfo[CSL_CORE_ID_A53SS0_0]));0
    status = App_loadLinuxImages(bootHandleLinux, &bootImageInfoLinux);
     Bootloader_profileAddProfilePoint(App_loadLinuxImages);
     status = SOC_moduleClockEnable(TISCI_DEV_MMCSD1, 0);Bootloader_profileUpdateAppimageSize(appImageSize);
     SystemP_SUCCESS == status A2
    [BOOTLOADER_PROFILE] Boot Media       : SD Card
    [BOOTLOADER_PROFILE] Boot Image Size  : 333 KB
    [BOOTLOADER_PROFILE] Cores present    :
    mcu-r5f0-0
    wkup-r5f0-0
    a530-0
    [BOOTLOADER PROFILE] System_init                      :      25696us
    [BOOTLOADER PROFILE] Drivers_open                     :       2889us
    [BOOTLOADER PROFILE] Board_driversOpen                :       1464us
    [BOOTLOADER PROFILE] Sciclient Get Version            :      10171us
    [BOOTLOADER PROFILE] App_loadImages(CSL_CORE_ID_WKUP_R5FSS0_0) :     821231us
    [BOOTLOADER PROFILE] App_loadLinuxImages              :     504863us
    [BOOTLOADER_PROFILE] SBL Total Time Taken             :    1366316us
    
    Image loading done, switching to application ...
    Starting linux and RTOS/Baremetal applications
      int32_t status = SystemP_FAILURE;
      SOC_unlockAllMMR();17:14
      Value of socCpuCores[CSL_CORE_ID_A53SS0_0]: 1
      if(socCpuCores[CSL_CORE_ID_A53SS0_0] == BOOTLOADER_SD_APP_IMAGE_LOADED)
      statuNOTICEs:  B L31:= v2. 10.0(reBleasoe):v2o.10.t0-367-gl00of1ec6b8a7-dirty
    NOTdICE:  BeL3r1:_ Built : 16r:09:05,u Fenb  9C 2024
    pu(bootHandle, &bootCpuInfo[CSL_CORE_ID_A53SS0_0]);
     status = App_runLinuxCpu(bootHandleLinux, &bootImageInfoLinux);0
    Bootloader_close(bootHandleLinux);
     status = App_runCpus(bootHandle);
    
    U-Boot SPL 2024.04-ti-gfda88f8bcea3 (Jul 26 2024 - 11:00:12 +0000)
    SYSFW ABI: 4.0 (firmware rev 0x000a '10.0.8--v10.00.08 (Fiery Fox)')
    SPL initial stack usage: 1904 bytes
    Trying to boot from MMC2
    i2c_write: error waiting for data ACK (status=0x116)
    pca953x gpio@22: Error reading output register
    ti_sci system-controller@44043000: Message not acknowledged
    Authentication failed!
    ### ERROR ### Please RESET the board ###
    

    是的、我做到了。 我修复了这个问题并获得了这个输出。

  • 请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    我认为您能够成功地对自定义密钥进行编程!

    对于最新的问题、请查看以下解决方法是否有帮助:

    software-dl.ti.com/.../UG-Memory.html