• 状态 Resolved
  • 已锁定 已锁定
  • 回复 8 回复
  • 订户 0 订户
  • 视图 140 视图
  • 用户 0 会员在此处
选项
选项
相关

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[参考译文] AM62P:如何使用我的个人密钥

admin
Guru**** 2422790 points


请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1503612/am62p-how-use-my-personal-keys

部件号:AM62P

工具/软件:

大家好、团队 

a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -g
Generating keys in PKCS#1 Format!!
a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -t  -b keys/v15/bmpk.pem \
--bmek keys/bmek.key -b-wp --bmek-wp -s keys/v15/smpk.pem \
--smek keys/smek.key -s-wp --smek-wp
ERR: -b doesn't exist. 
a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh   -b keys/v15/bmpk.pem --bmek keys/bmek.key -b-wp --bmek-wp -s keys/v15/smpk.pem --smek keys/smek.key -s-wp --smek-wp
ERR: TIFEK Public Key is required!!

我想使用自己的密钥来确保启动安全。 但我不确定我使用哪种通信。

另外、如果我输入密钥  sbl_keywriter/scripts/cert_gen/am62px/keys  文件夹"中所述、 下面的命令将生成随机密钥用于中的测试 sbl_keywriter/scripts/cert_gen/am62px/keys 文件夹 "、如何填充 devconfig.mak 路径。 

else ifeq ($(DEVICE),am62px)
    CUST_MPK=$(SIGNING_TOOL_PATH)/custMpk_am62px.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am62px.txt
else
    CUST_MPK=$(SIGNING_TOOL_PATH)/custMpk_am64x_am243x.pem
    CUST_MEK=$(SIGNING_TOOL_PATH)/custMek_am64x_am243x.txt
endif

# Encryption option for application (yes/no)
ENC_ENABLED?=no

# Encryption option for SBL (yes/no)
ENC_SBL_ENABLED?=yes

# Debug option for HS (yes/no)
DBG_ENABLED?=no

感谢您的支持。

此致、Kong XiangXu

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    Unknown 说:
    我想使用自己的密钥来确保启动安全。 但我不确定我使用的是哪种通信。

    请使用以下所用的相同命令 、并根据需要修改密钥的路径:

    https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1498468/am62p-secure-boot-keywrite/5763861#5763861

    Unknown 说:
    如何填写 devconfig.mak 路径。

    将 CUST_MPK 和 CUST_MEK 变量修改到编程键的路径。

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    我不知道如何生成我自己的密钥。

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    a@abc:~/ti/mcu_plus_sdk_am62px_09_01_00_39 (copy)/source/security/sbl_keywriter/scripts/cert_gen/am62px ./ gen_keywr_cert.sh -g

    此命令在"密钥"文件夹中生成自定义密钥。

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    a@abc:~/ti/mcu_plus_sdk_am62px_10_00_00_14/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -g
Generating keys in PKCS#1 Format!!
a@abc:~/ti/mcu_plus_sdk_am62px_10_00_00_14/source/security/sbl_keywriter/scripts/cert_gen/am62px$ ./gen_keywr_cert.sh -t tifek/SR_10/ti_fek_public.pem -b keys/v15/bmpk.pem --bmek keys/bmek.key -s keys/v15/smpk.pem --smek keys/smek.key --keycnt 2 --keyrev 1
# Using Key Count: 0x00000003
# Using Key Rev: 0x00000001
Generating Dual PKCS#1v1.5 signed certificate!!
GEN: AES256 key generated, since not provided
# encrypt aes256 key with tifek public part
# encrypt SMPK-priv signed aes256 key(hash) with tifek public part
# encrypt smpk-pub hash using aes256 key
# encrypt smek (sym key) using aes256 key
# encrypt BMPK-priv signed aes256 key(hash) with tifek public part
# encrypt bmpk-pub hash using aes256 key
# encrypt bmek (sym key) using aes256 key
1668 secondary_cert.bin
5383 primary_cert.bin
7051 ../x509cert/final_certificate.bin
# SHA512 Hashes of keys are stored in verify_hash.csv for reference..

    我是否应该在此处使用-t tifek/SR_10/ti_fek_public.pem?

    如何生成像 custMek_am62px.txt 这样的 txt 文件?

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    Unknown 说:
    1.我是否应该在此处使用-t tifek/sr_10/ti_fek_public.pem?

    是的、是必需的。

    Unknown 说:
    2.如何生成像 custMek_am62px.txt 这样的 txt 文件?

    您可以使用以下命令将加密密钥转换为 MCU+ SDK 预期的格式: 

    ❯ xxd -p -c 10000 smek.key | tr -d $'\n' | tee smek.txt

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。
    a@abc:~/ti/mcu_plus_sdk_am62px_10_00_00_14/source/security/sbl_keywriter/scripts/cert_gen/am62px ./gen_keywr_cert.sh -t tifek/sr_10/ti_fek_public.pem -b keys/v15/bmpk.pem --bmek keys/bmek.key -s keys/v15/smpk.pem --smek keys/smek.key --keycnt 2 --keyrev 1.

    您是否按照该日志中的建议为 Keywriter 使用了 SDK v10.0?

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    Drivers_open()

SYSFW Firmware Version 10.0.8--v10.00.08 (Fiery Fox)
SYSFW Firmware revision 0xa
SYSFW ABI revision 4.0

Sciclient_getVersionCheck(1)
Bootloader_Handle bootHandleLinux
Bootloader_Params_init
Bootloader_BootImageInfo_init(&bootImageInfoLinux);
noOfFiles < BOOTLOADER_SD_MAX_NO_OF_FILES
pp_OpenloadableImage(pFiles[noOfFiles]) == SystemP_SUCCESS
bootHandle = Bootloader_open(CONFIG_BOOTLOADER_APP, &bootParams);
bootHandle != NULL
in  Bootloader_getMulticoreImageSize

--- Bootloader Configuration ---
bootMedia:        0xB0070001
bootImageSize:    0 bytes
coresPresentMap:  0x00000000
enableDma:        false
scratchMemPtr:    00000000
socCoreOpMode:    43C275D4
fxns:             43C27064
args:             43C27504

Core Presence Map Interpretation:

--- Bootloader Configuration ---
bootMedia:        0xB0070001
bootImageSize:    0 bytes
coresPresentMap:  0x00000000
enableDma:        false
scratchMemPtr:    00000000
socCoreOpMode:    43C275D4
fxns:             43C27064
args:             43C27504

Core Presence Map Interpretation:
Multicore image size: 0 bytes
Bootloader_Config *bootConfig;
bootConfig->coresPresentMap = 0;
  before Check if the certificate length is within valid range
  after Check if the certificate length is within valid range
  struct tisci_msg_proc_auth_boot_req authReq;
 Sciclient_procBootAuthAndStart(&authReq, SystemP_WAIT_FOREVER);0
  after Bootloader_socAuthImage(certLoadAddr);
Bootloader_parseMultiCoreAppImage
(SystemP_SUCCESS == status) && (TRUE == Bootloader_isCorePresent(bootHandle, CSL_CORE_ID_MCU_R5FSS0_0)
Bootloader_loadCpu(bootHandle, &(bootImageInfo->cpuInfo[CSL_CORE_ID_MCU_R5FSS0_0]));
Image loading status: 0
status = App_loadImages(bootHandle, &bootImageInfo);
noOfFiles++;
noOfFiles < BOOTLOADER_SD_MAX_NO_OF_FILES
pp_OpenloadableImage(pFiles[noOfFiles]) == SystemP_SUCCESS
bootHandle = Bootloader_open(CONFIG_BOOTLOADER_APP, &bootParams);
bootHandle != NULL
in  Bootloader_getMulticoreImageSize

--- Bootloader Configuration ---
bootMedia:        0xB0070001
bootImageSize:    57920 bytes
coresPresentMap:  0x00000001
enableDma:        false
scratchMemPtr:    00000000
socCoreOpMode:    43C275D4
fxns:             43C27064
args:             43C27504

Core Presence Map Interpretation:
  Core 0: Present

--- Bootloader Configuration ---
bootMedia:        0xB0070001
bootImageSize:    57920 bytes
coresPresentMap:  0x00000001
enableDma:        false
scratchMemPtr:    00000000
socCoreOpMode:    43C275D4
fxns:             43C27064
args:             43C27504

Core Presence Map Interpretation:
  Core 0: Present
Multicore image size: 57920 bytes
Bootloader_Config *bootConfig;
bootConfig->coresPresentMap = 0;
  before Check if the certificate length is within valid range
  after Check if the certificate length is within valid range
  struct tisci_msg_proc_auth_boot_req authReq;
 Sciclient_procBootAuthAndStart(&authReq, SystemP_WAIT_FOREVER);0
  after Bootloader_socAuthImage(certLoadAddr);
Bootloader_parseMultiCoreAppImage
Bootloader_loadSelfCpu(bootHandle, &(bootImageInfo->cpuInfo[CSL_CORE_ID_WKUP_R5FSS0_0]));
Bootloader_profileAddProfilePoint(App_loadImages(CSL_CORE_ID_WKUP_R5FSS0_0));
Image loading status: 0
status = App_loadImages(bootHandle, &bootImageInfo);
noOfFiles++;
if(App_OpenloadableImage(BOOTLOADER_SD_A53_APPIMAGE_FILENAME) == SystemP_SUCCESS)
SystemP_SUCCESS == status A1
bootHandleLinux != NUL
in  Bootloader_getMulticoreImageSize

--- Bootloader Configuration ---
bootMedia:        0xB0070001
bootImageSize:    283248 bytes
coresPresentMap:  0x00000002
enableDma:        false
scratchMemPtr:    00000000
socCoreOpMode:    43C275D4
fxns:             43C27064
args:             43C27504

Core Presence Map Interpretation:
  Core 1: Present

--- Bootloader Configuration ---
bootMedia:        0xB0070001
bootImageSize:    283248 bytes
coresPresentMap:  0x00000002
enableDma:        false
scratchMemPtr:    00000000
socCoreOpMode:    43C275D4
fxns:             43C27064
args:             43C27504

Core Presence Map Interpretation:
  Core 1: Present
appImageSize+=Bootloader_getMulticoreImageSize(bootHandleLinux);
  before Check if the certificate length is within valid range
  after Check if the certificate length is within valid range
  struct tisci_msg_proc_auth_boot_req authReq;
 Sciclient_procBootAuthAndStart(&authReq, SystemP_WAIT_FOREVER);0
  after Bootloader_socAuthImage(certLoadAddr);
status = Bootloader_parseMultiCoreAppImage(bootHandle, bootImageInfo);
bootImageInfo->cpuInfo[CSL_CORE_ID_A53SS0_0].clkHz = Bootloader_socCpuGetClkDefault(CSL_CORE_ID_A53SS0_0);
 Bootloader_loadCpu(bootHandle, &(bootImageInfo->cpuInfo[CSL_CORE_ID_A53SS0_0]));0
status = App_loadLinuxImages(bootHandleLinux, &bootImageInfoLinux);
 Bootloader_profileAddProfilePoint(App_loadLinuxImages);
 status = SOC_moduleClockEnable(TISCI_DEV_MMCSD1, 0);Bootloader_profileUpdateAppimageSize(appImageSize);
 SystemP_SUCCESS == status A2
[BOOTLOADER_PROFILE] Boot Media       : SD Card
[BOOTLOADER_PROFILE] Boot Image Size  : 333 KB
[BOOTLOADER_PROFILE] Cores present    :
mcu-r5f0-0
wkup-r5f0-0
a530-0
[BOOTLOADER PROFILE] System_init                      :      25696us
[BOOTLOADER PROFILE] Drivers_open                     :       2889us
[BOOTLOADER PROFILE] Board_driversOpen                :       1464us
[BOOTLOADER PROFILE] Sciclient Get Version            :      10171us
[BOOTLOADER PROFILE] App_loadImages(CSL_CORE_ID_WKUP_R5FSS0_0) :     821231us
[BOOTLOADER PROFILE] App_loadLinuxImages              :     504863us
[BOOTLOADER_PROFILE] SBL Total Time Taken             :    1366316us

Image loading done, switching to application ...
Starting linux and RTOS/Baremetal applications
  int32_t status = SystemP_FAILURE;
  SOC_unlockAllMMR();17:14
  Value of socCpuCores[CSL_CORE_ID_A53SS0_0]: 1
  if(socCpuCores[CSL_CORE_ID_A53SS0_0] == BOOTLOADER_SD_APP_IMAGE_LOADED)
  statuNOTICEs:  B L31:= v2. 10.0(reBleasoe):v2o.10.t0-367-gl00of1ec6b8a7-dirty
NOTdICE:  BeL3r1:_ Built : 16r:09:05,u Fenb  9C 2024
pu(bootHandle, &bootCpuInfo[CSL_CORE_ID_A53SS0_0]);
 status = App_runLinuxCpu(bootHandleLinux, &bootImageInfoLinux);0
Bootloader_close(bootHandleLinux);
 status = App_runCpus(bootHandle);

U-Boot SPL 2024.04-ti-gfda88f8bcea3 (Jul 26 2024 - 11:00:12 +0000)
SYSFW ABI: 4.0 (firmware rev 0x000a '10.0.8--v10.00.08 (Fiery Fox)')
SPL initial stack usage: 1904 bytes
Trying to boot from MMC2
i2c_write: error waiting for data ACK (status=0x116)
pca953x gpio@22: Error reading output register
ti_sci system-controller@44043000: Message not acknowledged
Authentication failed!
### ERROR ### Please RESET the board ###

    是的、我做到了。 我修复了这个问题并获得了这个输出。

  • 0
    TI__Guru**** 2422790 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    我认为您能够成功地对自定义密钥进行编程!

    对于最新的问题、请查看以下解决方法是否有帮助:

    software-dl.ti.com/.../UG-Memory.html