SPRAD04 January   2022 TDA4VH-Q1 , TDA4VM , TDA4VM-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2TIDK Device Verification
    1. 2.1 Sign and Encrypt Second BootLoader (SBL)
    2. 2.2 Sign and Encrypt System Image
  4. 3Keys Programming
    1. 3.1 Install Keywriter
    2. 3.2 Keys Generation
    3. 3.3 Build Keywriter Application
    4. 3.4 Program Keys in HS-FS Device
  5. 4Key Programming Verification
  6. 5Building and Booting on HS Devices Using Linux SDK
  7. 6Summary

Sign and Encrypt System Image

The bootloader demonstration in the GP device can be found in CAN Response and Bootloader Demo Application. The required binaries to start up the system are shown in Table 2-1.

Table 2-1 Required Binaries to Start up the System
Image Needs to be Signed and Encrypted
System Architecture Boot RTOS on Multicore Boot Linux on A72 and RTOS on Other Cores Boot QNX on A72 and RTOS on Other Cores
Binaries tiboot3.bin
tifs.bin
app
lateapp1
lateapp2
lateapp3
tiboot3.bin
tifs.bin
app
lateapp1
lateapp2
atf_optee.appimage
tidtb_linux.appimage
tikernelimage_linux.appimage
tiboot3.bin
tifs.bin
app
lateapp1
lateapp2
atf_optee.appimage
ifs_qnx.appimage

The difference is the ATF (Arm Trusted Firmware) image, DTB (Device Tree Binary) image, and Linux kernel image should be signed and encrypted if running Linux in A72 core, and the file system does not need to be signed. Also, only ATF and IFS (Image FileSystem) images need to be signed, if implementing the QNX in A72 core.

For the binaries in Table 2-1, they can sign and encrypt by x509Certificate script in the default SDK using the following command.

# ${PSDKRA_PATH}/pdk/packages/ti/build/makerules/x509CertificateGen.sh -b binary_need_sign&encrypt -o signed_encrypted_binary -c R5 -l 0x0 -k ${PSDKRA_PATH}/pdk/packages/ti/build/makerules/k3_dev_mpk.pem -y ENCRYPT -e ${PSDKRA_PATH}/pdk/packages/ti/build/makerules/k3_dev_mek.txt  -d DEBUG -j DBG_FULL_ENABLE -m SPLIT_MODE

Except for SBL and system images, the TIFS also need to sign and encrypt by the TI dummy key. The TIFS signed with the TI dummy key already provided in SDK, can be used directly in the HS-SE-TIDK device.

$ cp ${PSDKRA_PATH}/pdk/packages/ti/drv/sciclient/soc/V1/tifs-hs-enc.bin   /media/user/boot/tifs.bin