SPRUJC1 April   2024

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Unlocking JTAG With Jacinto7 Security Enabled Devices
  5. 2Steps to Unlock JTAG for HSM Core With TRACE32
    1. 2.1 Modifying the SCI Client Default Security Board Configuration
      1. 2.1.1 PROCESSOR-SDK-RTOS
      2. 2.1.2 PROCESSOR-SDK-LINUX
    2. 2.2 Building the SCI Client Security Board Configuration
      1. 2.2.1 PROCESSOR-SDK-RTOS
      2. 2.2.2 PROCESSOR-SDK-LINUX
    3. 2.3 Modifying the Secondary Bootloader’s x509 Certificate
      1. 2.3.1 Windows Build Environment
      2. 2.3.2 Ubuntu Build Environment
    4. 2.4 Building the Secondary Bootloader
    5. 2.5 Verifying Secondary Bootloader and TIFS is Executing
    6. 2.6 Creating a Downloadable x509 Certificate With a Debug Extension
    7. 2.7 Execution of TRACE32 Unlock Script
    8. 2.8 Attaching to HSM Core With TRACE32

2.2.2 PROCESSOR-SDK-LINUX

In order to build the SCI Client Board Configuration with the SPL, navigate to the root of the U-boot tree within the PROCESSOR-SDK-LINUX. The root of the U-Boot tree is the top-level directory and can be identified by looking for the “MAINTAINTERS” file. For PROCESSOR-SDK-LINUX version 8.6 and less the following commands should be executed in a command prompt in order to rebuild the SPL and tiboot3.bin image:

export TI_SECURE_DEV_PKG=<path-to-board-support-directory>/core-secdev-k3

export PATH=$HOME/gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf/bin:$PATH

export PATH=$HOME/gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu/bin:$PATH

make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabihf- j721s2_hs_evm_r5_defconfig O=<output directory>/r5

make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabihf- O=<output directory>/r5

cd ../k3-image-gen-<version>

make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabihf- SOC=j721s2 HS=1 SW_REV=1 SBL=<output directory>/r5/spl/u-boot-spl.bin SYSFW_HS_PATH=<path to tisdk>/board-support/prebuilt-images/ti-fs-firmware-j721s2-hs-enc.bin SYSFW_HS_INNER_CERT_PATH=<path to tisdk>/board-support/prebuilt-images/ti-fs-firmware-j721s2-hs-cert.bin

As of PROCESSOR-SDK-LINUX version 9.0 and greater, the compilation of bootloader images will no longer require different defconfigs for GP and HS devices. Hence, the same build command will generate images of GP, HS-SE, and HS-FS devices. The following commands below should be executed in a command prompt when building the SPL and tiboot3.bin image.

export PATH=$HOME/gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf/bin:$PATH

export PATH=$HOME/gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu/bin:$PATH

make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabihf- j721s2_evm_r5_defconfig O=<output directory>/r5

make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabihf- O=<output directory>/r5 BINMAN_INDIRS=<path to tisdk>/board-support/prebuilt-images

Finally, the tiboot3-j721s2-hs-evm.bin file can be copied from <output directory/r5> directory to the boot partition of your SD card or programmed to a supported non-volatile boot media.

cp <output directory>/r5/ tiboot3-j721s2-hs-evm.bin /media/<xyz>/boot/tiboot3.bin
Note: The following link below contains a detailed description of the Security Board Configuration signing procedure: TISCI User Guide - Signing Board Configuration on HS devices.