SPRADN0 December   2024 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Programming Fundamentals
  5. 2Introduction
    1. 2.1 Hardware Security Module
    2. 2.2 ROM Bootloader
    3. 2.3 Combined Image with X.509 Certificate
  6. 3Flash Kernel Implementation
    1. 3.1 CPU1 Firmware Upgrade (HS-FS)
    2. 3.2 Key Provision (HS-FS to HS-KP)
    3. 3.3 CPU1 Secure Firmware Upgrade (HS-KP/SE to HS-SE)
    4. 3.4 HSM Firmware Upgrade (HS-KP/SE to HS-SE)
    5. 3.5 SECCFG Code Provisioning (HS-KP/SE to HS-SE)
  7. 4Host Application: UART Flash Programmer
    1. 4.1 Overview
    2. 4.2 Build UART Flash Programmer with Visual Studio
    3. 4.3 Build UART Flash Programmer with CMake
    4. 4.4 Packet Format
    5. 4.5 Kernel Commands
  8. 5Example Usage
    1. 5.1 Loading the Flash Kernel onto the Device
      1. 5.1.1 Hardware Setup
      2. 5.1.2 Running the UART Flash Programmer
    2. 5.2 CPU1 Device Firmware Upgrade (HS-FS only)
    3. 5.3 Convert HS-FS to HS-SE
    4. 5.4 Loading a RAM-based HSMRt Image
    5. 5.5 Key Provision (HS-FS to HS-KP)
    6. 5.6 Code Provision (HS-KP/SE to HS-SE)
  9. 6Troubleshooting
    1. 6.1 General
    2. 6.2 UART Boot
    3. 6.3 Application Load
  10. 7Summary
  11. 8References

5.5 Key Provision (HS-FS to HS-KP)

As aforementioned, Key Provision permanently converts HS-FS device to HS-KP by supplying a user key certificate to replace the default TI-provided key certificate.

The process on the Flash Programmer is as follows:

  • Start the flash programmer, wait for flash kernel to be downloaded onto the device and prompts the user with options listed in Figure 6-1.
  • Select Load HSMRt Image (option 2), wait until completion.
  • Select Load HSM keys (option 3), wait until completion.
  • Perform a power-on reset.

In this process, HSMRt can use the default TI-signed key certificate as the device is still in HS-FS. Flash kernel won't be authenticated in HS-FS so any certificate suffice, and the HSM key certificate need to be signed by a custom key.

The necessary parameters are -d (--device), -p (--port), -k (--kernel), -r (--hsmrt), -f (--hsmkeys).

For instance:

uart_flash_programmer.exe -d f29h85x -p COM41 --kernel ex3_uart_flash_kernel.bin --hsmrt HSM_runtimeImage.bin --hsmkeys HSM_customKeyCert.bin

For procedures and important notes on building the flash kernel, refer to Section 3.2.