SPRUJC1 April 2024
Now it is necessary to create a downloadable x509 certificate which contains an appropriately configured debug extension. An x509 configuration template does exist online and it's corresponding hyperlink is located at the end of this section. A x509 configuration template does exist online located in the following link: TISCI User Guide - X509 Configuration Template.
For reference, an x509 certificate’s fields have been explicitly configured for the unlocking of the HSM below:
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
dirstring_type = nobmp
[ req_distinguished_name ]
C = US
ST = SC
L = Dallas
O = Texas Instruments., Inc.
OU = PBU
CN = Albert
emailAddress = Albert@ti.com
[ v3_ca ]
basicConstraints = CA:true
1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
[ swrv ]
swrv= INTEGER:0
[ debug ]
debugUID = FORMAT:HEX,OCT:0000
debugType = INTEGER:5
coreDbgEn = INTEGER:0x010206070809
coreDbgSecEn = INTEGER:0x202180
After creating the “cert.txt” file with the appropriate x509 field for JTAG unlock as described above it is now necessary to execute the following OpenSSL signing script:
openssl req -new -x509 -key k3_dev_mpk.pem -nodes -outform der -out cert.bin -config cert.txt -sha512