SPRAD04 January   2022 TDA4VH-Q1 , TDA4VM , TDA4VM-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2TIDK Device Verification
    1. 2.1 Sign and Encrypt Second BootLoader (SBL)
    2. 2.2 Sign and Encrypt System Image
  4. 3Keys Programming
    1. 3.1 Install Keywriter
    2. 3.2 Keys Generation
    3. 3.3 Build Keywriter Application
    4. 3.4 Program Keys in HS-FS Device
  5. 4Key Programming Verification
  6. 5Building and Booting on HS Devices Using Linux SDK
  7. 6Summary

4 Key Programming Verification

After programing the key into eFuse, the customer can verify the programming result and check the device status through the following steps before start production in the factory:

  1. Configure boot mode of the board to UART boot and connect second MCU UART serial port of the board to the host PC, refer to the EVM Setup for J721E, and power on the EVM.
  2. The terminal prints some log as shown below. You need to remove the extra CCC at the end and save as a log file.
    # cat default_uart_hs.log
02000000011a00006a376573000000000000000048535345020001000200010002a600000100010033c74f0c8631aa67a56d53b06f250d75cb2a9cf7a52d6eb5e21b5e824250d7e09c22d997f09dc9389ecaa3f7d2b64d3a76d6163aa09e928ea050e1da9550
7e661f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527df02f2a23c0ed9d5fcf6dfb3a097ee4207cb1e2a5956e07ba144b73fe71143982
  3. Copy the following code and save it as a python file, which is used to parse the log in step 2.
    #!/usr/bin/env python3
import binascii
import struct
import string
import sys
filename=sys.argv[1]
fp = open(filename, 'rt')
lines= fp.readlines()
fp.close()
bin_arr = [ binascii.unhexlify(x.rstrip()) for x in lines ]
bin_str = b"".join(bin_arr)
pubInfoStr='BB2B12B4B4B4B'
secInfoStr='BBHHH64B64B32B'
numBlocks = list(struct.unpack('I', bin_str[0:4]))
pubROMInfo = struct.unpack(pubInfoStr, bin_str[4:32])
if numBlocks > 1:
    secROMInfo = struct.unpack(secInfoStr, bin_str[32:200])
print ('-----------------------')
print ('SoC ID Header Info:')
print ('-----------------------')
print "NumBlocks            :", numBlocks
print ('-----------------------')
print ('SoC ID Public ROM Info:')
print ('-----------------------')
print "SubBlockId           :", pubROMInfo[0]
print "SubBlockSize         :", pubROMInfo[1]
tmpList = list(pubROMInfo[4:15])
hexList = [hex(i) for i in tmpList]
deviceName = ''.join(chr(int(c, 16)) for c in hexList[0:])
print "DeviceName           :", deviceName
tmpList = list(pubROMInfo[16:20])
hexList = [hex(i) for i in tmpList]
deviceType = ''.join(chr(int(c, 16)) for c in hexList[0:])
print "DeviceType           :", deviceType
dmscROMVer = list(pubROMInfo[20:24])
dmscROMVer.reverse()
print "DMSC ROM Version     :", dmscROMVer
r5ROMVer = list(pubROMInfo[24:28])
r5ROMVer.reverse()
print "R5 ROM Version       :", r5ROMVer
print ('-----------------------')
print ('SoC ID Secure ROM Info:')
print ('-----------------------')
print "Sec SubBlockId       :", secROMInfo[0]
print "Sec SubBlockSize     :", secROMInfo[1]
print "Sec Prime            :", secROMInfo[2]
print "Sec Key Revision     :", secROMInfo[3]
print "Sec Key Count        :", secROMInfo[4]
tmpList = list(secROMInfo[5:69])
tiMPKHash = ''.join('{:02x}'.format(x) for x in tmpList)
print "Sec TI MPK Hash      :", tiMPKHash
tmpList = list(secROMInfo[69:133])
custMPKHash = ''.join('{:02x}'.format(x) for x in tmpList)
print "Sec Cust MPK Hash    :", custMPKHash
tmpList = list(secROMInfo[133:167])
uID = ''.join('{:02x}'.format(x) for x in
print "Sec Unique ID        :", uID
  4. Use the following command to parse the log after getting the above two files. The parsed information is as shown:
    # python uart_boot_socid.py default_uart_hs.log
-----------------------
SoC ID Header Info:
-----------------------
NumBlocks            : [2]
-----------------------
SoC ID Public ROM Info:
-----------------------
SubBlockId           : 1
SubBlockSize         : 26
DeviceName           : j7es
DeviceType           : HSSE
DMSC ROM Version     : [0, 1, 0, 2]
R5 ROM Version       : [0, 1, 0, 2]
-----------------------
SoC ID Secure ROM Info:
-----------------------
Sec SubBlockId       : 2
Sec SubBlockSize     : 166
Sec Prime            : 0
Sec Key Revision     : 1
Sec Key Count        : 1
Sec TI MPK Hash      : 33c74f0c8631aa67a56d53b06f250d75cb2a9cf7a52d6eb5e21b5e824250d7e09c22d997f09dc9389ecaa3f7d2b64d3a76d6163aa09e928ea050e1da95507e66
Sec Cust MPK Hash    : 1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d
Sec Unique ID        : f02f2a23c0ed9d5fcf6dfb3a097ee4207cb1e2a5956e07ba144b73fe71143982

The log reports the device type has already been converted to HS-SE, and also both Key Revision and Key Count are 1, which means only programing and using SMPK, not BMPK. While the customer SMPK Hash value can be obtained through the log, the customer can use the following method to check the consistency with the customer own key.

# openssl rsa -in k3_dev_mpk.pem -pubout -outform DER -out /tmp/k3_dev_mpk_pub.der
writing RSA key
# sha512sum /tmp/k3_dev_mpk_pub.der
1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d  /tmp/k3_dev_mpk_pub.der

After comparison, the hash value of the key customer programmed is exactly the same as the hash value read out from the device. So, we can verify the device has been successfully converted to HS-SE according to the specific customer key.