SPRAD04 January 2022 TDA4VH-Q1 , TDA4VM , TDA4VM-Q1
After programing the key into eFuse, the customer can verify the programming result and check the device status through the following steps before start production in the factory:
# cat default_uart_hs.log
02000000011a00006a376573000000000000000048535345020001000200010002a600000100010033c74f0c8631aa67a56d53b06f250d75cb2a9cf7a52d6eb5e21b5e824250d7e09c22d997f09dc9389ecaa3f7d2b64d3a76d6163aa09e928ea050e1da9550
7e661f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527df02f2a23c0ed9d5fcf6dfb3a097ee4207cb1e2a5956e07ba144b73fe71143982
#!/usr/bin/env python3
import binascii
import struct
import string
import sys
filename=sys.argv[1]
fp = open(filename, 'rt')
lines= fp.readlines()
fp.close()
bin_arr = [ binascii.unhexlify(x.rstrip()) for x in lines ]
bin_str = b"".join(bin_arr)
pubInfoStr='BB2B12B4B4B4B'
secInfoStr='BBHHH64B64B32B'
numBlocks = list(struct.unpack('I', bin_str[0:4]))
pubROMInfo = struct.unpack(pubInfoStr, bin_str[4:32])
if numBlocks > 1:
secROMInfo = struct.unpack(secInfoStr, bin_str[32:200])
print ('-----------------------')
print ('SoC ID Header Info:')
print ('-----------------------')
print "NumBlocks :", numBlocks
print ('-----------------------')
print ('SoC ID Public ROM Info:')
print ('-----------------------')
print "SubBlockId :", pubROMInfo[0]
print "SubBlockSize :", pubROMInfo[1]
tmpList = list(pubROMInfo[4:15])
hexList = [hex(i) for i in tmpList]
deviceName = ''.join(chr(int(c, 16)) for c in hexList[0:])
print "DeviceName :", deviceName
tmpList = list(pubROMInfo[16:20])
hexList = [hex(i) for i in tmpList]
deviceType = ''.join(chr(int(c, 16)) for c in hexList[0:])
print "DeviceType :", deviceType
dmscROMVer = list(pubROMInfo[20:24])
dmscROMVer.reverse()
print "DMSC ROM Version :", dmscROMVer
r5ROMVer = list(pubROMInfo[24:28])
r5ROMVer.reverse()
print "R5 ROM Version :", r5ROMVer
print ('-----------------------')
print ('SoC ID Secure ROM Info:')
print ('-----------------------')
print "Sec SubBlockId :", secROMInfo[0]
print "Sec SubBlockSize :", secROMInfo[1]
print "Sec Prime :", secROMInfo[2]
print "Sec Key Revision :", secROMInfo[3]
print "Sec Key Count :", secROMInfo[4]
tmpList = list(secROMInfo[5:69])
tiMPKHash = ''.join('{:02x}'.format(x) for x in tmpList)
print "Sec TI MPK Hash :", tiMPKHash
tmpList = list(secROMInfo[69:133])
custMPKHash = ''.join('{:02x}'.format(x) for x in tmpList)
print "Sec Cust MPK Hash :", custMPKHash
tmpList = list(secROMInfo[133:167])
uID = ''.join('{:02x}'.format(x) for x in
print "Sec Unique ID :", uID
# python uart_boot_socid.py default_uart_hs.log
-----------------------
SoC ID Header Info:
-----------------------
NumBlocks : [2]
-----------------------
SoC ID Public ROM Info:
-----------------------
SubBlockId : 1
SubBlockSize : 26
DeviceName : j7es
DeviceType : HSSE
DMSC ROM Version : [0, 1, 0, 2]
R5 ROM Version : [0, 1, 0, 2]
-----------------------
SoC ID Secure ROM Info:
-----------------------
Sec SubBlockId : 2
Sec SubBlockSize : 166
Sec Prime : 0
Sec Key Revision : 1
Sec Key Count : 1
Sec TI MPK Hash : 33c74f0c8631aa67a56d53b06f250d75cb2a9cf7a52d6eb5e21b5e824250d7e09c22d997f09dc9389ecaa3f7d2b64d3a76d6163aa09e928ea050e1da95507e66
Sec Cust MPK Hash : 1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d
Sec Unique ID : f02f2a23c0ed9d5fcf6dfb3a097ee4207cb1e2a5956e07ba144b73fe71143982
The log reports the device type has already been converted to HS-SE, and also both Key Revision and Key Count are 1, which means only programing and using SMPK, not BMPK. While the customer SMPK Hash value can be obtained through the log, the customer can use the following method to check the consistency with the customer own key.
# openssl rsa -in k3_dev_mpk.pem -pubout -outform DER -out /tmp/k3_dev_mpk_pub.der
writing RSA key
# sha512sum /tmp/k3_dev_mpk_pub.der
1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d /tmp/k3_dev_mpk_pub.der
After comparison, the hash value of the key customer programmed is exactly the same as the hash value read out from the device. So, we can verify the device has been successfully converted to HS-SE according to the specific customer key.