8.8. FAQ - Running Apps on secure devices¶
8.8.1. Introduction¶
This note assume that reader is conversant in using General Purpose device and would like to switch to HS-SE device. As a precursor, it’s recommended to go over TIFS detailed in TIFS Documentation This document assumes an HS-ES device is being used
8.8.1.1. Device Types¶
Device Type | Variant | Comment |
General Purpose (GP) | NA | |
High Security (HS) | Field Securable (FS) | Would require additional steps before it can be used. Contact TI FAE supporting for details |
High Security (HS) | Security Enforced (SE) | Expected device type, that can host applications. Refereed as HS-SE |
8.8.1.2. JTAG Connectivity¶
JTAG cannot be connected to all compute cores, refer Secure Debug for details.
8.8.2. Signing¶
The applications that are expected to be hosted on compute cores and board configurations requires to be signed.
Refer To Sign Applications
- Signing PDK’s applications
- PDK’s build infrastructure supports signing of applications
- Manufacturer encryption keys is defined in (SDK_Install_Dir)/(pdk_version)/packages/ti/build/makerules/k3_dev_mek.txt
- Manufacturer private keys is defined in (SDK_Install_Dir)/(pdk_version)/packages/ti/build/makerules/k3_dev_mpk.pem
- Please update these files with specific your specific keys
8.8.3. Building PDK Applications¶
- PDK SBL : SBL should be built for secure devices
- Build using the command make sbl_(BOOT MEDIA)_img_hs BOARD=(DEVICE)_evm -sj
- e.g. 1 : make sbl_uart_img_hs BOARD=j721e_evm -sj to boot from UART
- e.g. 2 : make sbl_mmcsd_img_hs BOARD=j721e_evm -sj to boot from MMC/SD
- PDK examples : No specific commands are required
Follow steps detailed in module specific user guides
- Ensure to use (module example binary name).appimage.signed
- e.g. udma_memcpy_testapp_freertos_mcu1_0_release.appimage.signed
- e.g. MMCSD_TestApp_freertos_mcu1_0_release.appimage.signed
- TIFS : Use tifs for HS devices
tifs_sr1.1-hs-enc.bin
- available at (SDK_Install_Dir)/(pdk_version)/packages/ti/drv/sciclient/soc/Vx
- V1 for j721e
- tifs_sr1.1-hs-enc.bin sr1.1 refer to silicon ES 1.1
- Running PDK
- For the steps detailed in module specific user guides. No additional steps are required
8.8.4. References¶
- RTOS SDK Documentation
- RTOS SDK Component Documentation <https://software-dl.ti.com/jacinto7/esd/processor-sdk-rtos-jacinto7/latest/exports/docs/psdk_rtos/docs/user_guide/sdk_components_j721e.html#platform-development-kit-pdk>__
- TIFS Documentation
- To Sign Applications
- To Sign Board Configuration