Booting Tools

Table of Contents

• Introduction
• Important files and folders
• Signing Scripts

Note

To see the exact sequence of steps in which applications are converted from compiler generated .out files to boot images, see the makefile makefile_ccs_bootimage_gen that is included in every example CCS project.

If you are using makefile based build, then see the file named makefile in the example folder.

Introduction

This section describes the various tools that are used to create boot images for all the SDK applications

Important files and folders

Folder/Files	Description
${SDK_INSTALL_PATH}/tools/boot/
signing/	Security signing scripts need to create boot images that can be booted by ROM bootloader (RBL)

Signing Scripts

• To run these scripts, one needs openssl installed as mentioned here, OpenSSL
• Signing scripts are a collection of scripts needed to sign ROM images (image booted by ROM - application images).
• The RBL requires the boot image, to be signed always, even if we are not using secure boot.
• We follow a combined boot method for ROM images. Here the ROM Bootloader (RBL) boots the application image, SYSFW and BOARDCFG together. The boot image would be a binary concatenation of x509 Certificate, SBL, SYSFW, BOARDCFG (and the SYSFW inner certificate in case of HS device) binary blobs. We use a python script to generate this final boot image. This script has a dependency on openssl as mentioned before, so make sure you've installed it. To generate a combined boot image, one can do as below:
• We have to pass the HS SYSFW binaries along with the SYSFW inner certificate to the signing script. The ATF binary is also sent to the script.

  cd ${SDK_INSTALL_PATH}/tools/boot/signing
  $(PYTHON) rom_image_gen.py --swrv 1 --sbl-bin <path-to-atf-binary> --sysfw-bin <path-to-sysfw-binary> --sysfw-inner-cert <path-to-sysfw-inner-cert-binary> --boardcfg-blob <path-to-boardcfg-binary-blob> --application-bin <path-to-application-binary> --sbl-loadaddr $(ATF_LOAD_ADDR) --sysfw-loadaddr $(SYSFW_LOAD_ADDR) --bcfg-loadaddr $(BOARDCFG_LOAD_ADDR) --application-loadaddr $(APPLICATION_LOAD_ADDRESS) --key $(BOOTIMAGE_CERT_KEY) --rom-image <path-to-output-image> --dual-stage-boot yes

• These scripts are invoked in makefiles, and the image generation happens automatically along with the example build. So mostly these scripts need not be manually run.
  • Here,
    • ATF_LOAD_ADDR is 0x80000000
    • APPLICATION_LOAD_ADDRESS is 0x82000000
    • In the case of HS device, BOOTIMAGE_CERT_KEY is custMpk_am62lx .pem.

These scripts are invoked in makefiles, and the image generation happens automatically along with the example build. So mostly these scripts need not be manually run. If the user build-system is different from TI's makefile system, it needs to be ensured that the same is followed as part of the post build steps.