Run time read/write to KEYREV and SWREV

Note

This document is only applicable to AM6x, AM65x, J721e, and J7200 High Security (HS) devices.

OTP Revision Structure

OTP Revision Name Number of bits (with double redundancy) Format
Software Revision (SBL + SYSFW) 192 (96 + 96) (sbl[31:0] | sysfw[15:0] | sbl[47:31] | sysfw[47:16])  |  (sbl[31:0] | sysfw[15:0] | sbl[47:31] | sysfw[47:16])
Software Revision (Board Config) 128 (64 + 64) (swrev-brdcfg[31:0] | swrev-brdcfg[63:32]) | (swrev-brdcfg[31:0] | swrev-brdcfg[63:32])
Key Revision 32 (only LSB 16 (8 + 8) are used) 0x0000 | keyrev[7:0] | keyrev[7:0]

Note

Copy in the efuses, helps to reduce the chances of data corruption.

All the revision values are encoded to the following bit pattern, before being programmed into efuses. The integer value (SWREV) translates into the bit position (starting from index 1 instead of 0) of the most significant 1 in its binary representation.

Warning

The decoding of the SWREV (SYSFW, SBL) has to be done from the MMRs by the user. The application is responsible to read these values from the Secure MMRs.

Note

Example: A SWREV value of 3 would translate to the following bit pattern 0b 0000 0000 0000 0000 0000 0000 0000 0111. It could also be represented as 0b 0000 0000 0000 0000 0000 0000 0000 0100. The position of the most significant 1 is the SWREV value.

SWREV SBL, SYSFW Decode Logic

SWREV SBL and SWREV SYSFW are clubbed together, and programmed into efuses.

Reading from Secure MMRs would result in an array of uint32_t, of size 6.

../_images/swrev_sbl_sysfw_format.png

Following logic can be used to decode the SWREV values from MMRs.

/* Leverage Double Redundancy */
row[0] |= row[3];
row[1] |= row[4];
row[2] |= row[5];

if( row[1] & 0xFFFF == 0) {
    swrev_sbl = 32 - __clz(row[0]);
}else {
    swrev_sbl = 32 + 32 - __clz(row[1] & 0xFFFF);
}

if( row[2] == 0 ) {
    swrev_sysfw = 16 - __clz(row[1] & 0xFFFF0000);
}else {
    swrev_sysfw = 16 + 32 - __clz(row[2]);
}

__clz is a function to count leading zeros. It is a compiler intrinsic function, but the following code snippet also gives the same result

uint32_t count_leading_zeros(uint32_t x) {
    uint32_t bit_count = 0, lz = 0;

    bit_count = sizeof(x)*8;

    /* Left shift until Most significant bit doesn become 1 */
    while( (x & (1 << (bit_count - 1))) != 0) {
        x <<= 1;
        lz++;
    }

    return lz;
}

Dual Signed Certificate for writing KEYREV

The message structure for tisci_msg_set_keyrev_req requires the keyrev value to be programmed, as well the address where the Dual signed certificate is stored. This is will be used by the System Firmware to verify against SMPK Public Key Hash, and BMPK Public Key Hash in the device efuses.

After verification of these key hashes, keyrev will be programmed.

Warning

KEYREV by default is set to 1. Maximum supported value is 2.

Following is the template for Primary Certificate (SMPK private key to be used for signing this)

[ req ]
distinguished_name     = req_distinguished_name
x509_extensions        = v3_ca
prompt                 = no

dirstring_type = nobmp

[ req_distinguished_name ]
C                      = US
ST                     = SC
L                      = Dallas
O                      = Texas Instruments., Inc.
OU                     = PBU
CN                     = Albert
emailAddress           = Albert@ti.com

[ v3_ca ]
 basicConstraints = CA:true

Following is the template for Secondary Certificate (BMPK private key to be used for signing this)

[ req ]
distinguished_name     = req_distinguished_name
x509_extensions        = v3_ca
prompt                 = no

dirstring_type = nobmp

[ req_distinguished_name ]
C                      = US
ST                     = SC
L                      = Dallas
O                      = Texas Instruments., Inc.
OU                     = PBU
CN                     = Albert
emailAddress           = Albert@ti.com

[ v3_ca ]
 basicConstraints = CA:true
 1.3.6.1.4.1.294.1.34=ASN1:SEQUENCE:image_integrity

[ image_integrity ]
 shaType      =  OID:2.16.840.1.101.3.4.2.3
 shaValue     =  FORMAT:HEX,OCT:TEST_IMAGE_SHA512
 imageSize    =  INTEGER:TEST_IMAGE_SIZE

Replace TEST_IMAGE_SHA512 and TEST_IMAGE_SIZE with the SHA512 hash and size in bytes of the Primary Ceritificate. Concatenate Secondary certificate and Primary Certificate to form the Final Certificate, whose address in memory would be populated in the tisci_msg_set_keyrev_req message