Versions Compared

Old Version 2

changes.mady.by.user Wells Lu

Saved on

compared with

New Version 3

changes.mady.by.user Wells Lu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this guide, we will step-by-step guide you to use OPT Tool (a software application) to burn OTP bits on SP7350 platforms.

...

The status window of OTP Tool indicates "CONNECT Success!" as shown above.

3 OTP Tool operations:

...

The status window of OTP Tool indicates "READ Start…” and next “READ Start..…” and then “READ Success!" as shown above.

3.3 Write to OTP bits

...

After making all necessary modifications, click "Write" to write the changes to the OTP of the SP7350 platform. Refer to screenshot below, bit [543:512] is updated:

...

4. Burning secure-boot and device keys

...

The SP7350 supports secure-boot functionality. To enable activate secure-boot, you need it is necessary to build the code with security enabled and write secure keys into the OTP (One-Time Programmable) memory of the SP7350. There are two keys defined in the OTP . One is - the secure-boot key for digital signatures and the other is device key for image decryption. Each key is 32 bytes long. Secure-boot key is for digital signature. Device key is for decrypting image.

4.1 Burn secure-boot public key (for digital signature) into OPT bit 512 ~ 765

...

SecureThe secure-boot key is stored in the file build/tools/secure_hsm/secure/otp_Sb_keys/ed_pub_0.hex:

7BBBCF06A44BA7655540A7F8AD5176F4BCA83F00E63442A7BA0C4F5D8BBCF650

Convert the key to little-endian 4-byte word. words:

OTP[543:512] = 06CFBB7B

OTP[575:544] = 65A74BA4

OTP[607:576] = F8A74055

OTP[639:608] = F47651AD

OTP[671:640] = 003FA8BC

OTP[703:672] = A74234E6

OTP[735:704] = 5D4F0CBA

OTP[767:736] = 50F6BC8B

Input key it to OTP words one by one. Afterward, and then check and then press "Write."

...

You can press The status window of the OTP Tool indicates "WRITE Start..…” and then “WRITE Success!" as shown above.

Press 'Read' to read back content of OTP.

...

The status window of the OTP Tool indicates "READ Start..…” and then “READ Success!" as shown above.

4.2 Write device private key (for decryption) into OTP bit 768 ~ 1023

...

Device The device private key is stored in hex file build/tools/secure_hsm/secure/otp_Device_keys/x_priv_0.hex:583D94

583D9479760D5229611A4601CB1EE80E2C0C7BE1E8F4C637A9EA72D5A5A3B25C

...

Convert the key to little-endian 4-byte word.

...

:

...

...

OTP[

...

799:768] = 79943D58

OTP[831:800] = 29520D76

OTP[863:832] = 01461A61

OTP[895:864] = 0EE81ECB

OTP[927:896] = E17B0C2C

OTP[959:928] = 37C6F4E8

OTP[991:960] = D572EAA9

OTP[1023:992] = 5CB2A3A5

Follow the provided steps, ensuring the correct conversion and input of the key.

  1. Burn Device Private Key (For Decryption): Write the device private key into OTP[1023 ~ 768]. Follow the provided steps, ensuring the correct conversion and input of the key.

Important Notes:

  • Burning OTP bits is irreversible, and incorrect burns may render the IC unusable.

  • Save the keys in designated directories (hsm_keys, otp_Sb_keys, and otp_Device_keys).

Follow these steps diligently to successfully utilize the OTP Tool and enhance the security features of your SP7350 platform.

Burn secure-boot and device Keys

  1. Write Secure-Boot Public Key (For Digital Signature): Write the secure-boot public key into OTP[765 ~ 512]. Follow the provided steps, ensuring the correct conversion and input of the key.

  2. Write Device Private Key (For Decryption): Write the device private key into OTP[1023 ~ 768]. Follow the provided steps, ensuring the correct conversion and input of the key.

  3. Write 1 to OTP[0]: Write the value '1' to OTP[0]. Ensure not to enable the HWLOCK_MP_ENABLE bit.

Note:

...

Burning the keys (OTP) is irreversible. Incorrectly burned keys will render the IC unusable.

...

Input it to OTP words one by one. Afterward, check and press "Write."

...

The status window of the OTP Tool indicates "WRITE Start..…” and then “WRITE Success!" as shown above.

Press 'Read' to confirm the content of OTP.

...

The status window of the OTP Tool indicates "READ Start..…” and then “READ Success!" as shown above.

4.3 Enable secure mode of SP7350 (Write 1 into OTP bit 0)

Modify bit 0 to 1 and then press "Write."

...

The status window of the OTP Tool indicates "READ Start..…” and then “READ Success!" as shown above.

4.4 Enable MP bit of SP7350 (Write 1 into OTP bit 2)

To safeguard keys from being accessed by end-users, enabling the MP bit prevents the CPU from reading keys.

Modify bit 2 to 1 and then press "Write."

4.5 Important Notes:

  • Do not enable the MP bit for version A chips.

  • Burning OTP bits is irreversible, and incorrect burns may render the chips unusable.

  • Remember to save the keys in designated directories (hsm_keys, otp_Sb_keys, and otp_Device_keys).