In this guide, we will step-by-step guide you to use OPTTool (a software application) to burn OTP bits on SP7350 platforms.
Contents
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
1. Prerequisites:
Before proceeding, ensure that you have compiled your SP7350 code to support the OTPTool.
Please confirm that the OTP driver in X-Boot is enabled. For guidance, refer to the screenshot below:
...
2. UART
...
Connection Setup
2.1 Close
...
Terminal Applications
Close terminal applications such as Putty to free up the COM port connected to the SP7350 platform.
2.2 Run OTPTool
Launch "OTPTool V1.0.0.0.exe" on your PC. Once started, the application interface will be displayed as shown below:
...
2.3 Configure COM
...
Port
Set the COM port connected to the SP7350 platform. Refer to screenshot below:
...
Press OK.
2.4 Connect with SP7350 platformPlatform
Click "Connect" button in the OTPTool and power on the SP7350 platform.
...
The status window of OTPTool indicates "CONNECT Success!" as shown above.
3 OTPTool
...
Operations:
3.1 Open Excel file File (OTP table)
Open the OTP table Excel file. Refer to screenshot below:
...
When Open diaglog box is displayed, select the Excel file "OTP_TABLE_QAK654.xls". Then, press OK button. Refer to screenshot below, OTP table are loaded successfully.
...
3.2 Read and modify Modify OTP bitsBits
Press "Read" button to read the content of OTP from the SP7350 platform. Refer to screenshot below, Read command completed successfully.
...
The status window of OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.
3.3 Write to OTP bitsBits
For modifications, right-click on the relevant bit or bit range, select "Modify item":
...
After making all necessary modifications, click "Write" to write the changes to the OTP of the SP7350 platform. Refer to screenshot below, bit [543:512] is updated:
...
4. Burning
...
Secure-boot and
...
Device Keys
The SP7350 supports secure-boot functionality. To activate secure-boot, it is necessary to build the code with security enabled and write secure keys into the OTP (One-Time Programmable) memory of the SP7350. There are two keys defined in the OTP - the secure-boot key for digital signatures and the device key for image decryption. Each key is 32 bytes long.
4.1 Burn
...
Secure-boot
...
Public Key (for digital signature) into OPT
...
Bit 512 ~ 765
The secure-boot key is stored in the file build/tools/secure_hsm/secure/otp_Sb_keys/ed_pub_0.hex:
...
The status window of the OTPTool indicates "WRITE Start..…” and then “WRITE Success!" as shown above.
Press 'Read' to read back content of OTP.
...
The status window of the OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.
4.2 Write
...
Device Private Key (for decryption) into OTP
...
Bit 768 ~ 1023
The device private key is stored in hex file build/tools/secure_hsm/secure/otp_Device_keys/x_priv_0.hex:
...
The status window of the OTPTool indicates "WRITE Start..…” and then “WRITE Success!" as shown above.
Press 'Read' to confirm the content of OTP.
...
The status window of the OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.
4.3 Enable
...
Secure Mode of SP7350 (Write 1 into OTP bit 0)
Modify bit 0 to 1 and then press "Write."
...
The status window of the OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.
4.4 Enable MP
...
Bit of SP7350 (Write 1 into OTP bit 2)
To safeguard keys from being accessed by end-users, enabling the MP bit prevents the CPU from reading keys.
Modify bit 2 to 1 and then press "Write."
4.5 Important Notes:
Do not enable the MP bit for version A chips.
Burning OTP bits is irreversible, and incorrect burns may render the chips unusable.
Remember to save the keys in designated directories (hsm_keys, otp_Sb_keys, and otp_Device_keys).