Versions Compared

Old Version 2

changes.mady.by.user Wells Lu

Saved on

compared with

New Version Current

changes.mady.by.user Wells Lu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this guide, we will step-by-step guide you to use OPT Tool OPTTool (a software application) to burn OTP bits on SP7350 platforms.

Table of Contents

Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printablefalse

1. Prerequisites:

Before proceeding, ensure that you have compiled your SP7350 code is compiled to support the OTP Tool.Please confirm that the OTP driver OTPTool. Confirm that both the “OTP driver” and “OTP driver handshake” options in X-Boot is enabled. For guidance, refer are enabled. To do this:

  • Run the command ‘make xconfig' in the project’s top directory. This will open the X-Boot Configuration menu.

  • In the X-Boot Configuration menu, ensure that the “OTP driver” and “OTP driver handshake” options are enabled. Refer to the screenshot below for guidance:

...

...

If the options are not enabled, enable them and save the changes. Run the command ‘make' in the project’s top directory to rebuild the code.

2. UART

...

Connection Setup

2.1 Close

...

Terminal Applications

Close terminal applications such as Putty to free up the COM port connected to the SP7350 platform.

2.2 Run

...

OTPTool

Launch "OTP ToolOTPTool V1.0.0.0.exe" on your PC. Once started, the application interface will be displayed as shown below:

...

2.3 Configure COM

...

Port

Set the COM port connected to the SP7350 platform. Refer to screenshot below:

...

Press OK.

2.4 Connect with SP7350 platformPlatform

Click "Connect" button in the OTP Tool OTPTool and power on the SP7350 platform.

...

The status window of OTP Tool OTPTool indicates "CONNECT Success!" as shown above.

3

...

OTPTool Operations:

3.1 Open Excel

...

File (OTP table)

Open the OTP table Excel file. Refer to screenshot below:

...

When Open diaglog box is displayed, select the Excel file "OTP_TABLE_QAK654.xls". Then, press OK button. Refer to screenshot below, OTP table are loaded successfully.

...

3.2 Read and

...

Modify OTP

...

Bits

Press "Read" button to read the content of OTP from the SP7350 platform. Refer to screenshot below, Read command completed successfully.

...

The status window of OTP Tool OTPTool indicates "READ Start…” and next “READ Start..…” and then “READ Success!" as shown above.

3.3 Write to OTP

...

Bits

For modifications, right-click on the relevant bit or bit range, select "Modify item":

...

After making all necessary modifications, click "Write" to write the changes to the OTP of the SP7350 platform. Refer to screenshot below, bit [543:512] is updated:

...

4. Burning secure-boot and device keys:

SP7350 supports secure-boot. To enable secure-boot, you need to build code with security enabled and write secure keys into OTP of SP7350. There are two keys defined in OTP. One is secure-boot key and the other is device key. Each key is 32 bytes long. Secure-boot key is for digital signature. Device key is for decrypting image.

4.1 Burn secure-boot public key (for digital signature) into OPT bit 765 ~ 512

Secure-boot key is stored in file build/tools/secure_hsm/secure/otp_Sb_keys/ed_pub_0.hex:

7BBBCF06A44BA7655540A7F8AD5176F4BCA83F00E63442A7BA0C4F5D8BBCF650

Convert key to little-endian 4-byte word.

OTP[543:512] = 06CFBB7B OTP[575:544] = 65A74BA4 OTP[607:576] = F8A74055 OTP[639:608] = F47651AD OTP[671:640] = 003FA8BC OTP[703:672] = A74234E6 OTP[735:704] = 5D4F0CBA OTP[767:736] = 50F6BC8B

Input key to OTP words one by one, and then check and then press "Write"

...

You can press 'Read' to read back content of OTP.

...

4.2 Write device private key (for decryption) into OTP bit 1023 ~ 768

Device private key is stored in hex file build/tools/secure_hsm/secure/otp_Device_keys/x_priv_0.hex:

583D94

...

Convert key to little-endian 4-byte word.

OTP[799:768] = 79943D58OTP[831:800] = 29520D76

Code Block


OTP[863:832]  = 01461A61
OTP[895:864]  = 0EE81ECB
OTP[927:896]  = E17B0C2C
OTP[959:928]  = 37C6F4E8
OTP[991:960]  = D572EAA9
OTP[1023:992] = 5CB2A3A5

OTP[799:768] = 79943D58

OTP[831:800] = 29520D76

OTP[863:832] = 01461A61

OTP[895:864] = 0EE81ECB

OTP[927:896] = E17B0C2C

OTP[959:928] = 37C6F4E8

OTP[991:960] = D572EAA9

OTP[1023:992] = 5CB2A3A5

Follow the provided steps, ensuring the correct conversion and input of the key.

  1. Burn Device Private Key (For Decryption): Write the device private key into OTP[1023 ~ 768]. Follow the provided steps, ensuring the correct conversion and input of the key.

Important Notes:

  • Burning OTP bits is irreversible, and incorrect burns may render the IC unusable.

  • Save the keys in designated directories (hsm_keys, otp_Sb_keys, and otp_Device_keys).

Follow these steps diligently to successfully utilize the OTP Tool and enhance the security features of your SP7350 platform.

Burn secure-boot and device Keys

  1. Write Secure-Boot Public Key (For Digital Signature): Write the secure-boot public key into OTP[765 ~ 512]. Follow the provided steps, ensuring the correct conversion and input of the key.

  2. Write Device Private Key (For Decryption): Write the device private key into OTP[1023 ~ 768]. Follow the provided steps, ensuring the correct conversion and input of the key.

  3. Write 1 to OTP[0]: Write the value '1' to OTP[0]. Ensure not to enable the HWLOCK_MP_ENABLE bit.

Note:

...

Burning the keys (OTP) is irreversible. Incorrectly burned keys will render the IC unusable.

...