Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

In this guide, we will step-by-step guide you to use OPTTool (a software application) to burn OTP bits on SP7350 platforms.

Table of Contents

1. Prerequisites:

Before proceeding, ensure that your SP7350 code is compiled to support the OTPTool. Confirm that both the “OTP driver” and “OTP driver handshake” options in X-Boot are enabled. To do this:

  • Run the command ‘make xconfig' in the project’s top directory. This will open the X-Boot Configuration menu.

  • In the X-Boot Configuration menu, ensure that the “OTP driver” and “OTP driver handshake” options are enabled. Refer to the screenshot below for guidance:

image-20240613-155510.png

If the options are not enabled, enable them and save the changes. Run the command ‘make' in the project’s top directory to rebuild the code.

2. UART Connection Setup

2.1 Close Terminal Applications

Close terminal applications such as Putty to free up the COM port connected to the SP7350 platform.

2.2 Run OTPTool

Launch "OTPTool V1.0.0.0.exe" on your PC. Once started, the application interface will be displayed as shown below:

2.3 Configure COM Port

Set the COM port connected to the SP7350 platform. Refer to screenshot below:

For instance, if UART0 of the SP7350 platform is linked to COM5 on your PC, select COM5 and set the Baudrate to 115200. Refer to screenshot below:

Press OK.

2.4 Connect with SP7350 Platform

Click "Connect" button in the OTPTool and power on the SP7350 platform.

The status window of OTPTool indicates "CONNECT Success!" as shown above.

3 OTPTool Operations:

3.1 Open Excel File (OTP table)

Open the OTP table Excel file. Refer to screenshot below:

When Open diaglog box is displayed, select the Excel file "OTP_TABLE_QAK654.xls". Then, press OK button. Refer to screenshot below, OTP table are loaded successfully.

3.2 Read and Modify OTP Bits

Press "Read" button to read the content of OTP from the SP7350 platform. Refer to screenshot below, Read command completed successfully.

The status window of OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.

3.3 Write to OTP Bits

For modifications, right-click on the relevant bit or bit range, select "Modify item":

Input the new value, and press OK.

After making all necessary modifications, click "Write" to write the changes to the OTP of the SP7350 platform. Refer to screenshot below, bit [543:512] is updated:

4. Burning Secure-boot and Device Keys

The SP7350 supports secure-boot functionality. To activate secure-boot, it is necessary to build the code with security enabled and write secure keys into the OTP (One-Time Programmable) memory of the SP7350. There are two keys defined in the OTP - the secure-boot key for digital signatures and the device key for image decryption. Each key is 32 bytes long.

4.1 Burn Secure-boot Public Key (for digital signature) into OPT Bit 512 ~ 765

The secure-boot key is stored in the file build/tools/secure_hsm/secure/otp_Sb_keys/ed_pub_0.hex:

7BBBCF06A44BA7655540A7F8AD5176F4BCA83F00E63442A7BA0C4F5D8BBCF650

Convert the key to little-endian 4-byte words:

OTP[543:512] = 06CFBB7B

OTP[575:544] = 65A74BA4

OTP[607:576] = F8A74055

OTP[639:608] = F47651AD

OTP[671:640] = 003FA8BC

OTP[703:672] = A74234E6

OTP[735:704] = 5D4F0CBA

OTP[767:736] = 50F6BC8B

Input it to OTP words one by one. Afterward, check and then press "Write."

The status window of the OTPTool indicates "WRITE Start..…” and then “WRITE Success!" as shown above.

Press 'Read' to read back content of OTP.

The status window of the OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.

4.2 Write Device Private Key (for decryption) into OTP Bit 768 ~ 1023

The device private key is stored in hex file build/tools/secure_hsm/secure/otp_Device_keys/x_priv_0.hex:

583D9479760D5229611A4601CB1EE80E2C0C7BE1E8F4C637A9EA72D5A5A3B25C

Convert the key to little-endian 4-byte word:

OTP[799:768] = 79943D58

OTP[831:800] = 29520D76

OTP[863:832] = 01461A61

OTP[895:864] = 0EE81ECB

OTP[927:896] = E17B0C2C

OTP[959:928] = 37C6F4E8

OTP[991:960] = D572EAA9

OTP[1023:992] = 5CB2A3A5

Input it to OTP words one by one. Afterward, check and press "Write."

The status window of the OTPTool indicates "WRITE Start..…” and then “WRITE Success!" as shown above.

Press 'Read' to confirm the content of OTP.

The status window of the OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.

4.3 Enable Secure Mode of SP7350 (Write 1 into OTP bit 0)

Modify bit 0 to 1 and then press "Write."

The status window of the OTPTool indicates "READ Start..…” and then “READ Success!" as shown above.

4.4 Enable MP Bit of SP7350 (Write 1 into OTP bit 2)

To safeguard keys from being accessed by end-users, enabling the MP bit prevents the CPU from reading keys.

Modify bit 2 to 1 and then press "Write."

4.5 Important Notes:

  • Do not enable the MP bit for version A chips.

  • Burning OTP bits is irreversible, and incorrect burns may render the chips unusable.

  • Remember to save the keys in designated directories (hsm_keys, otp_Sb_keys, and otp_Device_keys).

  • No labels