-
Bug
-
Resolution: Fixed
-
Urgent
-
PDK
-
PDK-11027
-
PROCESSOR_SDK_08.00.00
-
PROCESSOR_SDK_08.01.00
-
In the Keywriter section under PDK user guide for OTP Keywriter,
./gen_keywr_cert.sh -s keys/smpk.pem -s-wp --smek keys/smek.key --smek-wp -t ti_fek_public.pem -a keys/aes256.key --msv 0xC0FFE --msv-wp --keycnt 1 --keyrev 1 --sr-sbl 3 --sr-sysfw 4
The highlighted options set the software revision bits for SBL and TIFS/SYSFW to 3 and 4 respectively. These --sr settings should not be used when running the keywriter and were inadvertently included in the online documentation example.
These efuses are used for rollback protection and prevent the SBL and TIFS/SYSFW image from authenticating since the certificate revisions are 1 for each and silicon enforces min version of what was efused.
The example should remove these 2 --sr-sbl & --sr-sysfw options.
Customer who follows the instruction will render the device unusable.