The bootloader demonstration in the GP device can be found in CAN Response and Bootloader Demo Application. The required binaries to start up the system are shown in Table 2-1.

The difference is the ATF (Arm Trusted Firmware) image, DTB (Device Tree Binary) image, and Linux kernel image should be signed and encrypted if running Linux in A72 core, and the file system does not need to be signed. Also, only ATF and IFS (Image FileSystem) images need to be signed, if implementing the QNX in A72 core.

For the binaries in Table 2-1, they can sign and encrypt by x509Certificate script in the default SDK using the following command.

# ${PSDKRA_PATH}/pdk/packages/ti/build/makerules/x509CertificateGen.sh -b binary_need_sign&encrypt -o signed_encrypted_binary -c R5 -l 0x0 -k ${PSDKRA_PATH}/pdk/packages/ti/build/makerules/k3_dev_mpk.pem -y ENCRYPT -e ${PSDKRA_PATH}/pdk/packages/ti/build/makerules/k3_dev_mek.txt  -d DEBUG -j DBG_FULL_ENABLE -m SPLIT_MODE

Except for SBL and system images, the TIFS also need to sign and encrypt by the TI dummy key. The TIFS signed with the TI dummy key already provided in SDK, can be used directly in the HS-SE-TIDK device.

$ cp ${PSDKRA_PATH}/pdk/packages/ti/drv/sciclient/soc/V1/tifs-hs-enc.bin   /media/user/boot/tifs.bin