SPRUJC1 April   2024

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Unlocking JTAG With Jacinto7 Security Enabled Devices
  5. 2Steps to Unlock JTAG for HSM Core With TRACE32
    1. 2.1 Modifying the SCI Client Default Security Board Configuration
      1. 2.1.1 PROCESSOR-SDK-RTOS
      2. 2.1.2 PROCESSOR-SDK-LINUX
    2. 2.2 Building the SCI Client Security Board Configuration
      1. 2.2.1 PROCESSOR-SDK-RTOS
      2. 2.2.2 PROCESSOR-SDK-LINUX
    3. 2.3 Modifying the Secondary Bootloader’s x509 Certificate
      1. 2.3.1 Windows Build Environment
      2. 2.3.2 Ubuntu Build Environment
    4. 2.4 Building the Secondary Bootloader
    5. 2.5 Verifying Secondary Bootloader and TIFS is Executing
    6. 2.6 Creating a Downloadable x509 Certificate With a Debug Extension
    7. 2.7 Execution of TRACE32 Unlock Script
    8. 2.8 Attaching to HSM Core With TRACE32

2.3.2 Ubuntu Build Environment

If a user is building the SBL within an Ubuntu environment they must navigate to the <pdk_path>/packages/ti/build/makerules directory and manually edit the “x509CertificateGen.sh” script to remove the debug extension field from being inserted into the SBL’s x509 certificate. The “x509CertificateGen.sh” script is automatically invoked during the make file build process and contains fields which are inserted into the SBL’s x509 certificate. In order to view and prevent the local x509 template from being deleted after the build process, navigate to the bottom of the “x509CertificateGen.sh” script and comment out the following script removal statements (see Figure 2-5). This allows you to verify whether the modifications you made to “x509CertificateGen.sh” correctly deleted the debug extension.

GUID-20240212-SS0I-04RN-4C2S-BPCBH1LLWGMZ-low.png Figure 2-5 Ubuntu Build – x509 Certificate Generation Script