ZHCABI4 January 2022 TDA4VM , TDA4VM-Q1
将密钥编程到 eFuse 中之后,客户可以先通过以下步骤验证编程结果并检查器件状态,然后在工厂中启动生产:
# cat default_uart_hs.log
02000000011a00006a376573000000000000000048535345020001000200010002a600000100010033c74f0c8631aa67a56d53b06f250d75cb2a9cf7a52d6eb5e21b5e824250d7e09c22d997f09dc9389ecaa3f7d2b64d3a76d6163aa09e928ea050e1da9550
7e661f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527df02f2a23c0ed9d5fcf6dfb3a097ee4207cb1e2a5956e07ba144b73fe71143982
#!/usr/bin/env python3
import binascii
import struct
import string
import sys
filename=sys.argv[1]
fp = open(filename, 'rt')
lines= fp.readlines()
fp.close()
bin_arr = [ binascii.unhexlify(x.rstrip()) for x in lines ]
bin_str = b"".join(bin_arr)
pubInfoStr='BB2B12B4B4B4B'
secInfoStr='BBHHH64B64B32B'
numBlocks = list(struct.unpack('I', bin_str[0:4]))
pubROMInfo = struct.unpack(pubInfoStr, bin_str[4:32])
if numBlocks > 1:
secROMInfo = struct.unpack(secInfoStr, bin_str[32:200])
print ('-----------------------')
print ('SoC ID Header Info:')
print ('-----------------------')
print "NumBlocks :", numBlocks
print ('-----------------------')
print ('SoC ID Public ROM Info:')
print ('-----------------------')
print "SubBlockId :", pubROMInfo[0]
print "SubBlockSize :", pubROMInfo[1]
tmpList = list(pubROMInfo[4:15])
hexList = [hex(i) for i in tmpList]
deviceName = ''.join(chr(int(c, 16)) for c in hexList[0:])
print "DeviceName :", deviceName
tmpList = list(pubROMInfo[16:20])
hexList = [hex(i) for i in tmpList]
deviceType = ''.join(chr(int(c, 16)) for c in hexList[0:])
print "DeviceType :", deviceType
dmscROMVer = list(pubROMInfo[20:24])
dmscROMVer.reverse()
print "DMSC ROM Version :", dmscROMVer
r5ROMVer = list(pubROMInfo[24:28])
r5ROMVer.reverse()
print "R5 ROM Version :", r5ROMVer
print ('-----------------------')
print ('SoC ID Secure ROM Info:')
print ('-----------------------')
print "Sec SubBlockId :", secROMInfo[0]
print "Sec SubBlockSize :", secROMInfo[1]
print "Sec Prime :", secROMInfo[2]
print "Sec Key Revision :", secROMInfo[3]
print "Sec Key Count :", secROMInfo[4]
tmpList = list(secROMInfo[5:69])
tiMPKHash = ''.join('{:02x}'.format(x) for x in tmpList)
print "Sec TI MPK Hash :", tiMPKHash
tmpList = list(secROMInfo[69:133])
custMPKHash = ''.join('{:02x}'.format(x) for x in tmpList)
print "Sec Cust MPK Hash :", custMPKHash
tmpList = list(secROMInfo[133:167])
uID = ''.join('{:02x}'.format(x) for x in
print "Sec Unique ID :", uID
# python uart_boot_socid.py default_uart_hs.log
-----------------------
SoC ID Header Info:
-----------------------
NumBlocks : [2]
-----------------------
SoC ID Public ROM Info:
-----------------------
SubBlockId : 1
SubBlockSize : 26
DeviceName : j7es
DeviceType : HSSE
DMSC ROM Version : [0, 1, 0, 2]
R5 ROM Version : [0, 1, 0, 2]
-----------------------
SoC ID Secure ROM Info:
-----------------------
Sec SubBlockId : 2
Sec SubBlockSize : 166
Sec Prime : 0
Sec Key Revision : 1
Sec Key Count : 1
Sec TI MPK Hash : 33c74f0c8631aa67a56d53b06f250d75cb2a9cf7a52d6eb5e21b5e824250d7e09c22d997f09dc9389ecaa3f7d2b64d3a76d6163aa09e928ea050e1da95507e66
Sec Cust MPK Hash : 1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d
Sec Unique ID : f02f2a23c0ed9d5fcf6dfb3a097ee4207cb1e2a5956e07ba144b73fe71143982
日志显示,器件类型已转换为 HS-SE,并且密钥版本和密钥数量均为 1,这意味着只会对 SMPK 进行编程并使用,而不会对 BMPK 这样操作。当可以通过日志获取客户的 SMPK 哈希值时,客户可以使用以下方法检查与客户自己的密钥的一致性。
# openssl rsa -in k3_dev_mpk.pem -pubout -outform DER -out /tmp/k3_dev_mpk_pub.der
writing RSA key
# sha512sum /tmp/k3_dev_mpk_pub.der
1f6002b07cd9b0b7c47d9ca8d1aae57b8e8784a12f636b2b760d7d98a18f189760dfd0f23e2b0cb10ec7edc7c6edac3d9bdfefe0eddc3fff7fe9ad875195527d /tmp/k3_dev_mpk_pub.der
比较发现,客户所编程的密钥的哈希值与从器件读取的哈希值完全相同。因此,我们可以根据特定客户密钥验证器件是否已成功转换为 HS-SE。