HI:
There are some problems while we use basic secure omapl138 to encrypt images,and i need confirm some questions first:
1. For SecureHexAIS_OMAP-L138.exe tool, dose it encrypt the CEK in the ini file ? If so, how does it get the KEK?
2. AIS command SECURE KEY LOAD, which is described in the <TMS320C674x/OMAP-L1xProcessor Security> file, it will installs CEK, what is this mean? Encrypts CEK by KEK?
3. IS secondaryBootLoader equal to UBL?
OK, we apply apps on ARM core and DSP core just for security currently. Both secure and non-secure, we can run DSP and ARM well. And for DSP' UBL, we have success encrypted the CEK which is provided in the code. For the encrypt,what's the next step should we do?
The uboot for ARM is stored in the nor flash, and we need to encrypt this image(or arm apps' image), and bind to an unique device.The <TMS320C674x/OMAP-L1xProcessor Security> file (Figure11) mentions we should placed the encrypted CEK into this image. And how to accomplish this?
Besides, we have got the Security_collateral_update.zip SDK from local TI' support. For this SDK, we can't open its projects with CCS4.2. And its demo applys SPI flash, unfortunately, there is no spi flash on our hardware, so ,we can't verity these demo.
And how to use LoadModGen tool?
thanks!