SECDEVTOOL-OMAPL138C6748: How do I load an encrypted boot load module to RAM?

Part Number:SECDEVTOOL-OMAPL138C6748

Hi everyone,

I'm working on secure part OMAPL138/C6748 and having a problem in implementing a secondary boot loader (SBL).

As far as I know, to boot an AIS image using SBL, it must be created from an '.out' file via using LoadModGen_OMAP-L138.exe. Then, the SBL will load the AIS image into RAM and decrypt it with the secure kernel API SK_decryptMod(), finally the program counter will be assigned to the entry point of the decrypted module and the app can run from there.

My question is:

1. How do I detect the start of the boot load module (BLM) in NAND flash? It is weird that TI arranges the header of a BLM at the end of its pay load, and the MAGIC NUMBER (in the header, used to detect the exist of an image) will be change the value after the BLM is encrypted. 

---------------------------
|         Payload          |
---------------------------
|          Header           |
---------------------------
|        Signature         |
---------------------------

2. Suppose that somehow I can detect the BLM in NAND flash. How do I recall the load address and the entry point of the BLM, so that I know where in RAM I should load the program to and where I should put the program counter to start running the app?

Because there is no document on those problems, I tried to resolve it my way. I attached my custom header to the original BLM, so that it had new structure, like this

---------------------------
|       My_Header      |

---------------------------
|         Payload          |
---------------------------
|          Header           |
---------------------------
|        Signature         |
---------------------------

Where My_Header field consists of 4 attributes

. MY_MAGIC_NUMBER: a constant number defined by me to detect the start of the BLM

. BLMSize: Size of the BLM, including My_Header

. LoadAddress: Load address of the application  (I can have it from file '.cmd' in the CCS project of the application)

. EntryPoint: Entry point of the application  (I can have it from file '.map' in the CCS project of the application)

With this solution, I could successfully load the BLM from NAND to RAM, decrypted it using SK_decrypt() and put the program counter to the entry point. However, the application then didn't work!!! What was wrong.

Any help is very helpful! 

Thanks.