SPRSP93 November 2024 F29H850TU , F29H859TU-Q1
ADVANCE INFORMATION
Refer to the PDF data sheet for device specific package drawings
The Hardware Security Module (HSM) is a self-contained subsystem within the device that provides security and cryptographic functions. The host C29x subsystem interfaces with the HSM subsystem to perform the cryptographic operations required for code authentication, secure boot, secure firmware upgrades and encrypted run-time communications. A high-level view of the various subsystems in this device, with the HSM subsystem highlighted, is shown in Figure 7-11.
At the center of the HSM is an ARM® Cortex®-M4 CPU running at 100MHz, with embedded SRAM, ROM, and up to 512KB of Flash memory. The Real-Time DMA (RTDMA) module enables fast data transfers between the HSM CPU and SRAM, HSM and application Flash memory banks, secure mailbox, and cryptographic engines.
The Security Manager module hosts the root-of-trust keys, defines the secure access mechanisms, controls the debug firewalls, and performs the security override sequences to establish protection of security assets if debug or failure-analysis operation is required.
The HSM includes a set of accelerator engines for executing cryptographic algorithms. These engines enable fast execution of symmetric encryption algorithms, hash functions, asymmetric encryption algorithms for public key infrastructure, and a true random number generator (TRNG). The Data Transform and Hashing Engine (DTHE) interfaces between the CPU and the cryptographic accelerators, providing interrupt and RTDMA trigger management and essential functions such as CRC and checksum computation.
In addition, the HSM provides peripheral modules to aid various security functions: timers, a real-time counter, a watchdog, DCC for clock monitoring, and ESM for error handling.
Communication between the HSM and the host application cores happens over a secure mailbox interface. The HSM controls various secure firewalls in the device, including the secure mailbox, cryptographic engines, shared RAM, and device Flash memory.