SLAU846B June 2023 – November 2024 MSPM0G1105 , MSPM0G1106 , MSPM0G1107 , MSPM0G1505 , MSPM0G1506 , MSPM0G1507 , MSPM0G1519 , MSPM0G3105 , MSPM0G3105-Q1 , MSPM0G3106 , MSPM0G3106-Q1 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3505-Q1 , MSPM0G3506 , MSPM0G3506-Q1 , MSPM0G3507 , MSPM0G3507-Q1 , MSPM0G3519
The CSC is expected to be a separate image from the main application. This allows a complete isolation of the CSC from the application as opposed to a scheme where the CSC functionality is embedded into the application as a single image.
At the first SYSRST following BOOTDONE, CSC will be invoked via the reset handler at 0x0. The pseudo-code below provides an overview of the CSC programming model.
void resetHandler(void)
{
_asm(“b __c_init00”); // this is the call to secure startup, which would issue INITDONE
}
The CSC will check if INITDONE has already been issued, and accordingly decide to perform application image authentication and security configuration before launching the authenticated image.
bool init_done = (*(volatile long *)(SYSCTL_SECCFG_SECTSTAT)) & 0x1;
If (! Init_done)
{
setupKeystorage(); // AES symmetric keys
entry_point = findImageEntryPoint ();
stack_ptr = findImageStackPtr();
setBankSwap(0 or 1); // depending on which bank the image is in
// setup SRAM boundary
copyFromFlashToSRAM();
setupSRAMBoundary();
lockSRAMBoundary();
setupFlashFirewalls();
INITDONE = 1; // *(volatile long *) (SYSCTL_SECCFG_INITDONE) = 1 | (0x9D << 24);
// This triggers a HW-initiated SYSRST
}
// we will come here if INITDONE = 1 after a SYSRST
launchApp(); // using entry_point and stack pointer base from image metadata
As outlined, the CSC would perform a set of security configuration actions that include:
Note that the SRAM boundary set up is optional and needed only if the application intends to run any code (especially interrupt handlers) out of SRAM. This is motivated by a requirement to keep communications ISRs running while the main flash memory could be busy with integrity checks.
The final step would trigger a second SYSRST and the reset handler gets invoked a second time. Since init_done is now found to be set, CSC will simply invoke the main application at this point, using the entry_point that the CSC obtained from the application image.