SPRUHM8K December 2013 – May 2024 TMS320F28374D , TMS320F28375D , TMS320F28376D , TMS320F28377D , TMS320F28377D-EP , TMS320F28377D-Q1 , TMS320F28378D , TMS320F28379D , TMS320F28379D-Q1
The security module restricts the CPU access to on-chip secure memory and resources without interrupting or stalling CPU execution. When a read occurs to a secure memory location, the read returns a zero value and CPU execution continues with the next instruction. This, in effect, blocks read and write access to secure memories through the JTAG port or external peripherals.
The code security mechanism offers protection for two zones, Zone 1 (Z1) and Zone 2 (Z2). The security mechanism for both the zones is identical. Each zone has a dedicated secure resource and allocated secure resource. The following are different secure resources available on this device:
CLA Ownership | RAM Block Ownership | Fetch Access | Read Access | Write Access |
---|---|---|---|---|
None | None | Yes | Yes | Yes |
None | Z1 or Z2 | No | No | No |
Z1 | Z1 | Yes | Yes | Yes |
Z1 | Z2 | No | No | No |
Z1 | None | No | Yes | Yes |
Z2 | Z1 | No | No | No |
Z2 | Z2 | Yes | Yes | Yes |
Z2 | None | No | Yes | Yes |
Table 3-17 shows the status of a RAM block based on the configuration in GRABRAM register.
GRAM_RAMx Bits in Z1_GRABRAMR Register | GRAM_RAMx Bits in Z2_GRABRAMR Register | Ownership |
---|---|---|
00 | XX | GRAM_RAMx is inaccessible |
XX | 00 | GRAM_RAMx is inaccessible |
Differential Value (01/10) | Differential Value (01/10) | GRAM_RAMx is inaccessible |
Differential Value (01/10) | 11 | GRAM_RAMx belongs to Z1 |
11 | Differential Value (01/10) | GRAM_RAMx belongs to Z2 |
11 | 11 | GRAM_RAMx is Non-Secure |
The security of each zone is maintained by a 128-bit (four 32-bit words) password (CSM password). The password for each zone is stored in a dedicated OTP memory location based on a zone-specific link pointer. A zone can be unsecured by executing the password match flow (PMF), described in Section 3.13.3.3.2.
There are three types of accesses: data/program reads, JTAG access, and instruction fetches (calls, jumps, code executions, ISRs). Instruction fetches are never blocked. JTAG accesses are always blocked when a memory is secure. Data reads to a secure memory are always blocked unless the program is executing from a memory which belongs to the same zone. Data reads to unsecure memory are always allowed. Table 3-18 shows the levels of security.
PMF Executed With Correct Password? | Operating Mode of the Zone | Program Fetch Location | Security Description |
---|---|---|---|
No | Secure | Outside secure memory | Only instruction fetches by the CPU are allowed to secure memory. In other words, code can still be executed, but not read. |
No | Secure | Inside secure memory | CPU has full access (except for EXEONLY memories where read is not allowed). JTAG port cannot read the secured memory contents. |
Yes | Non-Secure | Anywhere | Full access for CPU and JTAG port to secure memory of that zone. |
If the password locations of a zone have all 128 bits as ones, the zone is considered unsecure. Since new Flash devices have erased Flash (all ones), only a read of the password locations is required to bring any zone into unsecure mode. If the password locations of a zone have all 128 bits as zeros, the zone is secure, regardless of the contents of the CSMKEY registers. This means the zone cannot be unlocked using PMF, the password match flow described in Section 3.13.3.3.2. Therefore, the user must never use all zeros as a password. A password of all zeros prevents debug of secure code or reprogramming the Flash.
CSMKEY registers are user-accessible registers that are used to unsecure the zones.