SPRUJ53B April 2024 – September 2024 TMS320F28P550SJ , TMS320F28P559SJ-Q1
There are a few functions that are available within Secure ROM to be called by the application to perform EXEONLY Flash/RAM tasks in a secure manner.
If a vector fetch request is given by the CPU (C28x) while the program counter (PC) is within the EXEONLY function API code of the Secure ROM, a reset fires (RSN if from C28x). The consequence of this is if an NMI or ITRAP or Bus Fault occurs while the PC is executing one of the EXEONLY API functions, the NMI/ITRAP/Fault cannot be serviced because a reset is fired to the subsystem.
The secure copy code zone 1 and zone 2 functions allow EXEONLY Flash to be copied to EXEONLY RAM in a secure manner. The source must be from EXEONLY Flash and the destination to EXEONLY RAM. There is no support to copy EXEONLY ROM or EXEONLY RAM to RAM. Both Flash and RAM must be set to EXEONLY and configured for the same zone. Additionally, the copy size must not cross over the Flash sector boundary. Any violations of these requirements results in a failure status returned. Upon successful copy of the data, the number of 16-bit words copied is returned.
CPU | Function Prototype | Function Parameters | Function Return Value |
---|---|---|---|
CPU (C28x) | uint16_t SecureCopyCodeZ1(uint32_t size, uint16_t *dst, uint16_t *src) | size : The
number of 16-bit words to copy dst : The destination memory address in EXEONLY RAM src : The source memory address in EXEONLY Flash |
0xXXXX : Returns
the number of 16-bit words copied |
uint16_t SecureCopyCodeZ2(uint32_t size, uint16_t *dst, uint16_t *src) | 0x0000 : Indicates one of the following: Copy length is zero; Copy size crosses over Flash sector boundary; Flash and RAM do not belong to the same zone; Flash and/or RAM are not set to EXEONLY; Error occurred during data copy |
The secure CRC calculation zone 1 and zone 2 functions allow a safety CRC check of EXEONLY memory in a secure manner. The CRC length provided must be a value from 1 to 8 where 1 represents a CRC size of 32 16-bit words and 8 represents a CRC size of 4096 16-bit words. The source address specifies the starting address for the CRC and the destination address is the location that the resulting CRC value is stored. The source and destination memories must be configured for the same zone. Additionally, the CRC length must not cross over the Flash sector or RAM block boundary. Any violations of these requirements results in a failure status returned. Upon successful CRC, the number of 16-bit words CRC'd is returned.
CPU | Function Prototype | Function Parameters | Function Return Value |
---|---|---|---|
CPU (C28x) | uint16_t SecureCRCCalcZ1(uint16_t len_id, uint16_t *dst, uint16_t *src) | len_id : A
number from 1 to 8 which corresponds to length options of 32, 64, 128, 256, 512,
1024, 2048, or 4096 16-bit words dst : The destination memory address for resulting CRC src : The source memory address to begin CRC calculation |
0xXXXX : Returns
the number of 16-bit words CRC'd |
uint16_t SecureCRCCalcZ2(uint16_t size, uint16_t *dst, uint16_t *src) | 0x0000 : Indicates one of the following: Invalid length option; Source address is not modulo of length value; Destination address is not within secure RAM; CRC size crosses over Flash sector or RAM block boundary; The source and destination memory do not belong to the same zone; On CM, CRCLOCK is enabled |
The CMAC calculate and compare function allows to calculate CMAC signature of a Flash memory block and compare against a golden signature. This is used in the secure boot mode to authenticate the boot image.
CPU | Function Prototype | Function Parameters | Function Return Value |
---|---|---|---|
CPU (C28x) | uint32_t CPU1BROM_calculateCMAC(uint32_t startAddress, uint32_t endAddress, uint32_t signatureAddress) | startAddress: Starting
address of memory for which CMAC has to be calculated endAddress: Ending address of memory for which CMAC has to be calculated signatureAddress: Address of location where golden CMAC signature is stored |
0xFFFF FFFFU: Calculated CMAC signature did not match golden signature (fail) |
0xA5A5 A5A5U: Memory range provided is not aligned to 128-bit boundary or length is zero | |||
0xE1E1 E1E1U: AES Engine timed out | |||
0x0000 0000U: No Error |