SPRUJE8 December   2024 AM2754-Q1

 

  1.   1
  2.   Description
  3.   Features
  4.   4
  5. 1Evaluation Module Overview
    1. 1.1 Introduction
    2. 1.2 Preface Read This First
      1. 1.2.1 Important Usage Notes
    3. 1.3 Kit Contents
    4. 1.4 Device Information
      1. 1.4.1 Security
    5. 1.5 Audio Expansion Connectors
  6. 2Hardware
    1. 2.1  Component Identification
    2. 2.2  Power Requirements
      1. 2.2.1 Power Input Using USB Type-C Connector
      2. 2.2.2 Power Status LEDs
      3. 2.2.3 Power Tree
      4. 2.2.4 Power Sequence
      5. 2.2.5 PMIC
    3. 2.3  Reset
    4. 2.4  Clock
    5. 2.5  Boot Mode Selection
    6. 2.6  Header Information
    7. 2.7  Push Buttons
    8. 2.8  Switches
    9. 2.9  Interfaces
      1. 2.9.1 Ethernet Interface
        1. 2.9.1.1 Ethernet Add-on Connectors
      2. 2.9.2 Audio Interfaces
        1. 2.9.2.1 Audio Clocking
        2. 2.9.2.2 McASP
        3. 2.9.2.3 MLB
    10. 2.10 AEC Mapping
      1. 2.10.1 Audio Expansion Connector 1
      2. 2.10.2 Audio Expansion Connector 2
    11. 2.11 Test Points
  7. 3Hardware Design Files
  8. 4Additional Information
    1. 4.1 If You need Assistance
    2. 4.2 Trademarks
  9. 5References
    1. 5.1 Reference Documents
    2. 5.2 Other TI Components Used This Design
  10. 6Revision History

Security

The AM275x EVM features a High Security, Field Securable (HS-FS) device. An HS-FS device has the ability to use a one time programming to convert the device from HS-FS to High Security, Security Enforced (HS-SE).

The AM275x device leaves the TI factory in an HS-FS state where customer keys are not programmed and has the following attributes:

  • Does not enforce the secure boot process
  • R5 and C7 JTAG ports are open
  • Security Subsystem firewalls are closed
  • SoC Firewalls are open
  • ROM Boot expects a TI signed binary (encryption is optional)
  • TIFS-MCU binary is signed by the TI private key

The One Time Programmable (OTP) keywriter converts the secure device from HS-FS to HS-SE. The OTP keywriter programs customer keys into the device eFuses to enforce secure boot and establish a root of trust. The secure boot requires an image to be encrypted, which is optional, and signed using customer keys, which is verified by the SoC. A secure device in the HS-SE state has the following attributes:

  • C7, R5 JTAG ports are both closed
  • Security subsystems and SoC firewalls are both closed
  • TIFS-MCU and SBL need to be signed with active customer key