SLAAE29 January   2023 MSPM0G1105 , MSPM0G1106 , MSPM0G1107 , MSPM0G1505 , MSPM0G1506 , MSPM0G1507 , MSPM0G3105 , MSPM0G3106 , MSPM0G3107 , MSPM0G3505 , MSPM0G3506 , MSPM0G3507 , MSPM0L1105 , MSPM0L1106 , MSPM0L1227 , MSPM0L1227-Q1 , MSPM0L1228 , MSPM0L1228-Q1 , MSPM0L1303 , MSPM0L1304 , MSPM0L1304-Q1 , MSPM0L1305 , MSPM0L1305-Q1 , MSPM0L1306 , MSPM0L1306-Q1 , MSPM0L1343 , MSPM0L1344 , MSPM0L1345 , MSPM0L1346 , MSPM0L2227 , MSPM0L2228 , MSPM0L2228-Q1

 

  1.   Abstract
  2.   Trademarks
  3. 1Introduction
    1. 1.1 Goals of Cybersecurity
    2. 1.2 Platform Security Enablers
  4. 2Device Security Model
    1. 2.1 Initial Conditions at Boot
    2. 2.2 Boot Configuration Routine (BCR)
    3. 2.3 Bootstrap Loader (BSL)
    4. 2.4 Boot Flow
    5. 2.5 User-Specified Security Policies
      1. 2.5.1 Boot Configuration Routine (BCR) Security Policies
        1. 2.5.1.1 Serial Wire Debug Related Policies
          1. 2.5.1.1.1 SWD Security Level 0
          2. 2.5.1.1.2 SWD Security Level 1
          3. 2.5.1.1.3 SWD Security Level 2
        2. 2.5.1.2 Bootstrap Loader (BSL) Enable/Disable Policy
        3. 2.5.1.3 Flash Memory Protection and Integrity Related Policies
          1. 2.5.1.3.1 Locking the Application (MAIN) Flash Memory
          2. 2.5.1.3.2 Locking the Configuration (NONMAIN) Flash Memory
          3. 2.5.1.3.3 Verifying Integrity of Application (MAIN) Flash Memory
      2. 2.5.2 Bootstrap Loader (BSL) Security Policies
        1. 2.5.2.1 BSL Access Password
        2. 2.5.2.2 BSL Read-out Policy
        3. 2.5.2.3 BSL Security Alert Policy
      3. 2.5.3 Configuration Data Error Resistance
        1. 2.5.3.1 CRC-Backed Configuration Data
        2. 2.5.3.2 16-bit Pattern Match for Critical Fields
  5. 3Secure Boot
    1. 3.1 Secure Boot Authentication Flow
    2. 3.2 Asymmetric vs. Symmetric Secure Boot
  6. 4Cryptographic Acceleration
    1. 4.1 Hardware AES Acceleration
      1. 4.1.1 Overview
      2. 4.1.2 AES Performance
    2. 4.2 Hardware True Random Number Generator (TRNG)
  7. 5Device Identity
  8. 6Summary
  9. 7References
  10. 8Revision History
  11.   A Security Enablers by Subfamily

1.2 Platform Security Enablers

The security enablers included in MSPM0 devices are given in Table 1-1. A complete list of security enablers available across the broader range of TI products can be found at the TI security portal.

Table 1-1 MSPM0 MCU Platform Security Enablers
Security Enabler Device Feature MSPM0L MSPM0G
Debugging security Password authenticated debug access All All
Password authenticated bootstrap loader access All All
Password authenticated main flash memory mass erase All All
Password authenticated complete factory reset All All
TI failure analysis (FA) enable/disable All All
Complete hardware disable of serial wire debug (SWD) interface All All
Permanently lockable device configuration data All All
Error resistant device configuration data All All
Password memory contains hashes only (SHA2-256) Future Future
Secure boot Permanently lockable main flash memory (static write protection) All All
CRC-32 verified main flash region All All
SHA2-256 verified main flash memory region Future Future
Single point of entry to main flash application at boot All All
Firmware image authentication routines (asymmetric or symmetric) All All
Lockable flash for key revocation and rollback protection Future Future
W^X (write-or-execute) SRAM boundary All All
Secure Storage Static flash memory read/execute (RX) firewall Future Future
IP protection (execute-only) firewall Future Future
W^X (write-or-execute) enforcement on main flash banks Future Future
AES volatile key store (up to four 128-bit keys plus a session key) Future Future
Cryptographic acceleration Hardware AES accelerator (128-bit / 256-bit) Future Optional
Hardware TRNG Future Optional
Device identity Unique device identifier (96-bit) All All
Physical security Boot configuration routine fault injection attack countermeasures Future Future