SPRUIX1B October 2022 – April 2024 TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137
Secure Flash boot mode is similar to Flash boot mode in that the boot flow branches to the configured memory address in Flash but only after the Flash memory contents have been authenticated. The Flash authentication uses a Cipher-based Message Authentication Protocol (CMAC) to authenticate 16KB of Flash starting from the configured Flash entry point address. The CMAC calculation requires a user-defined 128-bit key programmed in the CPU User OTP Zone 1 Header OTP CMACKEY bit field. Additionally, you must calculate the golden CMAC tag based on the 16KB Flash memory range and store the tag along with the user code at a hardcoded address in Flash. During secure Flash boot, the calculated CMAC tag is compared to the user golden CMAC tag in Flash to determine the pass/fail status of the CMAC authentication. When authentication passes, boot flow continues and branches to Flash to begin executing the application. When authentication fails, the device is reset.
For the available secure Flash boot entry address options, refer to Section 4.7.2.
For generating the secure Flash golden CMAC tag for CPU, refer to the TMS320C28x Assembly Language Tools User’s Guide within section “Using Secure Flash Boot on TMS320F2838x Devices” for instructions.
Key: 2B7E1516 28AED2A6 ABF71588 09CF4F3C
(MSB is 2B and LSB is 3C)
CMACKEY0 = 0x2B7E1516
CMACKEY1 = 0x28AED2A6
CMACKEY2 = 0xABF71588
CMACKEY3 = 0x09CF4F3C
Recommended to use device JTAGLOCK when using secure Flash boot.
Details | Location Address |
---|---|
CMAC Signature Address | Flash Entry point Address + 0x2 |
CMAC Key Address (128-bit key) | DCSM Z1 OTP CMACKEY0/1/2/3 |
Flash Entry Point (Bank 0, Sector 0) | 0x0008 0000 |
Flash Entry Point (Bank 0, Sector 32) | 0x0008 8000 |
Flash Entry Point (Bank 0, End of Sector 63) | 0x0008 FFF0 |
Flash Entry Point (Bank 0, Sector 64) | 0x0009 0000 |
Flash Entry Point (Bank 0, Sector 96) | 0x0009 8000 |
Address Range for CMAC Calculation |
Start: Flash Entry Point Address End: Flash Entry Point Address + 16KB |
Name | Address | Details |
---|---|---|
CMA Golden Tag (128-bit) | CPU: Flash Entry Point Address + 0x2 |
Located in Flash, offset from the entry point address,
by 2 words (CPU). When CMAC calculations are performed, the golden tag location in memory is considered all 0xFs. Refer to Example4-1 for an example regarding linker configuration on CPU. Lower memory contains the tag's MSW and higher memory contains the LSW. |
Example (on CPU): Tag = 0x00112233 44556677 8899AABB CCDDEEFF Address 0x0 = 0x00112233 Address 0x2 = 0x44556677 Address 0x4 = 0x8899AABB Address 0x6 = 0xCCDDEEFF |
||
CMAC 128-Bit Key | 0x0007 8018 |
Located in CPU Zone 1 User Header OTP (CMACKEY0, CMACKEY1, CMACKEY2, CMACKEY3) CMACKEY0 contains the key's MSW and CMACKEY3 contains the LSW. |
Example: Key = 0x00112233 44556677 8899AABB CCDDEEFF CMACKEY0 = 0x00112233 CMACKEY1 = 0x44556677 CMACKEY2 = 0x8899AABB CMACKEY3 = 0xCCDDEEFF |
CPU | Action on Failed Authentication |
---|---|
C28x CPU | 1. Emulation only - Halt debugger (ESTOP) |
2. Wait in endless loop (for device reset due to WD reset) |
Step | Action |
---|---|
1 | Secure Flash boot CPU |
2 | Any Flash beyond the first 16KB from the entry point that is planned for use can be authenticated by you using a different CMAC golden tag embedded at an address somewhere within the already authenticated 16KB of Flash. |
APIs for CMAC calculation and authentication is provided as part of ROM. Details are available in Section 4.7.9.