SPRUIZ1B July 2023 – August 2024 TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1
Secure Flash boot mode is similar to Flash boot mode in that the boot flow branches to the configured memory address in Flash except only after the Flash memory contents have been authenticated. The Flash authentication uses a Cipher-based Message Authentication Protocol (CMAC) to authenticate 16KB of Flash starting from the configured Flash entry point address. The CMAC calculation requires a user-defined 128-bit key programmed in the CPU User OTP Zone 1 Header OTP CMACKEY bit field. Additionally, the user must calculate the golden CMAC tag based on the 16KB Flash memory range and store the tag along with the user code at a hardcoded address in Flash. During secure Flash boot, the calculated CMAC tag is compared to the user golden CMAC tag in Flash to determine the pass/fail status of the CMAC authentication. When authentication passes, boot flow continues and branches to Flash to begin executing the application. Upon CPU1 secure boot mismatch, the device is reset. Upon CPU2 secure boot mismatch, an IPC is sent to CPU1 and CPU2 returns to “wait for command” mode.
For the available secure Flash boot entry address options, refer to Section 4.7.3.
For generating the secure Flash golden CMAC tag for CPU, refer to the TMS320C28x Assembly Language Tools User’s Guide within section “Using Secure Flash Boot on TMS320F2838x Devices” for instructions.
Key: 2B7E 1516 28AE D2A6 ABF7 1588 09CF 4F3C
(MSB is 2B and LSB is 3C)
CMACKEY0 = 0x2B7E 1516
CMACKEY1 = 0x28AE D2A6
CMACKEY2 = 0xABF7 1588
CMACKEY3 = 0x09CF 4F3C
Recommended to use device JTAGLOCK when using secure Flash boot.
APIs for CMAC calculation and authentication is provided as part of ROM. Details are available in Section 4.7.10.
Details | Location Address |
---|---|
CMAC Signature Address | Flash Entry Point Address + 0x2 |
CMAC Key Address (128-bit key) | DCSM Z1 OTP CMACKEY0/1/2/3 |
Flash Entry Point (Bank 0, Sector 0) | 0x0008 0000 |
Flash Entry Point (Bank 1, Sector 0) | 0x000A 0000 |
Flash Entry Point (Bank 2, Sector 0) | 0x000C 0000 |
Flash Entry Point (Bank 3, Sector 0) | 0x000E 0000 |
Flash Entry Point (Bank 4, Sector 0) | 0x0010 0000 |
Address Range for CMAC Calculation | Start: Flash Entry Point Address End: Flash Entry Point Address + 16KB |
Name | Address | Details |
---|---|---|
CMAC Golden Tag (128-bit) |
CPU: Flash Entry Point Address + 0x2 |
Located in Flash, offset
from the entry point address, by 2 words (CPU). When CMAC calculations are performed, the golden tag location in memory is considered all 0xFs. Refer to Example4-1 for an example regarding linker configuration on CPU. Lower memory contains the tag's MSW and higher memory contains the LSW. |
Example (on CPU): Tag = 0x0011 2233 4455 6677 8899 AABB CCDD EEFF Address 0x0 = 0x0011 2233 Address 0x2 = 0x4455 6677 Address 0x4 = 0x8899 AABB Address 0x6 = 0xCCDD EEFF |
||
CMAC 128-Bit Key | 0x0007 8018 | Located in CPU Zone 1 User
Header OTP (CMACKEY0, CMACKEY1, CMACKEY2, CMACKEY3) CMACKEY0 contains the key's MSW and CMACKEY3 contains the LSW. |
Example: Key = 0x0011 2233 4455 6677 8899 AABB CCDD EEFF CMACKEY0 = 0x0011 2233 CMACKEY1 = 0x4455 6677 CMACKEY2 = 0x8899 AABB CMACKEY3 = 0xCCDD EEFF |
CPU | Action on Failed Authentication |
---|---|
CPU1 |
1. Emulation only - Halt debugger (ESTOP) 2. Wait in endless loop (for device reset due to watchdog reset) |
CPU2 |
1. Send IPC to CPU1 2. Return to "wait for command" loop |