Funciones de seguridad ampliadas en TPS546D24S y TPSM8S6C24
La interfaz digital en la electrónica de potencia se está convirtiendo en un método cada vez más popular para los ingenieros de diseño para supervisar dinámicamente sus sistemas de alimentación. Sin embargo, este aumento de popularidad está acompañado de una mayor vulnerabilidad a los riesgos de seguridad digital.
La familia de convertidores buck TPS546D24S y los módulos buck TPSM8S6C24 incluyen los primeros reguladores reductores PMBus de Texas Instruments con comandos de seguridad ampliados. Mediante el uso de los comandos adicionales de protección contra escritura y clave de acceso, los ingenieros de diseño ahora podrán configurar diferentes niveles de ajustes de seguridad, de abierto a permanente y bloqueo de escritura total.
Medios
[AUDIO LOGO]
Hello, everyone. Today, we'll be talking about the new extended security features in Texas Instruments' new TPS546D24S buck converter family and the TPSM8S6C24 buck module. Before we hop in to what extended security is and how you can utilize it to protect your power systems, let's first talk about why it's needed.
Digitally controlled power solutions using interfaces such as IIC, PMBus, or SVID are becoming an increasingly popular method for power designers to dynamically communicate with system components with flexibility and ease. The rise of digital interfacing, however, combined with recent geopolitical events across the world, have elevated concerns on ever-evolving security threats. Without proper security protocols, remote actors can gain root access to digital buses and send malicious commands, disrupting operation and potentially damaging hardware.
In order to mitigate these threats, power designers now need the ability to limit or completely lock the programmability of digitally controlled power supplies. Extended security features provide this ability by introducing new manufacturer-specific bus commands that extend the security capabilities of PMBus 1.3 without any hardware redesign and with minimal firmware modifications.
Let's go over exactly which commands are added with extended security. The first command is extended write protect, or manufacturer specific 43. The second is PASSKEY, or manufacturer specific 42. We will go over how to utilize these commands to configure five different security settings-- open, write protected, passkey protected, hardware locked, and double locked.
Let's first go over how extended write protect works. Extended write protect provides a 16-bit word that controls write options to specific commands or command groups. Shown here is the register map that shows the command or command group that each bit controls. For more details on the exact commands in each group, see the data sheet for TPS546D24S.
Configuring access to each command group is simple. Leave the bit associated with the command group to the default zero state to allow writes, or set the bit to one to make read-only. Unlike the standard write protect, extended write protect provides the option to disable writes to itself by setting bit 15. This allows you to permanently log any changes to extended write protect and subsequently the option to change the write ability of all other commands. Extended write protect can also lock access to PASSKEY, the other new command.
PASSKEY allows the user to set a 16-bit password to disable extended write protect and nonvolatile memory storage. Unlike many other commands, PASSKEY will not respond with its own value when read. Instead, it will respond with a fixed 16-bit word that indicates the state of PASSKEY.
The table below shows, in hex, the five states PASSKEY can be in. All zeros indicate that PASSKEY is unlocked and ready to be set with a new password. The following four states indicate the PASSKEY is locked, denoted by the F in the least significant hex bit.
The second to least significant hex bit also shows how many invalid attempts have been made. When the user has attempted three invalid passkeys keys in a row, denoted by 00FF, PASSKEY access will be locked. And all future rights to PASSKEY will be treated as invalid until there is a power-on reset.
With an understanding of how our new commands work, let's demonstrate different ways to use them or what we'll call security settings. Our first setting is the open setting. Let's jump to the GUI.
The open setting is the state set at our assembly and test site and is the state in which the device will be when delivered. As you can see, both extended write protect and PASSKEY are set to all zeros, which means all commands with write-access capability are write enabled. And nonvolatile memory storage is accessible. You'll want to keep it this way in the early stages of your development cycle so that changes in configuration can be made quickly and easily.
Next is the write-protected setting. Let's say you wanted to lock write access to both the output voltage and input voltage commands, for example. The register map from the data sheet shows us that the bits to set to lock those command groups are bits 12 and 5. Convert this to hex to get 1020.
We then simply write this value to extended write protect. And store to NVM. When written to hardware, you'll see that when we attempt to change the VOUT via VOUT_COMMAND and we write that to hardware, the PMBus log will show us an error, indicating that the command is write locked.
The write-protected security setting is useful for the later stages of development, like qualifications, where changes are less likely, but verification of write protection's interaction with firmware is necessary. Even though we locked write access to VOUT and VIN commands, the access can easily or accidentally be unlocked simply by writing all zeros into extended write protect again.
What if you wanted to prevent casual write access to extended write protect itself using a passkey? In this case, we can use the passkey protected setting. For the passkey protected setting, write a four-bit password to the PASSKEY command. Remember that PASSKEY has to be in the unlocked state, denoted by all zeros. Let's use ABCD, for example. And store to NVM.
As mentioned earlier, reading the PASSKEY command will not show its value. It now shows the state in which PASSKEY is in. Right now, it shows 000F because it is locked with zero invalid attempts. If we try extended write protect now, it will show that all registers have been locked.
To unlock, we write the password ABCD back into the PASSKEY command. Then we also have to write 0000 into it again in order to set PASSKEY back to its unlocked state. Finally, we store to NVM again.
With PASSKEY now unlocked, we can now overwrite extended write protect and change write-accessible commands if we choose to. The passkey-protected setting is useful for early prototyping stages. Devices can also be kept at this state for low-risk rails or systems.
The hardware-locked setting locks all changes that can be made to extended write protect. Let's revisit the extended write protect register map and set bit 15. If we store this to NVM, this will lock write access to itself and subsequently prevent any changes to the write accessibility of all other commands. In our example, VIN and VOUT will remain permanently write locked, while all other commands will remain write enabled.
You'll notice that PASSKEY and NVM store are both still accessible. This is done so that you can permanently lock extended write protect but still keep the write accessibility of NVM store passkey protected, because remember, PASSKEY not only protects extended write protect but NVM store as well. If you don't plan on using PASSKEY at all, it is recommended to write-lock changes to PASSKEY and to set PASSKEY itself to the unlocked state. This will prevent the accidental setting of PASSKEY to an unknown value and altering write protection.
This level of protection is useful for systems going into mass production, but what if we wanted to permanently lock any changes to all commands, including extended write protect, PASSKEY and NVM store? This is what we would call the double-locked setting.
Simply set the extended write protect, PASSKEY, and NVM store pins to one, as shown in our register map example. Convert this to hex before writing this hex value back into extended write protect and, finally, storing to NVM. This is called the double-locked setting, since not only is extended write protect locked by PASSKEY. But PASSKEY, in turn, is also locked by extended write protect. In addition, NVM store is also locked, making this a complete permanent lock setting.
This wraps up all security settings available with our extended security features. To summarize, extended security adds two new commands-- extended write protect, which can write-lock commands and command groups, and PASSKEY, which password protects extended write protect and NVM store.
With these two commands, we can set a device to five increasingly rigid security settings. Open keeps all commands write accessible. Write protected write-locks select commands. Passkey protected keeps write-locked commands password protected. Hardware protected keeps write-protected commands permanently locked. Double locked permanently locks all commands, including PASSKEY, and NVM store.
Extended security features are available now in our newly released TPS546D24S family of buck converters and the TPSM8S6C24 buck module. For more information on extended security, these devices, and more, click the link below to visit the product folders available now on ti.com. Thank you for watching.
