C2000 Dual Code Security Module (DCSM)

[AUDIO LOGO]

The Dual Code Security Module is a security feature implemented on C-2000 devices. Its primary purpose is to prevent unauthorized read or write access to proprietary code once a device has been programmed for production.

Security settings are configured by programming specified memory locations in User-OTP, or One-Time Programmable memory. This module is called the Dual Code Security Module because there are two secure zones on the device. Each zone is associated with a user, where each user can allocate memory regions to their zone and configure security settings for each memory region by programming specific fields in User-OTP.

Since there are two independent zones, two developers can program proprietary code on the same device while protecting the confidentiality of their code from both each other and potential hackers.

Security settings are programmed in specific regions of User-OTP. Security settings for Zone 1 are programmed between addresses 78,000 and 78,200, while settings for Zone 2 are programmed between addresses 78,200 and 78,400. For each zone, security settings are split between the Zone Header and the Zone Select Block.

The key difference between these regions is that most settings in the Zone Header can only be configured once, while settings in the Zone Select Block can be configured multiple times. This is possible due to the fact that there are multiple instances of the Zone Select Block, which allows the user to program security settings in an unprogrammed Zone Select Block when they wish to update these settings.

To use an unprogrammed Zone Select Block, the user must update a setting in the Zone Header referred to as the Link Pointer. The Link Pointer is a 32-bit value that is decoded by the DCSM module to determine which Zone Select Block is active.

Note that the Link Pointer is the only setting in the Zone Header that can be configured multiple times. The values programmed in the Zone Header and the currently active Zone Select Block combine to control the security settings for a specific zone. More information on the Link Pointer and Zone Select Block will be available in a later video in this video series.

The fundamental security feature provided by the DCSM module is configuring particular regions of memory as secure or unsecure. When a block of memory is secured by Zone 1 or Zone 2, data reads or writes by an unauthorized source such as JTAG or the CCS memory browser are blocked. If an unauthorized source attempts to read a secure memory location, the read returns all zeros, effectively blocking access to that memory.

Data reads or writes in these memory regions are only allowed by code that is secured by the same zone. For example, code running from a memory region secured by Zone 2 cannot read memory that is secured by Zone 1, but it can perform reads on any memory that is secured by Zone 2 or memory that is not secured by either zone.

While data reads and writes from an unauthorized source are blocked, instruction fetches are always allowed. This allows the owner of Zone 1 to utilize functions programmed by the owner of Zone 2 without compromising the code security of either zone.

For security to take effect, the owner of each zone must also program their own unique passwords in their active Zone Select Block. All C-2000 devices are programmed with default passwords. During the boot sequence, the boot ROM code attempts to unlock both zones using these passwords. When a user has programmed their own custom passwords, the boot ROM code will fail to unlock the user's zone, and the security settings configured by the user will take effect.

The user can also unlock their zone through the CCS on-chip flash tool using their custom passwords. More information on locking and unlocking a zone will be available in a later video in this video series.

This concludes the DCSM Module Overview video. Stay tuned for the upcoming videos in this video series for a more in-depth overview of the core concepts and features of DCSM. Additional resources can be found in any C-2000 technical reference manual, as well as various application reports written on DCSM.