• Not Answered

Code protection

Hi,

Right now I'm working on a board based on a C6748 Dsp and I'd like to now if there is any code protection feature like:

- Preventing Dsp memory read from CCS via an emulator (Xds100 etc...)

- Disabling  emulator connection

-....

Thank's in advance for youre help

Bruno

22 Replies

  • Bruno,

    Which version of CCS are you using?

    CCS will only do memory reads when you tell it to. This is done when you click Refresh or use the Continuous Refresh feature. Avoid Continuous Refresh and do not click Refresh, then there will not be any CCS memory reads while the DSP is running.

    Is this what you are asking about, or are you talking about security modes that might prevent someone else from using an emulator to view your program? For the security modes, please refer to Secure Boot in the datasheet and User Guides.

    Regards,
    RandyP

     

    If you need more help, please reply back. If this answers the question, please click  Verify Answer  , below.

  • In reply to RandyP:

    Hi Randy

    Thank you for youre quick reply. and for all the information

    In fact I was considering the second issue (security modes) which is new to me.

    I've found and downloded the tools and I'll investigate the subject.

    Regards,

     Bruno

  • In reply to Bruno Scherrer:

    Hi Randy,

    I'm back into Security. I went a little further in the subject but now I'm stuck: the C6748 hangs in booting my  Encrypted piece of code from Spiflash.

    Here is what I've done:

    I've first generated a Secure Code.bin file from a working .out executable code (Code.out) using SecureHexAIS_OMAP-L138.exe

    Seems to work fine although I'm not sure of all the parameters I've set (I'm especially wondering about all different Die releases like D800K002 etc...)

    I  then downloaded the Code.bin file using "sfh_OMAP-L138.exe" after erasing the Flash : seems OK...

    And I finaly reset and restarted the Dsp but it hangs somewhere...

    - Is there something wrong with my programming sequence?

    - is there something wrong with my .ini File?

    - Something else?

    rem1: I need the DDR to be initialized at boot for code placement

    rem2: the .out file is not stripped and has Debug info in it.

    Please find below the content of the .ini file as well as a screenshot of  SecureHexAIS_OMAP-L138.exe  execution

    regards,

     Bruno

    ___________________________________________________________________________

    //Start Of File OMAP-L138_generic_secure.ini:

    ; General settings that can be overwritten in the host code
    ; that calls the AISGen library.
    [General]

    ; SPIMASTER,I2CMASTER,EMIFA,NAND,EMAC,UART,PCI,HPI,USB,MMC_SD,VLYNQ,RAW
    BootMode=SPIMASTER

    ; NO_CRC,SECTION_CRC,SINGLE_CRC
    crcCheckType=NO_CRC

    ;__________________________________________________________
    ;BSR Add Start:
    ; Security settings (keys, options, list of sections to encrypt, etc.)
    [Security]

    ; Security Type: GENERIC, CUSTOM, NONE
    securityType=GENERIC

    ; Boot Exit Type: NONSECURE, SECUREWITHSK, SECURENOSK
    ; NONSECURE = Device switches from secure type to non-secure type, jumping to loaded code
    ;             (no secure kernel since no longer secure device).
    ; SECUREWITHSK = Device remains as secure type, secure kernel is loaded, allowing run-time
    ;                security context switching.
    bootExitType = NONSECURE

    ; Option to include in the generated key header the flag to force the JTAG off
    ;genericJTAGForceOff=FALSE

    ; Encrypt section list (ALL or comma-separated list of section names)
    encryptSections=ALL

    ; CEK used for AES encryption of data - must be string of 32 hexadecimal characters
    encryptionKey=4A7E1F56AE545D487C452388A65B0C05

    ; Debug key
    ;keyEncryptionKey=0B94A91D33E597097F6C426F8F016872

    ; SHA Algorithm Selection
    genericSHASelection = SHA256

    ; Binary file containing secure key header for generic device
    ;genKeyHeaderFileName=key_hdr_sha256_enc.bin

    ;BSR_Add End
    ;__________________________________________________________

    ; This section allows setting the PLL0 system clock with a  
    ; specified multiplier and divider as shown. The clock source
    ; can also be chosen for internal or external.
    ;           |------24|------16|-------8|-------0|
    ; PLL0CFG0: | CLKMODE| PLLM   | PREDIV | POSTDIV|
    ; PLL0CFG1: | RSVD   | PLLDIV1| PLLDIV3| PLLDIV7|
    [PLL0CONFIG]
    PLL0CFG0 = 0x00180001
    PLL0CFG1 = 0x00000205

    ; This section allows setting up the PLL1. Usually this will
    ; take place as part of the EMIF3a DDR setup. The format of
    ; the input args is as follows:
    ;           |------24|------16|-------8|-------0|
    ; PLL1CFG0: |    PLLM| POSTDIV| PLLDIV1| PLLDIV2|
    ; PLL1CFG1: |           RSVD           | PLLDIV3|
    ;[PLL1CONFIG]
    ;PLL1CFG0 = 0x00000000
    ;PLL1CFG1 = 0x00000000

    ; This section lets us configure the peripheral interface
    ; of the current booting peripheral (I2C, SPI, or UART).
    ; Use with caution. The format of the PERIPHCLKCFG field
    ; is as follows:
    ; SPI:        |------24|------16|-------8|-------0|
    ;             |           RSVD           |PRESCALE|
    ;
    ; I2C:        |------24|------16|-------8|-------0|
    ;             |  RSVD  |PRESCALE|  CLKL  |  CLKH  |
    ;
    ; UART:       |------24|------16|-------8|-------0|
    ;             | RSVD   |  OSR   |  DLH   |  DLL   |
    ;[PERIPHCLKCFG]
    ;PERIPHCLKCFG = 0x00000000


    ;********************************************************************************
    ;******************************* 132 MHz DDR settings ***************************
    ;********************************************************************************

    ; This section can be used to configure the PLL1 and the EMIF3a registers
    ; for starting the DDR2 interface.
    ; See PLL1CONFIG section for the format of the PLL1CFG fields.
    ;            |------24|------16|-------8|-------0|
    ; PLL1CFG0:  |              PLL1CFG              |
    ; PLL1CFG1:  |              PLL1CFG              |
    ; DDRPHYC1R: |             DDRPHYC1R             |
    ; SDCR:      |              SDCR                 |
    ; SDTIMR:    |              SDTIMR               |
    ; SDTIMR2:   |              SDTIMR2              |
    ; SDRCR:     |              SDRCR                |
    ; CLK2XSRC:  |             CLK2XSRC              |
    [EMIF3DDR]
    PLL1CFG0 = 0x15010001
    PLL1CFG1 = 0x00000002
    DDRPHYC1R = 0x000000C4
    SDCR = 0x0A034622
    SDTIMR = 0x184929C8
    SDTIMR2 = 0xB80FC700
    SDRCR = 0x00000406
    CLK2XSRC = 0x00000000


    ;********************************************************************************
    ;******************************* 150 MHz DDR settings ***************************
    ;********************************************************************************

    ; This section can be used to configure the PLL1 and the EMIF3a registers
    ; for starting the DDR2 interface.
    ; See PLL1CONFIG section for the format of the PLL1CFG fields.
    ;            |------24|------16|-------8|-------0|
    ; PLL1CFG0:  |              PLL1CFG              |
    ; PLL1CFG1:  |              PLL1CFG              |
    ; DDRPHYC1R: |             DDRPHYC1R             |
    ; SDCR:      |              SDCR                 |
    ; SDTIMR:    |              SDTIMR               |
    ; SDTIMR2:   |              SDTIMR2              |
    ; SDRCR:     |              SDRCR                |
    ; CLK2XSRC:  |             CLK2XSRC              |
    ;[EMIF3DDR]
    ;PLL1CFG0 = 0x18010001
    ;PLL1CFG1 = 0x00000002
    ;DDRPHYC1R = 0x000000C4
    ;SDCR = 0x0A034622
    ;SDTIMR = 0x1C912A08
    ;SDTIMR2 = 0x3811C700
    ;SDRCR = 0x00000494
    ;CLK2XSRC = 0x00000000

    [INPUTFILE]
    FILENAME=Code.out
    ENCRYPT=TRUE

    ___________________________________________________________________________

    //End of File OMAP-L138_generic_secure.ini

    ___________________________________________________________________________

    //Start of SecureHexAIS_OMAP-L138.exe:


    SecureHexAIS_OMAP-L138.exe -ini OMAP-L138_EVM_spi_Secure.ini Code.out (command line)
    -----------------------------------------------------
       TI Secure AIS Hex File Generator for OMAP-L138
       (C) 2011, Texas Instruments, Inc.
       Ver. 1.25
    -----------------------------------------------------


    Creating boot image for a generic secure device.
    INFO: Boot exit type has been selected as NONSECURE.
    WARNING: Encrypted Key Header data is absent - generating plaintext version.
             The Customer Encryption Key will be transferred in plaintext!
    INFO: Current SHA algorithm is SHA256.
    Begining the Secure AIS file generation.
    AIS file being generated for bootmode: SPIMASTER.
            Signature Hash: D7-3A-83-76-D6-67-16-03-30-3E-71-C5-24-82-C8-60-9D-27-42-15-74-F0-13-15-B4-2E-18-FC-B0-F2-59-C7
            Signature Byte Count = 64
            Signature Hash: 29-01-20-03-DC-FE-25-B6-B0-E3-13-A4-4B-F1-96-EC-C8-13-37-5E-3C-72-48-45-3A-C9-96-55-CB-0C-DC-63
            Signature Byte Count = 40
    Parsing the input object file, Code.out.
    Encrypting section .text, since ALL was specified for encryptSections in ini file.
    Encrypting section .const, since ALL was specified for encryptSections in ini file.
    Encrypting section .bios, since ALL was specified for encryptSections in ini file.
    Encrypting section .cinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .args, since ALL was specified for encryptSections in ini file.
    Encrypting section .gblinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .rtdx_text, since ALL was specified for encryptSections in ini file.
    Encrypting section .sysinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .switch, since ALL was specified for encryptSections in ini file.
    Encrypting section .hwi_vec, since ALL was specified for encryptSections in ini file.
    Encrypting section .trace, since ALL was specified for encryptSections in ini file.
    Encrypting section .sts, since ALL was specified for encryptSections in ini file.
    Encrypting section .log, since ALL was specified for encryptSections in ini file.
    Encrypting section .pinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .trcdata, since ALL was specified for encryptSections in ini file.
    Parsing the input object file, Code.out.
            Signature Hash: 03-44-ED-AC-C6-F9-90-FA-BB-1E-BC-5A-45-29-3F-97-0C-10-45-D8-F3-7E-2A-2D-42-9C-74-41-61-B3-B7-31
            Signature Byte Count = 233360
    AIS file generation was successful.
    Wrote 233580 bytes to file Code.bin.
    Conversion is complete.


    ___________________________________________________________________________

    End of SecureHexAIS_OMAP-L138.exe:

  • In reply to Bruno Scherrer:

    Bruno Scherrer

    Hi Randy,

    I'm back into Security. I went a little further in the subject but now I'm stuck: the C6748 hangs in booting my  Encrypted piece of code from Spiflash.

    Here is what I've done:

    I've first generated a Secure Code.bin file from a working .out executable code (Code.out) using SecureHexAIS_OMAP-L138.exe

    Seems to work fine although I'm not sure of all the parameters I've set (I'm especially wondering about all different Die releases like D800K002 etc...)

    I  then downloaded the Code.bin file using "sfh_OMAP-L138.exe" after erasing the Flash : seems OK...

    And I finaly reset and restarted the Dsp but it hangs somewhere...

    - Is there something wrong with my programming sequence?

    - is there something wrong with my .ini File?

    - Something else?

    rem1: I need the DDR to be initialized at boot for code placement

    rem2: the .out file is not stripped and has Debug info in it.

    Please find below the content of the .ini file as well as a screenshot of  SecureHexAIS_OMAP-L138.exe  execution

    regards,

     Bruno

    ___________________________________________________________________________

    //Start Of File OMAP-L138_generic_secure.ini:

    ; General settings that can be overwritten in the host code
    ; that calls the AISGen library.
    [General]

    ; SPIMASTER,I2CMASTER,EMIFA,NAND,EMAC,UART,PCI,HPI,USB,MMC_SD,VLYNQ,RAW
    BootMode=SPIMASTER

    ; NO_CRC,SECTION_CRC,SINGLE_CRC
    crcCheckType=NO_CRC

    ;__________________________________________________________
    ;BSR Add Start:
    ; Security settings (keys, options, list of sections to encrypt, etc.)
    [Security]

    ; Security Type: GENERIC, CUSTOM, NONE
    securityType=GENERIC

    ; Boot Exit Type: NONSECURE, SECUREWITHSK, SECURENOSK
    ; NONSECURE = Device switches from secure type to non-secure type, jumping to loaded code
    ;             (no secure kernel since no longer secure device).
    ; SECUREWITHSK = Device remains as secure type, secure kernel is loaded, allowing run-time
    ;                security context switching.
    bootExitType = NONSECURE

    ; Option to include in the generated key header the flag to force the JTAG off
    ;genericJTAGForceOff=FALSE

    ; Encrypt section list (ALL or comma-separated list of section names)
    encryptSections=ALL

    ; CEK used for AES encryption of data - must be string of 32 hexadecimal characters
    encryptionKey=4A7E1F56AE545D487C452388A65B0C05

    ; Debug key
    ;keyEncryptionKey=0B94A91D33E597097F6C426F8F016872

    ; SHA Algorithm Selection
    genericSHASelection = SHA256

    ; Binary file containing secure key header for generic device
    ;genKeyHeaderFileName=key_hdr_sha256_enc.bin

    ;BSR_Add End
    ;__________________________________________________________

    ; This section allows setting the PLL0 system clock with a  
    ; specified multiplier and divider as shown. The clock source
    ; can also be chosen for internal or external.
    ;           |------24|------16|-------8|-------0|
    ; PLL0CFG0: | CLKMODE| PLLM   | PREDIV | POSTDIV|
    ; PLL0CFG1: | RSVD   | PLLDIV1| PLLDIV3| PLLDIV7|
    [PLL0CONFIG]
    PLL0CFG0 = 0x00180001
    PLL0CFG1 = 0x00000205

    ; This section allows setting up the PLL1. Usually this will
    ; take place as part of the EMIF3a DDR setup. The format of
    ; the input args is as follows:
    ;           |------24|------16|-------8|-------0|
    ; PLL1CFG0: |    PLLM| POSTDIV| PLLDIV1| PLLDIV2|
    ; PLL1CFG1: |           RSVD           | PLLDIV3|
    ;[PLL1CONFIG]
    ;PLL1CFG0 = 0x00000000
    ;PLL1CFG1 = 0x00000000

    ; This section lets us configure the peripheral interface
    ; of the current booting peripheral (I2C, SPI, or UART).
    ; Use with caution. The format of the PERIPHCLKCFG field
    ; is as follows:
    ; SPI:        |------24|------16|-------8|-------0|
    ;             |           RSVD           |PRESCALE|
    ;
    ; I2C:        |------24|------16|-------8|-------0|
    ;             |  RSVD  |PRESCALE|  CLKL  |  CLKH  |
    ;
    ; UART:       |------24|------16|-------8|-------0|
    ;             | RSVD   |  OSR   |  DLH   |  DLL   |
    ;[PERIPHCLKCFG]
    ;PERIPHCLKCFG = 0x00000000


    ;********************************************************************************
    ;******************************* 132 MHz DDR settings ***************************
    ;********************************************************************************

    ; This section can be used to configure the PLL1 and the EMIF3a registers
    ; for starting the DDR2 interface.
    ; See PLL1CONFIG section for the format of the PLL1CFG fields.
    ;            |------24|------16|-------8|-------0|
    ; PLL1CFG0:  |              PLL1CFG              |
    ; PLL1CFG1:  |              PLL1CFG              |
    ; DDRPHYC1R: |             DDRPHYC1R             |
    ; SDCR:      |              SDCR                 |
    ; SDTIMR:    |              SDTIMR               |
    ; SDTIMR2:   |              SDTIMR2              |
    ; SDRCR:     |              SDRCR                |
    ; CLK2XSRC:  |             CLK2XSRC              |
    [EMIF3DDR]
    PLL1CFG0 = 0x15010001
    PLL1CFG1 = 0x00000002
    DDRPHYC1R = 0x000000C4
    SDCR = 0x0A034622
    SDTIMR = 0x184929C8
    SDTIMR2 = 0xB80FC700
    SDRCR = 0x00000406
    CLK2XSRC = 0x00000000


    ;********************************************************************************
    ;******************************* 150 MHz DDR settings ***************************
    ;********************************************************************************

    ; This section can be used to configure the PLL1 and the EMIF3a registers
    ; for starting the DDR2 interface.
    ; See PLL1CONFIG section for the format of the PLL1CFG fields.
    ;            |------24|------16|-------8|-------0|
    ; PLL1CFG0:  |              PLL1CFG              |
    ; PLL1CFG1:  |              PLL1CFG              |
    ; DDRPHYC1R: |             DDRPHYC1R             |
    ; SDCR:      |              SDCR                 |
    ; SDTIMR:    |              SDTIMR               |
    ; SDTIMR2:   |              SDTIMR2              |
    ; SDRCR:     |              SDRCR                |
    ; CLK2XSRC:  |             CLK2XSRC              |
    ;[EMIF3DDR]
    ;PLL1CFG0 = 0x18010001
    ;PLL1CFG1 = 0x00000002
    ;DDRPHYC1R = 0x000000C4
    ;SDCR = 0x0A034622
    ;SDTIMR = 0x1C912A08
    ;SDTIMR2 = 0x3811C700
    ;SDRCR = 0x00000494
    ;CLK2XSRC = 0x00000000

    [INPUTFILE]
    FILENAME=Code.out
    ENCRYPT=TRUE

    ___________________________________________________________________________

    //End of File OMAP-L138_generic_secure.ini

    ___________________________________________________________________________

    //Start of SecureHexAIS_OMAP-L138.exe:


    SecureHexAIS_OMAP-L138.exe -ini OMAP-L138_EVM_spi_Secure.ini Code.out (command line)
    -----------------------------------------------------
       TI Secure AIS Hex File Generator for OMAP-L138
       (C) 2011, Texas Instruments, Inc.
       Ver. 1.25
    -----------------------------------------------------


    Creating boot image for a generic secure device.
    INFO: Boot exit type has been selected as NONSECURE.
    WARNING: Encrypted Key Header data is absent - generating plaintext version.
             The Customer Encryption Key will be transferred in plaintext!
    INFO: Current SHA algorithm is SHA256.
    Begining the Secure AIS file generation.
    AIS file being generated for bootmode: SPIMASTER.
            Signature Hash: D7-3A-83-76-D6-67-16-03-30-3E-71-C5-24-82-C8-60-9D-27-42-15-74-F0-13-15-B4-2E-18-FC-B0-F2-59-C7
            Signature Byte Count = 64
            Signature Hash: 29-01-20-03-DC-FE-25-B6-B0-E3-13-A4-4B-F1-96-EC-C8-13-37-5E-3C-72-48-45-3A-C9-96-55-CB-0C-DC-63
            Signature Byte Count = 40
    Parsing the input object file, Code.out.
    Encrypting section .text, since ALL was specified for encryptSections in ini file.
    Encrypting section .const, since ALL was specified for encryptSections in ini file.
    Encrypting section .bios, since ALL was specified for encryptSections in ini file.
    Encrypting section .cinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .args, since ALL was specified for encryptSections in ini file.
    Encrypting section .gblinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .rtdx_text, since ALL was specified for encryptSections in ini file.
    Encrypting section .sysinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .switch, since ALL was specified for encryptSections in ini file.
    Encrypting section .hwi_vec, since ALL was specified for encryptSections in ini file.
    Encrypting section .trace, since ALL was specified for encryptSections in ini file.
    Encrypting section .sts, since ALL was specified for encryptSections in ini file.
    Encrypting section .log, since ALL was specified for encryptSections in ini file.
    Encrypting section .pinit, since ALL was specified for encryptSections in ini file.
    Encrypting section .trcdata, since ALL was specified for encryptSections in ini file.
    Parsing the input object file, Code.out.
            Signature Hash: 03-44-ED-AC-C6-F9-90-FA-BB-1E-BC-5A-45-29-3F-97-0C-10-45-D8-F3-7E-2A-2D-42-9C-74-41-61-B3-B7-31
            Signature Byte Count = 233360
    AIS file generation was successful.
    Wrote 233580 bytes to file Code.bin.
    Conversion is complete.


    ___________________________________________________________________________

    End of SecureHexAIS_OMAP-L138.exe:

  • In reply to Bruno Scherrer:

    Hello,

    Are you sure your chip is a secure boot enabled one ? (those with an 'E' suffix, see p276 of data sheet sprs586d).

    Regards,

    Jakez

  • In reply to Jakez:

    Bruno,

    You marked my first reply to you as an Answer to your question. Our factory experts are less likely to look at an Answered thread when they are looking for someone to help, so if that did not really answer your question, you can remove that mark. Or tell me and I can find someone who can remove it from the support team.

    Your answer to Jakez's question may be crucial. Please include all of the device markings in your reply.

    Regards,
    RandyP

  • In reply to RandyP:

    Randy, Jakez,

    I'm afraid my chip does not support secure boot. The latest chip version we have is marked as:

    TMS320C6748 BZCE   

    followed by these obscure symbols :

    OBAEVXW GI 375  527 ZCE

    Obviously there is no E suffix.

    The thing is I've planed to make boot encryption work for mid of May the latest so my questions are:

    - Do you know if the E suffic C6748 is already avaiIable? (If yes I'll call  LogicPd asap to see if they can provide the right SOM)

    - If not is there anything  else I can do on my chip (like using Secure Kernel for at least encrypt sensible code/data parts) ?

    Regards,

     Bruno

  • In reply to Bruno Scherrer:

    Randy,

    I've just removed the the mark you have  talked  about.

    Hope everything's ok now...

    Regards

    Bruno

  • In reply to Bruno Scherrer:

    Bruno,

    I missed the fact you have a TMS320C6748 instread of OMAP-L138; the description of the code name is given p267 of sprs590d.pdf (secure boot devices not described on previous data sheet versions).

    You can see the different versions effectively in production at http://www.ti.com/product/tms320c6748. The nearest secure boot equivalent (and available) for your chip should be TMS320C6748BZCEA3E (375 MHz).

    It is difficult to secure a code without a dedicated chip (hence the reason for creating the 'E' versions). With a standard CPU booting on flash EPROM, the whole content of the flash will be accessible via the JTAG link and downloadable (if the JTAG link is broken, the flash can be desoldered and copied).

    However, some techniques can make the cloning work significantly harder for the copist (but also for the designer), this one for example:

    1. Find specific information bits in your hardware (unique 64-bit signature in some SPI flash ICs, version code of circuits in registers,...) and compute a crypt/decrypt key from them.

    2. Encrypt sensible sections in your AIS file with a key that may be specific to a board or a run of boards.

    3. At runtime, collect your specific information bits and compute the decrypt key. You will then be able to decrypt sensible code when necessary (relocate it through DMA rather than decrypt in-place, avoid doing that immediatly at starting, make the life harder for the copist).

    4. Overwrite code that is no more used (initializations,...), span code sections (avoid a unique block), break the JTAG link if possible (cutting tracks,drilling vias, ...).

    Inconvenients: specific information bits may be hard to find or may require a different key for each board; non negligeable additional software

    Avantages: needs TMS320C64x assembler reverse engineering to be cracked, rather than simple flash copying

    Regards,

    Jakez

  • In reply to Bruno Scherrer:

    Hi Bruno

    Bruno Scherrer
    Do you know if the E suffic C6748 is already avaiIable? (If yes I'll call  LogicPd asap to see if they can provide the right SOM)

    Yes C6748 Secure Boot enabled device (Suffix E) are available. I am not sure about the LogicPD SOM with secure device availability, I believe they do have it in stock, but it would be best to confirm from them.

    Bruno Scherrer
    - If not is there anything  else I can do on my chip (like using Secure Kernel for at least encrypt sensible code/data parts) ?

    Not really, as Jakez explained, you would really need to get hold of the secure boot enabled devices to any meaningful development and debug to have a secure boot application based on these devices.

    Regards

    Mukul