This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

What is "TI Failure Analysis"?

There are many things that can be configured in the CCFG area for cc13xx/cc26xx. One of them is the CCFG_TI_OPTIONS which has the sole option of enabling/disabling the feature "TI Failure Analysis" (see section 9.1.1.15 in the tech ref manual for 13xx/26xx). Section 9.1 also suggests that for production binaries, the TI FA feature should be disabled.


I can't seem to find more documentation on what "TI Failure Analysis" is and how it affects the chip/fw/application. Can TI describe this? Section 9.1 implies that when enabled, there is some access feature to the chip that presumably is TI-only, perhaps with the ability to control the SoC (step, stop etc) or read/write the fw. Please elaborate.


(also, feel free to move this post to other parts of the forum if better suited there)

Thanks,

Marcus

  • Hi, I cannot find much information about this option either other than the info you have found or are referring to.
    I did notice from a release note that the default setting was changed to 'disabled' this year:

    cc13xxware_2_03_01
    Release date: January 14, 2016
    New features:
    [DRV_SRC] CCFG: Changed default settings in CCFG to disable both Boot Loader (BL) and Failure analysis (TI_FA).
  • Found an old answer related to this:

    Disabling TI_FA_ENABLE is really a security precaution. If it is enabled, it is possible for TI to unlock access to the DAP and all TAPs on the device with a security key. If this key is compromised, anyone could potentially do this and get access to software/flash images/IP etc. Even though this is not a likely scenario, it is something we cannot rule out entirely. As a consequence, we recommend to disable this feature.

    We may still be able to perform failure analysis of the device if TI_FA_ENABLE is disabled, but this requires that we perform a total erase of the chip (which also requires a security key). This wipes out everything on the device, so it may be difficult in those cases to check for in-field flash-corruption and similar issues.

  • Hi Fred and TER,

    thanks for your answers, they go along with what I guessed it would do.

    Having a TI-only backdoor into the device makes sense in a lot of situations and I fully agree that a released product def should have TI FA disabled due to the possible heavy consequences, despite how likely or unlikely leaking the key is. Also, while the key is secret today, and it may never leak through TI, there is always a risk an adversary may find a way to find it on their own, or some other way to invoke the same functionality. From reading lots and lots of fun articles on reverse engineering and hacks and whatnot, I've found that some people really have plenty more imagination, creativity and time than I have :)

    I appreciate your openness and your answers, thanks a lot!

    Best,
    Marcus