[FAQ] MCU-PLUS-SDK-AM263X: How to integrate Custom HSM Firmware on Sitara MCU devices like AM263x ?

NOTE : For accessing the links mentioned in this thread, you must have an NDA and MySecureSW access.

Aakash Kedia said:

What are the important steps that needs to be considered to create a ROM compatible image ?

The steps of creating a ROM compatible image is mentioned here -

https://software-dl.ti.com/secure/software/sitara-sec/AM263X-RESTRICTED-SECURITY/TIFS_MCU/zlatest/tifs_am263x_latest_docs_only/docs/api_guide_am263x/html/hsm_runtime_firmware.html?__gda__=1702991055_4e297c06ea5d6689c689aabba20b032a#autotoc_md32

The customer HSM firmware should be available in a format where it can be converted into Raw Binary format. If the build system from custom HSM firmware does not use tiarmclang as compiler, it is preferred to use the same compiler tools to extract the bin file.

The binary file should not exceed in size - AM263x : The max size supported is 184KB.

Success criterion -

In the startup of custom HSM firmware - try writing in the public core accessible memory and keep the core in infinite loop after the same. Check this value after SBL successfully installs the custom HSM Firmware (mentioned in Q3).

Note : To verify this step, the SBL certificate must have a debug extension with debug options as Public Enable.

Aakash Kedia said:

How to run and debug an HSM Run Time image using CCS and XDS debugger ?

Ref : https://software-dl.ti.com/secure/software/sitara-sec/AM263X-RESTRICTED-SECURITY/TIFS_MCU/zlatest/tifs_am263x_latest_docs_only/docs/api_guide_am263x/html/HSM_DBG_SRV.html?__gda__=1702991855_f1703178bcb289c087ff1dff9b084069

On HS-SE devices, the debug is closed for HSM as well as R5F Application cores. There are 2 ways to open the debug.

1. The debug can be opened via ROM (only for application core R5FSS0-0) by enabling the DEBUG extensions in SBL certificates.
2. The debug can be opened via TIFS-MCU service.

To debug TIFS-MCU or R5F Applications in case of HS-SE devices, here is an FAQ - https://e2e.ti.com/support/microcontrollers/arm-based-microcontrollers-group/arm-based-microcontrollers/f/arm-based-microcontrollers-forum/1194740/faq-am2634-faq-how-to-debug-tifs-mcu-for-cortex-m4-on-am263x-am273x

However this method works for TIFS-MCU but might not work for custom HSM firmware. The customer HSM Firmware might not support the same debug authentication mechanism as TIFS-MCU.
Hence, accessing the HSM firmware for development purpose has to be done via directly accessing the secure manager's debug registers.

Simple Steps -

• Call SecMgr_SecureSetDebugFullEnable in the startup flow (after the stacks are initialized).
• After the SecMgr_SecureSetDebugFullEnable is called, insert a infinite_loop

Success criterion -

Try connecting to HSM cores as well as the R5F cores.

Note : To verify this step, the SBL certificate must not have a debug extension at all.

Aakash Kedia said:

What are the changes required for SBL for Custom HSM Run Time Firmware ?

There are required changes in the hsmclient_loadhsmrt.c (SDK/source/drivers/hsmclient/soc/am263x/hsmclient_loadhsmrt.c)

Hsmclient_loadHSMRtFirmware - This API is responsible for installing the HSM Firmware by using the ROM service. This API also waits till TIFS Initializations are completed and sends a Notification Message to HSMClient.

• Remove the calls for HsmClient_register as this is required for Boot Notify function of TIFS-MCU (this might not be relevant for Custom HSM Firmware).
• Remove the calls for HsmClient_waitforBootNotify as this is required for Boot Notify function (this might not be relevant for Custom HSM Firmware).
• Remove the calls for HsmClient_unregister as this is required for Boot Notify function (this might not be relevant for Custom HSM Firmware).

Success criterion -

• loadHSMResult.status is Hsmclient_ipcLoadHSMStatus_SUCCESS ensures that ROM has successfully accepted the image and booted the same.
• To merge with 1> the Custom Firmware will print data in the OCRAM.

Aakash Kedia said:

What are the basic requirements of HSM Run Time Firmware during initialization time of Custom HSM Run Time Firmware ?

• IPC Communication between HSM and R5F (or Application Cores) : The TIFS-MCU communication is based on Secure IPC or SIPC communication. Link to more details are mentioned here - https://software-dl.ti.com/mcu-plus-sdk/esd/AM263X/latest/exports/docs/api_guide_am263x/DRIVERS_HSMCLIENT_PAGE.html
  This communication for Customer HSM Firmware might differ. Reach out to the HSM Firmware vendor for more details.
  
  
• MPU Firewall Init : The TIFS-MCU firmware initializes all the MPU Firewalls for seamless experience of multicore devices in HS-SE mode, details are available on this link - https://software-dl.ti.com/secure/software/sitara-sec/AM263X-RESTRICTED-SECURITY/TIFS_MCU/zlatest/tifs_am263x_latest_docs_only/docs/api_guide_am263x/html/hsm_runtime_firmware.html?__gda__=1702991898_2be12ba93e7bff1105e0ee4122a02b16#autotoc_md26
  
  Firewalls allow access or denies the access to SoC resources. By default for HS-SE devices, the access to SoC resources are very limited → none.
  To ensure similar access between the HS-FS devices and HS-SE devices, the TIFS-MCU firmware configurations can be reused by the Customer HSM Firmware.