• State TI Thinks Resolved
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 70 views
  • Users 0 members are here
Support feedback
Options
Options
Related

AM2634: HSM Runtime Firmware Image Mandatory in HS-SE Mode

Daniel Basch
Prodigy 10 points
Part Number: AM2634


  1. Is it mandatory to flash the HSM Runtime image when operating in HS-SE mode?
  2. Is it also required that the HSM Runtime image gets loaded into the HSM core (includes certification verification and image integrity validation) regardless if we are using any of its services in the SBL.
  3. Do the HSM Runtime Firmware and the SBL image share the same memory regions in QSPI flash memory ( 0x0_0000 - 0xF_0000 and 0xF_0000 - 0xX_0000 (start of app image) )?
  • 0
    TI__Guru* 86966 points

    Hi,

    Daniel Basch said:
    Is it mandatory to flash the HSM Runtime image when operating in HS-SE mode?

    HSM is part of the secure boot flow, but if you do not wish to authenticate/verify the application using the HSMRT and not use any HSM services in application, then this is not needed.
    However, the SBL parsing API however, tries to authenticate the image if the device is HS_SE, so you would have to disable the same there.

    May I know why is the device in HS_SE, if the HSM firmware is not needed? Any specific usecase?

    Daniel Basch said:
    Is it also required that the HSM Runtime image gets loaded into the HSM core (includes certification verification and image integrity validation) regardless if we are using any of its services in the SBL.

    Yes, to use the HSM service, the HSMRT should be loaded into HSM core, as this serves as server to the client calls of the service from R5 core.

    Daniel Basch said:
    Do the HSM Runtime Firmware and the SBL image share the same memory regions in QSPI flash memory ( 0x0_0000 - 0xF_0000 and 0xF_0000 - 0xX_0000 (start of app image) )?

    The out of box SBL binaries include the HSMRT image within it, so that these can be placed in the same region in the flash memory. Else, if you would like to place the HSMRT in a different flash memory location, that is also possible.

    The SBL QSPI FASTBOOT could be referred for this.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 10 points

    Hi Nikhil,

    Nikhil Dasan said:
    HSM is part of the secure boot flow, but if you do not wish to authenticate/verify the application using the HSMRT and not use any HSM services in application, then this is not needed.
    However, the SBL parsing API however, tries to authenticate the image if the device is HS_SE, so you would have to disable the same there.

    May I know why is the device in HS_SE, if the HSM firmware is not needed? Any specific usecase?

    We do want the SBL image fully authenticated through the HSM ROM and to use secure boot. We just don't want to utilize the provided HSM Runtime firmware for authentication of the application image. Using software provided by a vendor could present compliance complexities with our current project.

    For authentication of the application image, would it be possible to have the SBL image leverage the DTHE and perform the certificate verification, image integrity, and encryption/decryption. Or is it possible for us to develop our own HSM runtime image to utilize the HSM?

  • 0 in reply to Daniel Basch
    TI__Guru* 86966 points

    Hi,

    Daniel Basch said:
    For authentication of the application image, would it be possible to have the SBL image leverage the DTHE and perform the certificate verification, image integrity, and encryption/decryption

    Yes, it is definitely possible. The AES and SHA accelerators of DTHE have a public context, so that these could be run on R5 core. For the other accelerators such PKA (and AES, SHA as well), you would access it from M4 HSM core.

    Daniel Basch said:
    Or is it possible for us to develop our own HSM runtime image to utilize the HSM?

    TIFS SDK provided is a reference and open SDK. It is definitely possible to tune it or create your own HSM (and sign/encrypt using your root of trust keys), once the device is in HS-SE state.

    Thanks and Regards,

    Nikhil Dasan