• State Resolved
  • Locked Locked
  • Replies 7 replies
  • Subscribers 31 subscribers
  • Views 938 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TM4C1290NCZAD: TM4C1290NCZAD // Security features and concepts

Peter Hanger1
Intellectual 1200 points
Part Number: TM4C1290NCZAD

Hello team,

what security features does the TM4C1290NCZAD have and which security concepts does it support?

There is a security concept published for C2000. Is there something similar available for Tiva processors?

Thanks,

Peter

  • 0
    TI__Guru 72500 points
    The TM4C devices have the ability to lockout the JTAG/SWD port to limit the ability to read the memory contents. The devices can be unlocked by an unlock sequence, but all of the contents of flash and eeprom memory are erased before the device is unlocked.
    The devices also has the ability to lock a block of EEPROM or the entire EEPROM module with a password.
  • 0
    Guru 117855 points

    Is it not "fair/proper" to ask, "Realistically - how much "security" can be provided by a "sub 10 (USD) device?"
    Even with JTAG/SWD defeated - a skilled/motivated "enthusiast" - can "have all the code w/in 10 minutes!"

    Secure (i.e. "hardened") such MCUs do exist - yet these prove (far) higher cost - and these too - may see their multiple (security) measures "fall" to those well equipped, skilled & motivated...

  • 0 in reply to Bob Crosby
    TI__Intellectual 1200 points

    Hi Bob,

    thanks for your quick help.

    They had further questions:

    - Is there a Hardware crypto engine?
    - Is there a true RNG?
    - Is there a memory protection unit?

    Could you help with that?

    Thanks,

    Peter

  • 0 in reply to Peter Hanger1
    TI__Guru 72500 points

    Peter Hanger1 said:
    - Is there a Hardware crypto engine?

    Not on the TM4C1290NCZAD. See the selection guide for the TM4C129 parts that have the hardware accelerator.

    http://www.ti.com/microcontrollers/c2000-performance-mcus/control-automation/tm4c12x/products.html

    Peter Hanger1 said:
    - Is there a true RNG?

    No

    Peter Hanger1 said:
    - Is there a memory protection unit?

    Yes, see page 187 of the datasheet: http://www.ti.com/lit/ds/symlink/tm4c1290nczad.pdf

  • 0 in reply to Bob Crosby
    TI__Intellectual 1200 points
    Thanks for the quick feedback Bob. This was helpful for the customer.

    Peter
  • 0 in reply to Bob Crosby
    TI__Intellectual 1200 points

    Hi Bob,

    as they are going forward some more questions came up. Could you please help to answer them?

    To protect a non-updateable, fixed bootloader located in the flash memory and installed at production of the device, they have seen there are two options to do this: the mentioned MPU and the flash memory protection (FMPREn and FMPPEn registers and disabling debug).

    -       What are the differences and which do we use? Or do we use both?

    -       What does privileged mode mean?

    -       Are there other options and/or other important things we should take care of?

    Thanks,

    Peter

  • 0 in reply to Peter Hanger1
    TI__Guru 72500 points
    Using the flash memory protection is probably best to avoid having a boot loader section accidentally erased or overwritten. Unless you are worried about someone copying, or reading the code, it would not be necessary to disable debug. The MPU is more useful in protecting the code from accessing locations that it should not, such as executing through a section of data. The Cortex M4 has different operating modes. Most are privileged, but the "user" mode is not. There are some registers that cannot be written to in "user" mode. Often the modes are used with an operating system. The operating system and interrupts operate in privileged mode, but the application code operates in "user" mode. If the application code needs to do something that requires writing to a privileged register, it must do it with a call to the operating system. That way the operating system can limit what the application code can do.