• State TI Thinks Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 82 subscribers
  • Views 579 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TMS320F28388D: security implementation and secure key storage

TMS320F280037C: How to generate RSA PKI or securely provision one

Bobby Gintz
Prodigy 20 points
Part Number: TMS320F280037C

I need to establish a secure link between the TNS320280037C and another CPU (ESP32)  to interact with and securely  program code in the TI MCU.  My plan is for the ESP32 to generate an AES key and provide that securely to the TI MCU (similar to TLS).  The key will be used to encrypt/decrypt all messages between the two mcc's using their HW crypto support.

However a secure connection must be established to pass the AES key to the TI mcu.  For this I plan for the TI MCU to send  a 2048 bit RSA key to the ESP which will be used to encrypt the AES key (similar to TLS).  

I see that the TMS320F280037C supports RSA and AES encryption and decryption in HW however there does not appear to be any support for key generation or mention of a solution for provisioning the devices with a PKI.

We are assuming a zero trust model and do not want to expose the keys in the devices at any time during the manufacturing process.  I believe our options are

  1. Have the TI mcu  generate the RSA key and store it in secure FLASH / OTP. This would require implementing mbedtls or another SW encryption library to generate the keys in software (probably at first boot) or
  2. Pre-provision the chips prior to receipt at the contract manufacturer.

Does TI have a solution for either of these approaches that permits users of these parts to securely provision them with asymmetric PKI?

  Thank you in advance!

  • 0
    TI__Mastermind 19795 points

    Hi Bobby,

    Thanks for your question! I believe that the F28003x series does not have hardware support for RSA (though software support should be possible). I will contact our security expert to see if RSA support is possible as you were mentioning.

    Regards,

    Vince

  • 0 in reply to Vince
    Prodigy 20 points

    Yes - I saw RSA APIs included in the library but now that I check I see it only supports AES.  So modifying the approach - The TI generates an RSA PKI (in software) and passes the public key to the ESP32 which uses it to securely pass back an AES key.  The key is decrypted (again in software).   From that point all communication is AES encrypted between the CPUs using HW crypto.  Do you see any issues with this approach?  Are there any limitations on the TI AES HW crypto functions?

  • 0 in reply to Bobby Gintz
    TI__Guru** 115271 points

    Hi Bobby,

    The AES key need to be programmed into USER OTP so if you plan to program it during runtime then you have to do it securely by having the flash API into secure sector. Is it not possible to have the AES KEY pre-programmed into the device ?

    Regards,

    Vivek Singh

  • 0 in reply to Vivek Singh
    Prodigy 20 points

    Thank you very much for your help Vivek!

    So this leads to my original question.  How can we preprogram the AES key into OTP securely so that it can not be exposed to the contract manufacturer?  Does TI offer a service for provisioning the parts?  Same question for how code signing key for secure boot?  What is the recommended solution?

  • 0 in reply to Bobby Gintz
    TI__Guru** 115271 points

    Hi,

    Bobby Gintz said:
    How can we preprogram the AES key into OTP securely so that it can not be exposed to the contract manufacturer?

    Unfortunately user need to trust the contract manufacturer on this by having NDA or any other form of legal agreement.

    Bobby Gintz said:
    Does TI offer a service for provisioning the parts?

    No, TI does not provide this service.

    Bobby Gintz said:
    Same question for how code signing key for secure boot?  What is the recommended solution?

    Same as above. This need to be programmed upfront and user need to trust contract manufacturer.

    Regards,

    Vivek Singh