• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 82 subscribers
  • Views 106 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F280049: DCSM design question

Torsten Robitzki
Expert 2410 points
Part Number: TMS320F280049

Tool/software:

Hi,
I'm providing CAN bootloaders for various C2000 microcontrollers to customers of mine. Now, I'm finishing an encrypted firmware update option and that's where I have to think about the DCSM implemented in some of the C2000 µCs.

Typically, for a bootloader is, that the usage requires some amount of flash memory, but practically no RAM. The reason is, that application and bootloader will never run at the same time. So when one of the both is running, the RAM can be fully used.

I'm using a symmetric encryption / signing algorithm, that requires a secrete key to be stored with the bootloader. Disabling JTAG will be sufficient to secure the key, but potentially, bugs in the bootloader or application could be used to read out the flash memory (and thus compromising the applications confidentiality and / or the key).

DCSMs ability to restrict access to certain flash memory sectors to EXECUTION only, seems like a very good fit to the problem. But: The bootloader needs some portion of RAM run the flash library from there. As far as I understood the concept, it is possible to copy the library from flash to RAM, only when the RAM is assigned to the same zone and also set to EXECUTION only.

By setting this RAM portion to a specific zone and EXECUTION only, the RAM couldn't be used by the application any more (beside using it for a similar purpose when assigning the application flash to the same zone).

Is there a way to overcome this limitation, set the bootloaders flash memory to EXECUTION only, and still have the overall RAM still available for the application?

best regards

Torsten

  • +1
    TI__Genius 10481 points

    Hello Torsten,

    There isn't really a good solution to the approach of trying to make RAM EXEONLY, but only for the bootloader.

    However, I'm not sure you necessarily have to make the RAM EXEONLY. The Flash API library is public (we distribute this library freely on our website), so there is nothing to be gained by trying to maintain confidentiality of that library. You can consider placing the LOAD and RUN memory regions for the Flash library in non-EXEONLY RAM, and that way retain the ability to reuse that RAM for your application needs.

    Best regards,
    Ibukun

  • 0 in reply to Ibukun Olumuyiwa
    Expert 2410 points

    Hi Ibukun,

    that is a very interesting idea! Currently, the bootloader spans 2 sectors and I could protect one of the sectors and make sure, that the key is stored in that sector and try to make sure, that the flash library is linked into the unprotected sector.

    Thanks a lot for this idea!

    best regards

    Torsten