• State TI Thinks Resolved
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 84 subscribers
  • Views 411 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TMS320F280039: security boot

TMS320F280039: CMAC check in customer bootloader

? ?
Prodigy 170 points
Part Number: TMS320F280039
Other Parts Discussed in Thread: C2000WARE, UNIFLASH, SYSCONFIG

Tool/software:

In our project, we have customer bootloader and application, now we want to use the API:CPU1BROM_calculateCMAC() in customer bootloader to verify the validity of application.

I have read the document <Application Report Secure BOOT on C2000 Device.pdf>.

1、The first step is Generation of the authentication tag.

In my understand, the CMACKEY is inputed by "boot_ex1_user_cmac_key.txt", 

the length of application (such as: FLASH_BANK0_2: o=0x00084000 l=0x000B0000, fill = 0xFFFF) is inputed by "boot_ex1_flash_hex_lnk_cpu1.cmd".

When we build application, the C2000  hex utility will run the CMAC algorithm and use the input message to generated Golden CMAC tag.

The the golden CMAC tag will be placed in "cmac_all" area? The "cmac_all" area is defined in customer bootloader or application?

2、The second step is  Authentication of the application boot code in flash.

When run the customer  bootloader, call the the API function:CPU1BROM_calculateCMAC() to compare  tag generated by the CMAC algorithm and Golden CMAC tag.

But where is the reference key defined?

  • 0
    TI__Mastermind 21290 points

    Hello,

    1. Refer to the secure boot example in c2000ware/driverlib/f28p65x/examples/boot to see the correct syntax for cmac_all. Here's an example:

    struct CMAC_TAG
    {
        char tag[8];
        uint32_t start;
        uint32_t end;
    };
    #pragma RETAIN(cmac_all)
    #pragma LOCATION(cmac_all, 0x082002)
    const struct CMAC_TAG cmac_all = {{ 0 }, 0x0, 0x0};
    The compiler/hex utility recognizes the "cmac_all" keyword and places the generate tag there.
    2. The reference key is defined in user otp, specifically in the CMACKEY field. This should match the key in the .txt file included in your project. If the keys match, the generated tag will be the same between when the hex utility generates it and places it in your application code and when the bootrom calls the function and generates a tag using a combination of the application code and the CMACKEY.
     
    Let me know if you have additional questions.
    Thank you,
    Luke
  • 0 in reply to Luke Jones
    Prodigy 170 points

    Hello,

    Thank you for your reply.

    Luke Jones said:

    1. Refer to the secure boot example in c2000ware/driverlib/f28p65x/examples/boot to see the correct syntax for cmac_all. Here's an example:

    struct CMAC_TAG
    {
        char tag[8];
        uint32_t start;
        uint32_t end;
    };
    #pragma RETAIN(cmac_all)
    #pragma LOCATION(cmac_all, 0x082002)
    const struct CMAC_TAG cmac_all = {{ 0 }, 0x0, 0x0};
    The compiler/hex utility recognizes the "cmac_all" keyword and places the generate tag there.

    1、Because the  hex utility use the application code to generate Golden CMAC tag, do I need define the variable "cmac_all" in application?

          Also, do we need set the configuration as follow when compiling applicatin other than bootloader?

    2、Does the CMACKEY field is refer to these register(Z1OTP_CMACKEY0|1|2|3)?

         If so, how can I change the values of these registers to match the key in the .txt file?
         Because the access type of these registers is R(read).
       
  • 0 in reply to ? ?
    TI__Mastermind 21290 points

    1. Yes you need to define cmac_all in your main.c file the way I demonstrated in my previous post. You need to set the memwidth and romwidth to 16 in order to program OTP with a hex file, looks like you have done this already.

    2. Yes, you can use CCS On-Chip flash tool or uniflash to program CMACKEY via a GUI, or you can use SysConfig DCSM Tool to embed the CMACKEY into your .out file when you program.

    Let me know if you have further questions.

  • 0 in reply to Luke Jones
    Prodigy 170 points

    Hello, Luke

    1、These register(Z1OTP_CMACKEY0|1|2|3) is defined in user otp, does these registers can be written more than one time?

    Or if one bit change to 0, it cannot be changed anymore?

    Also, does these register can be changed by CAN?

    2、I try to define cmac_all in our **.c file the way you demonstrated in your previous post.

    And change the output format as follow to avoid waring  "#1513-D The location pragma requires EABI"

    But I got a fatal error #10099-D program will not fit into available memory, or the section contains a call site that requires a trampoline that can't be generated for this section. placement with alignment/blocking fails for section ".text" size 0x211a page 0.  Available memory ranges: 

    FLASH_BANK0_UBOOT   size: 0x3f40       unused: 0x3f34       max hole: 0x1ff2 

  • 0 in reply to ? ?
    TI__Mastermind 21290 points

    Hello, 

    No, CMACKEY can only be written to once. If any bits are modified, the entire CMACKEY is frozen.

    You could potentially have some secure code that receives a CAN message and writes that value to CMACKEY.

    Did you use the secure boot example as a starting point? There should be a text file in your project defining the memory range for the .hex file.

    Thank you,

    Luke

  • 0 in reply to Luke Jones
    Prodigy 170 points
    Luke Jones said:
    You could potentially have some secure code that receives a CAN message and writes that value to CMACKEY

    1、Does this mean we can receive CAN message, for example 2E request(2e + DID + keyvalue ), then write the keyvalue  to CMACKEY registers in someway?

    2、In project C:\ti\c2000\C2000Ware_5_03_00_00\driverlib\f28p65x\examples\c28x\boot, the location of cmac_all is 0x082002.

    Does this mean the Golden CMAC tag is located in 0x082002 after I build this project? 

    But when I change the CMACkey value in txt file, I rebuild the project, Hex file has no change compare to original hex.

    I think the Golden CMAC tag area will change after I change the CMACkey.

    3、When I try to change the CMACKEY value via SysConfig DCSM Tool, how should I change the config in the red box?

    Also, If any of the value in ZONE1 Header changed, the other value in ZONE1 Header area could not be changed any more? 

    4、When I define "cmac_all" variable in application, but add two warning after build the project.

    Are the variables cmac_sb_1/2/3/4 necessary to add?  

     

  • 0 in reply to ? ?
    TI__Mastermind 21290 points

    1. Yes

    2. Yes it should. There should be another .txt file in the example that defines the range of the flash range that the .hex file will occupy. Does this range include address 0x82002?

    3. This depends what boot settings you want. Do you want to use secure boot? Do you want the capability to switch to wait boot by modifying the boot mode select pins?

    4. No it's not necessary to add the other cmac_sb_x objects.

    Thank you,

    Luke

  • 0 in reply to Luke Jones
    Prodigy 170 points

    Hello Luke,

    1、Could you please provide me some reference about how to write values to CMACKEY registers when receive value from uds service?

    2、Sorry, I build the project again, and have another question.

    The examlpe include a HEX directive named " boot_ex1_flash_hex_lnk_cpu1.cmd", which include address 0x82002.

    but when I change the CMACkey in txt file, there are  two difference between the generate file as follow:

    why the difference not located in 0x82002?

    3、If I donot want to use secure boot and donot want to switch to wait boot, how should I set configuration in the red box?

    If you need other information, please let me know.

    Thank you!

  • 0 in reply to ? ?
    TI__Mastermind 18450 points

    Hello,

    This expert is currently out of office until 10/21, so please expect a delay in response before then. Thank you for your patience.

    Best Regards,

    Allison

  • 0 in reply to Allison Nguyen
    Prodigy 170 points

    Hello,

    Does the Secure Boot expert has return to office?

  • 0 in reply to ? ?
    TI__Mastermind 21290 points

    Hello,

    1. You will likely need a CAN ISR to read the values and write to the CMACKEY registers using the flash API. I would suggest starting a separate thread for assistance on using the flash API to write to the CMACKEY fields.

    2. There is a difference at address 0x82004, I wouldn't worry about the values at 0x82002 being unchanged

    3. Do you want to use normal flash boot? If so you should select the flash boot option where the entry address is 0x82000. Note that the boot mode registers can only be programmed once since they're part of OTP so I would suggest using emulation boot for testing. The Secure Boot app note outlines how to use emulation boot. 

    Thank you,

    Luke

  • 0 in reply to Luke Jones
    Prodigy 170 points

    Hello, Luke

    I create a new thread for write DCSM config(include CMAC Key, JTAGPSWD Key, CSM Key and so on) to OTP area via flash API.   TMS320F280039C: SYSCONFIG

    Luke Jones said:
    I would suggest starting a separate thread for assistance on using the flash API to write to the CMACKEY fields.

    Thank you!

  • 0 in reply to ? ?
    TI__Mastermind 21290 points

    Understood, I will close this thread.

    --Luke