• State
  • Locked Locked
  • Replies 9 replies
  • Subscribers 86 subscribers
  • Views 787 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F280037: Secure Bootloader with AES-GCM

Lin Li
Prodigy 10 points
Part Number: TMS320F280037
Other Parts Discussed in Thread: C2000WARE

Tool/software:

Hello team,

This is Lin Li with Infinitum Inc. I'm a newer to C2000 MCUs. However, I used TI's CCS and C54xx fixed point DSP chip set a lot.

Now I am assigned a task to build a secure bootloader via SPI with AES-GCM encryption/decryption functions. By searching the C2000ware, I found C:\ti\c2000\C2000Ware_5_03_00_00\driverlib\f28003x\examples\aes\aes_ex3_gcm_encrypt.c and aes_ex4_gcm_decrypt.c.

My questions are:

- How can I use (build and run) those two functions?

- Could any body explain the details of those functions to me? Or point me to the necessary documents. In addition, why do they need the uDMA in them?

- Do those function match with the NIST's SP 800-38D recommendation?

- Where can I find sample source code of a general bootloader (better support SPI)? So that in this general bootloader, those encryption/decryption functions can be called.

Thank you very much in advance for your help and support.

Looking forward to your response.

All the best,

Lin

  • 0
    TI__Expert 8631 points

    Hi Lin,

    Lin Li said:
    How can I use (build and run) those two functions?

    You can open those examples in ccs and build them.

    Please do look at the following threads and TRM for more details on this.

    (7) TMS320F280039C: Clarify AES module and its example code - C2000 microcontrollers forum - C2000Tm︎ microcontrollers - TI E2E support forums

    section 32.2 - TMS320F28003x Real-Time Microcontrollers Technical Reference Manual (Rev. C)

    Thanks

    Aswin

  • 0 in reply to Aswin P
    Prodigy 10 points

    Hi Aswin,

    Thank you very much for your reply.

    I will follow your links to carefully read all the information.

    However, by quick surfing the contents, I haven't found a sample bootloader which call the AES-GCM encryption/decryption functions.

    Could you point me to the specific part of the link or provide me the sample bootloader?

    Or do you have any application note or white paper for the AES-GCM encryption/decryption functions?

    Appreciate your help.

    Lin

  • 0 in reply to Lin Li
    TI__Guru* 81560 points

    Lin,

    Aswin is currently out of the office for local TI holiday in India.  I'm looping in some others to see if we can give some intermediate answers, but we may need to wait for Aswin to get back to the office next week.  Appreciate your patience.

    Best,

    Matthew

  • 0 in reply to MatthewPate
    Prodigy 10 points

    Hi Matt,

    Thanks for your update.

    I will wait for the answers in next week.

    Best,

    Lin

  • 0 in reply to Lin Li
    TI__Genius 14775 points

    Hi Matthew and Aswin,

    Can you please help to provide feedback on Lin's pending questions from last week? Feel free to loop in any others from your team as needed to provide support here. If it easier we are also happy to continue this discussion over email. Looking forward to your reply!

    -Matt

  • 0 in reply to Matt Calvo
    TI__Genius 14775 points

    Hey C2000 Team,

    I know you are hard at work finding the right experts to provide answers to Lin's latest questions but can you please help to provide a status update? If you need more time please let us know so that we can get a better sense of when we can expect answers on this inquiry.

    -Matt

  • 0 in reply to Matt Calvo
    TI__Expert 8631 points

    Hi Lin,

    Thanks for the patience.

    Currently we have non secure Boot loaders and AES-GCM examples in our C2000Ware SDK. 

    As a top-level approach, we have the below flow-

    The bootloader application needs to have these two sections - 

    Our current SDK does not have an example with this format, let me loop our BootROM experts to comment on this.

    Regards

    Aswin

  • 0 in reply to Aswin P
    Prodigy 10 points

    Hi Aswin,

    Thanks for your reply and all the information. 

    Yes, please loop your BootROM experts to get the comments.

    We want to use the Bank0 and Bank1 flash of F280037 to save current executable FW and the new received, decrypted FW from host processor via SPI. After verified by AES-GCM decryption function the new FW will switch to current executable FW and the previous executable FW will be replaced by next new version of FW. Could you or the BootROM experts give the comments on that idea?

    Meanwhile, could you point me to the non secure bootloader example code?

    Looking forward to the further comments.

    Regards,

    Lin

  • 0 in reply to Lin Li
    TI__Mastermind 21305 points

    Hi Lin,

    From what I have read this looks like an attempt to perform a FW update using a SPI bootloader with AES-GCM decryption needed for the externally received image. Is this correct?

    If so, can we also understand if the intention is to securely update the FW (following security principles) or are you okay with the non-secure FW update proposal communicated by Aswin and team, where the device only decrypts and programs the received image onto the desired flash bank?

    Please note that if the intension is to implement “secure” FW update, there are additional considerations that need to be taken into account at a device and application level.

    Considerations include, but are not limited to, establishing root-of-trust via ROM for the custom SPI Bootloader and ensuring that the authenticity and integrity of the new FW received from external EEPROM is from a trusted and known source. These considerations will demand more requirements of the device and application to properly implement secure FW update.

    Regards,

    Ozino