• State
  • Replies 6 replies
  • Subscribers 84 subscribers
  • Views 76 views
  • Users 0 members are here
Support feedback
Options
Options
Related

Original question:

LAUNCHXL-F280039C: Secure Boot

TMS320F28P650DH: Integrate secure boot beyond 16KB to existing bootloader (>16KB)

Hang Yang
Expert 3286 points

Part Number: TMS320F28P650DH

Hi Experts,

My customer is integraing secure boot features to their existing projects.

As we know the boot rom only supports secure boot for the first 16K and the memory beyoud 16K need to be covered by the SW within the first 16K.

However, my customer's bootloader is already larger than 16K, which is around 30K-40K.

In this case, how to integrate secure boot features into the existing projects?

Is it possible to isolated the secure boot features from the rest of the bootloaders and put it the first 16K? 

Regards,

Hang

  • 0
    TI__Mastermind 40140 points

    Hello Hang,

    Let me loop you in with our DCSM expert.

    Regards,

    Joseph

  • 0 in reply to Joseph Casuga
    TI__Mastermind 28580 points

    Hi Hang,

    this would be complex, but you could have a simple bootloader that simply authenticates your customer's bootloader before jumping to it. This simple bootloader would live in the first 16k and your customer's bootloader would live outside of the first 16k. The application code would need to live in a separate region outside of the regions described above.

    Thank you,

    Luke

  • 0 in reply to Luke Jones
    TI__Genius 16205 points

    Hi Luke,

    Are you able to provide us the best documentation/sample project to enable this?  That may allow Hang and I to engage further with the customer.  We realize this is probably not something already developed necessarily, but any additional pointers are welcomed.

    Regards,

    Chris 

  • 0 in reply to Chris Yorkey
    TI__Mastermind 28580 points

    Hi Chris,

    We don't have a specific software example for this scenario since two bootloaders would be involved here, but all of the concepts required are described in the Secure Boot application note. You would likely need to observe the generated CMAC tags that get generated in the original secure boot binary and hard code them in a subsequent revision since you are performing the authentication twice. I'd recommend starting with the secure boot app note and modify it to attempt what you're doing, I can provide assistance once you or the customer run into issues.

    Thank you,

    Luke

  • 0 in reply to Luke Jones
    TI__Genius 16205 points

    Hi Luke,

    This is solid guidance.  Hang and I appreciate this very much.  We'll probably need to first run this by the customer to see if it makes sense and fits their needs.  Then we will need to figure out the workload and if the customer is willing to partake in some of it.

    Hi Hang,

    Would you care to run this by the customer first, just to make sure we are aligned?

    Thank you both,

    Chris 

  • 0 in reply to Chris Yorkey
    TI__Mastermind 28580 points

    Hi Chris,

    Let me know if you need anything else from me.

    Thank you,

    Luke