Part Number: TMS320F280039
Other Parts Discussed in Thread: C2000WARE, SYSCONFIG, AES-128
Dear TI Engineer,
Hello! We are currently developing a product based on the TMS320F280039 DSP. To meet our customer's stringent cybersecurity requirements, we need to confirm the chip's support capability for a series of security specifications. We have studied the application brief Understanding Security Features for C2000 Real-Time Control MCUs (SWPB019E)Texas Instruments, but some details regarding the F280039's specific implementation remain unclear. We hope to obtain your authoritative guidance.
Our customer's core security requirements and our questions for the F280039 are as follows:
1. Secure Boot
- Requirements: Immutable boot chain, non-bypassable signature verification, support for SHA-384+ECDSA signature verification, and a fallback recovery mechanism for boot failures.
- Question: Does the F280039's on-chip boot ROM support an immutable boot chain? Can signature verification (specifically SHA-384+ECDSA) be configured as mandatory and non-bypassable? What is the specific hardware/software mechanism for the boot failure fallback?
2. Anti-Rollback
- Requirements: Secure version control, blocking of lower-version firmware, and logging of version violations and rollback blocks.
- Question: Does the F280039 have a dedicated SVN (Security Version Number) hardware register? How is low-version firmware blocked during updates? Are the violation logs stored in dedicated OTP/Flash regions with hardware protection?
3. Encryption Algorithms
- Requirements: SHA-384/ECDSA support, and data at-rest/in-transit encryption.
- Question: The datasheet mentions an AES accelerator. Does the F280039 hardware natively support SHA-384 and ECDSA (P-256/P-384)? If not, are there optimized software libraries or hardware acceleration modules for these algorithms?
4. Debug Security
- Requirements: JTAG hardware lock/authorized unlock, auto-re-lock on reset, and prohibition on reading keys/sensitive data via debug.
- Question: How is the DCSM (Dual Code Security Module) configured on the F280039 to lock the JTAG? Does it support one-time permanent locking? What is the unlock process? After a reset, does the JTAG automatically revert to the locked state? Can debug access read secure OTP/eFuse key regions?
5. Compliance
- Requirements: Encryption module compliance with FIPS 140 and CNSA standards.
- Question: Is the F280039's security module (or its software implementation) certified or compliant with FIPS 140 or CNSA? If not, what is TI's roadmap or recommendation for achieving this compliance?
To accelerate our development, could you please provide some information or advice?
- Are there any software libraries or C2000Ware examples implementing the above security functions?
- Is there a security configuration tool (e.g., based on SysConfig) available for the F280039?
We would greatly appreciate your detailed and clear answers, as well as any recommendations or best practices. This information is critical for us to finalize our hardware and software design.
Thank you for your support!
Best regards.
