• State TI Thinks Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 81 subscribers
  • Views 494 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F28374D: CSM & Security Initialization..

Newman
Expert 5605 points
Part Number: TMS320F28374D

Hi Team C2000,

I have some questions WRT security and the CSM on the F2837xD.

This device (off the reel) appears to be totally open/unsecure.. but according the TRM (spruhm8h)..

"3.13.2 CSM Impact on Other On-Chip Resources On this device, M0/M1 and GSx memories are not secure. To avoid any potential hacking when the device is in the default state (post reset), accesses (all types) to all memories (secure as well as non-secure, except BOOT-ROM and OTP ) are disabled until proper security initialization is done."

This leads me to believe that the device (off the reel) should be secure when powered up until the security init procedure (below) is performed..

The following steps are required after reset (any type of reset) to initialize the security on each CPU subsystem. • Dummy Read to address location of SECDC (0x703F0, TI-reserved register) in TI OTP • Dummy Read to address location of Z1_LINKPOINTER1 in Z1 OTP • Dummy Read to address location of Z1_LINKPOINTER2 in Z1 OTP • Dummy Read to address location of Z1_LINKPOINTER3 in Z1 OTP • Dummy Read to address location of Z1_PSWDLOCK in Z1 OTP • Dummy Read to address location of Z1_CRCLOCK in Z1 OTP • Dummy Read to address location 0x78018 in Z1 OTP • Dummy Read to address location of Z1_BOOTCTRL in Z1 OTP • Read to memory map register of Z1_LINKPOINTER in DCSM module to calculate the address of zone select block for Z1 • Dummy read to address location of Z1_EXEONLYRAM in Z1 OTP • Dummy read to address location of Z1_EXEONLYSECT in Z1 OTP • Dummy read to address location of Z1_GRABRAM in Z1 OTP • Dummy read to address location of Z1_GRABSECT in Z1 OTP • Dummy Read to address location of Z2_LINKPOINTER1 in Z2 OTP • Dummy Read to address location of Z2_LINKPOINTER2 in Z2 OTP • Dummy Read to address location of Z2_LINKPOINTER3 in Z2 OTP • Dummy Read to address location of Z2_PSWDLOCK in Z2 OTP • Dummy Read to address location of Z2_CRCLOCK in Z2 OTP • Dummy Read to address location 0x78218 in Z2 OTP • Dummy Read to address location of Z2_BOOTCTRL in Z2 OTP • Read to memory map register of Z2_LINKPOINTER in DCSM module to calculate the address of zone select block for Z2 • Dummy read to address location of Z2_EXEONLYRAM in Z2 OTP • Dummy read to address location of Z2_EXEONLYSECT in Z2 OTP • Dummy read to address location of Z2_GRABRAM in Z2 OTP • Dummy read to address location of Z2_GRABSECT in Z2 OTP

Are devices off the reel secure or unsecure?

If these dummy reads are done in the wrong order, or if any are missed, does this mean we’d be locked out of the chip permanently?

Is there a sample application/code block that demonstrates the steps outlined above? 

Thanks, Merril

  • 0
    TI__Expert 4620 points

    Hi Newman,

    Yes, the device out of reset is secure(in the sense, access to all the memories are disabled) till the proper security Initialization is done. However this initialization sequence is a part of the BootROM execution which runs always upon reset.

    The dummy reads are supposed to be done in the order mentioned in the TRM. Failing to do so would not complete the security initialization procedure which results in the accesses to the memories being disabled. However this doesn’t lock out the device permanently. Once you issue a power on reset(POR), the device BootROM will execute and complete the security Initialization in the proper manner after which you can access all the memories.

    However while the debugger is connected, the BootROM execution could be bypassed. In such a case, the GEL file is used to complete the Security Initialization along with other critical tasks of the BootROM(this is only a debug option).

    The code for security Initialization is a part of the device GEL file.

    Please click on “verify answer” button if this response answers your queries. Hope this helps.

    Thanks & Regards

    Pramod

  • 0 in reply to Pramod P
    Prodigy 10 points

    Hi Pramod,

    Newman made this forum post on behalf of myself, so I found it best to reply to you regarding the answer.

    Your response does indeed answer my question about this fact, Thank you.

    The technical reference manual which referred to this series of steps required ( http://www.ti.com/lit/ug/spruhm8h/spruhm8h.pdf ) did not clearly state that this behavior was handled by the Boot ROM. Section 3.13.2 states that these steps are 'Required after reset', which led me to believe they were highly important, but never made a clear statement that the Boot ROM handled them.

    However, in Section 3.13.3.3 of the same reference manual, there's a note that mentions that the Boot ROM does a read of the password locations, for convenience. I think this is a point that could use better clarification, since the Boot ROM functionality here is noted specifically, while it's not mentioned at all with the other reads that it does.

    Again, thank you for your answer, as it cleared this up for me.

    Dylan

  • 0 in reply to Dylan Anderson
    TI__Expert 4620 points

    Hi Dylan,

     

    I appreciate your feedback that and I will certainly feed it through in our system to address your confusion. Thanks for that.

    However, the BootROM chapter(Chapter 4: ROM Code and Peripheral Booting) in the same TRM mentions the Device Boot Flow diagram in which security(DCSM) Initialization is a part.

    Understand that it’s not intuitive for a user that the security Initialization happens as part of the BootROM and your confusion is valid.

    Please click on “verify answer” button in order to mark this thread resolved since it cleared your question.

    Hope this helps.

    Thanks & Regards

    Pramod

  • 0 in reply to Pramod P
    TI__Expert 4620 points

    Hi Dylan/Newman,

    Could you please mark this thread resolved by clicking on "verify answer" button at the bottom of this post as my response has clarified your question? 

    Thanks & Regards

    Pramod 

  • 0 in reply to Pramod P
    TI__Expert 4620 points

    Hi Dylan/Newman,

    I am closing this thread now as you indicated in your previous post that your query is resolved. Please click on the "verify answer" button if you get a chance. Once the thread is locked, you won't be able to reply back. If in case you have anymore queries, please create a new thread and post your query.

    Thanks & Regards

    Pramod