Hi TI guys,
I have a algorith need to be protcted, and find IPE is a good choice for me to achive this. I go through the user guider and some post in this forum, and still have some doubts.
1) I want to know if a const data or code in IPE area can be modified by another code which is also located in IPE area.
of courese, MPU has open the write access right.
2) Interrupt vector table(IVT) is automatically readable enabled by MPU. Besides,The user guider says" if the IVT is inside of the IPE area, the execute is always prohibited. "
so I am a little confused when the MSP430 reponses to a interrupt event, it use its "Read" or "Execute" right? It "reads" the IVT or it "executes" the IVT.
3) I have carefully read the IPE charpter in user guider,and know well of the IPE_INIT_structure.The boot code will tell whether the IPE Signature1(0xFF88) is 0xAAAA; if YES , IPE signature2(0xFF8A)
actived. and it points to the IPE_init_structure. I believe the content of IPE_Init_structure will load noto registers such as MPUIPC0、MPUIPSEGB2、MPUIPSEGB by boot code.The output(.txt) of the example
codes provided by TI is sth like this:
When this code download onto chip, reboot the MSP430 .... the IPE actived. But...this methord only sovle the application that the coder knows exactly what data need to be protected , maybe like this way:
#progrma location = "IPEDATA16_C" //IAR not CCS
const char key[ ]={0x11,0x22,0x33,0x44.......};
If the developer himself don't know the const data, he just knows where and how to get this data. For example, he wants use the DieXY or random seed in the TLV as the password. And need
copy these bytes to IPE area as password. How he to achieve this?
I write the following code,but I don't know whether it will work or not. I don't have a HW/LauchPad to veryfy it. so I pasted it here.
//SENSTIVE is allocatoned @ IPE area I design. But put this in mind: IPE does't exist yet. before this fuction be called.
void GenerateSortsOfKeysAndEnable_IPE(void)@"SENSITIVE"
{
uint16_t i;
uint8_t* DieXY_ptr;
uint8_t* RandomSeed_ptr;
if(0xAAAA == *((uint16_t*)IPE_SIG_VALID) )
return;
DieXY_ptr = (uint8_t*)0x1A0A;
RandomSeed_ptr = (uint8_t*)0x1A30;
for(i=0;i<8;i++){
PassWord_ToolAuthorize[i] = *DieXY_ptr++;}
for(i=0;i<16;i++){
PassWord_cryptImage[i] = *RandomSeed_ptr++;}
IPE_Init_Tmp.MPU_IPC0 = MPUIPENA;
IPE_Init_Tmp.MPU_IPB2 = IPE_END_ADR>>4;
IPE_Init_Tmp.MPU_IPB1 = IPE_START_ADR>>4;
IPE_Init_Tmp.MPU_CHECK = 0xFFFF ^(IPE_Init_Tmp.MPU_IPC0) ^ (IPE_Init_Tmp.MPU_IPB2)^ (IPE_Init_Tmp.MPU_IPB1);
*( (uint16_t*)(IPE_START_ADR) ) = IPE_Init_Tmp.MPU_IPC0;
*( (uint16_t*)(IPE_START_ADR+2) ) = IPE_Init_Tmp.MPU_IPB2;
*( (uint16_t*)(IPE_START_ADR+4) ) = IPE_Init_Tmp.MPU_IPB1;
*( (uint16_t*)(IPE_START_ADR+6) ) = IPE_Init_Tmp.MPU_CHECK;
/*************************Start IPE*****************************/
*( (uint16_t*)(IPE_STR_PTR_SRC) ) = IPE_START_ADR; //0xFF8A
*( (uint16_t*)(IPE_SIG_VALID) ) = 0xAAAA; //0xFF88
PMMCTL0 = PMMPW+PMMSWBOR;
}
4) The user guider says, boot code will transfer IPE Signature2 to a secured nonvolatile system data area, like a copy , and IPE signature can be overwritten。
I have 4 questions here:
a) A secured nonvolatile system data area is where?
b)As I know when MSP430 powers on, boot code runs first, then call memory or SP initialization fuctions. At last , the code in Main().
Because IPE signature does not work any more after the reboot, I want know how to erase the IPE area. It looks like the application code
can't achieve this. Pls intruduce the mechanism.
c) If I directly write to registers MPUIPC0、MPUIPSEGB2、MPUIPSEGB instead of building a IPE_init_structure, What will happen?
Of course, IPE Signature1 will be 0xAAAA. IPE Signaute2 looks like useless in this circumstance.
d)You can see I don't want the fuction GenerateSortsOfKeysAndEnable_IPE be called twice. so I use the IPE Signature1 as a flag.
if(0xAAAA == *((uint16_t*)IPE_SIG_VALID) )
return;
As mentioned above, IPE Signature can be modified after BOR, it bother me a little.
Do u have a more rubust way to solve this?
That'all . Thanks.
.
