AM6442: Downgrade Attack Protection support

Hi 

Can you further elaborate on the query on what is the use-case you are looking for. 
Do you have access to the devices security collateral that is behind TI firewalls?

Please also see if the E2E FAQ helps you

https://e2e.ti.com/support/processors-group/processors/f/processors-forum/1202686/faq-am6442-am243-how-to-use-the-tisci-apis-read_keycnt_keyrev-write_keyrev-to-activate-the-backup-key-set

Thanks for your help. I’ll try to clarify what I’m asking for the second question (which was “Does TI AM64 offer a downgrade attack protection mechanism for the ROM bootloader’s boot modes?”).

When security vulnerabilities are found in older versions of software/firmware that is signed. The attacker can attempt to boot the old, vulnerable version to downgrade the system to a vulnerable state. The signature is still valid on the older software, so the secure boot system doesn’t stop it from booting. To protect against these downgrade attacks, there needs to be a way to tell the bootloader that it must not allow boot of software older than version X. Some chips include some e-fuses for this.

TI provides both a fall-back boot source and runtime configurable boot sources (via bootmode pins), which we would like to use for booting new or bricked boards. But these mechanisms could also allow an attacker to boot known-vulnerable versions of software. I’m wondering if TI has a solution to this problem.

Hi,

There are Software Revisions fields in the OTP e-fuse that exactly satisfy the use-case.

=> Both ROM and application X.509 certificate contains a Software Revision extension with a value X. If the value X is less than the value programmed in the OTP, the image authentication fails preventing it from booting.

https://software-dl.ti.com/tisci/esd/latest/2_tisci_msgs/security/sec_cert_format.html?highlight=swrv#sysfw-swrev-ext

=> More information is available in the documents on AM64x MSS

www.ti.com/.../swlicexportcontrol.tsp

=> There is an example in the MCU+ SDK as well that demonstrates reading the current Software Revision value and updating it if required.

https://software-dl.ti.com/mcu-plus-sdk/esd/AM64X/09_01_00_41/exports/docs/api_guide_am64x/EXAMPLES_RUNTIME_SWREV.html

Regards,

Prashant

Hi Prashant,

Excellent news. Thanks !

I have another question: Does USB DFU allow us to write a program to RAM and boot that when secure boot is enabled?

(I’m thinking about RMA failure analysis use cases.)

Kind regards & thanks,
Flo