• State Resolved
  • Locked Locked
  • Replies 7 replies
  • Subscribers 97 subscribers
  • Views 426 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

How to encrypt code for AM1808?

Anonymous
Anonymous
Other Parts Discussed in Thread: AM1808, OMAP-L138, OMAPL138

Hi,

 

I would like to ask a question on AM1808.

 

OMAP L138 has Security Boot feature, according to description:

 

OMAP-L138 C6-Integra TM DSP+ARM ® Processor, SPRS586c said:

The boot modules themselves are encrypted while sitting in external non-volatile memory, such as flash or EEPROM, and are decrypted and authenticated when loaded during secure boot.

 

For AM1808 where Security Boot is NOT equipped, how to protect code security? If the code is stored on flash, is there a way to prevent the code from being read by malicious attempts?

 

I believe the need for code security is common among customers, so is there a standard/common method? Could TI recommend one for AM1808 applications?

 

 

Zheng

  • Anonymous
    0 Anonymous

    Hi,

    Sorry for "bumping" this. Could someone suggest solutions of FLASH code security when SecureBoot is not available on AM1808? Isn't it a serious problem?

     

    Zheng

  • 0 in reply to Anonymous
    TI__Guru* 83935 points

    Zheng

    We have forwarded the query to security experts and marketing team the AM product line. Hopefully someone will address the query. Why are you not able to use OMAPL138 for this if security is critical for your application?

  • Anonymous
    0 Anonymous in reply to Mukul Bhatnagar

    Mukul,

    I just read an article Locking Down Intellectual Property in Embedded Systems. This article gave good survey of traditional methods, but in the end it suggested processors with integrated encryption feature. Although they gave Analog Device processor example, I believe OMAPL138 should be of the same type that they referred to.

    I am considering OMAP.

       
    Zheng

  • 0 in reply to Anonymous
    TI__Prodigy 490 points

    Zheng,

      For the AM1808, there is no security available within the device.  You can always use standard encryption algorithms to help protect your code / data but you would have to merely obfuscate the key (ie there is no HW based root of trust for your security and you cannot completely secure your code).

      After looking at the article you mentioned, yes, the OMAP-L138 is a processor that contains the same type of security features that the article suggests using.  In the case of OMAP-L138, you have the ability to have a secure boot with IP protection from a HW based root of trust. 

      You can find more information in the product folder: http://www.ti.com/product/omap-l138

      The following parts are security enabled:

    OMAPL138BZCEA3E
    OMAPL138BZCED4E
    OMAPL138BZWTA3E
    OMAPL138BZWTD4E

      Please let us know if you have any additional questions.

    Thanks,

    Erik

     

  • Anonymous
    0 Anonymous in reply to Erik Welsh

    Erik,

     

    I have two questions:

     

     

    1.    I searched in two documents (1) OMAP-L138 C6-Integra TM DSP+ARM ® Processor, SPRS586c (2) TMS320C674x/OMAP-L1x Processor Security, SPRUGQ9. None of the two states which part has secure boot feature and which doesn't. Is there any document showing your part list?

    2.    In (1) above the security feature is described as "Basic Secure Boot". What does "Basic" mean here? Is there any corresponding "advanced" secureboot?

     

    A flip-side I found on your part list is that the parts with security-boot are several dollars' ($21.40↑ ) more expensive than the cheapest part in the line ($17.10).

     

     

     

    Zheng

     

  • 0 in reply to Anonymous
    TI__Prodigy 490 points

    Zheng,

      If you look at the part symbolization, the parts with the "E" on the end are security enabled.  You can also refer to: section 6.1.2 of the datasheet which describes the device nomenclature.

      "Basic" is just a TI term to indicate the level of the security offering.  Certain devices support different levels of security.  The OMAP-L138 only supports the "Basic" level of security.

      There is some additional cost associated with security.  You can always call your TI rep for high volume pricing.

      Let me know if there is anything else.  Thanks.

    Erik

  • Anonymous
    0 Anonymous in reply to Erik Welsh

    Erik,

    I just read 6.1.2 section and found the notation. Thanks for the answer.

     

    Zheng