• State Resolved
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 99 subscribers
  • Views 555 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TDA4VM-Q1: Regarding J7 HS-SE-TIDK Functionality

TDA4VM-Q1: Clarification on HSM Requirement for TDA4VM88TRBALFRQ1 (HS Prime)

Jay Sun
Expert 1095 points
Part Number: TDA4VM-Q1
Other Parts Discussed in Thread: TDA4VM

Tool/software:

Hi TI Expert

We are using the TDA4VM88TRBALFRQ1 for our mass production (MP) project. However, We does not intend to develop using AUTOSAR for MCU.

From our understanding, the "R" in the device type indicates HS Prime, which supports R5F Lockstep and requires 3rd HSM for secure operations.

We would like to confirm:

  1. Is 3rd HSM mandatory for the TDA4VM88TRBALFRQ1 device, or is it an optional feature that can be bypassed if AUTOSAR is not used?
  2. If 3rd HSM is not mandatory, what are the alternatives for enabling security features such as secure boot and runtime security?
  3. Can we use TI's Foundational Security Firmware (TIFS) without 3rd HSM in an HS Prime device?

Your clarification would be greatly appreciated.

Best regards

JAY

  • 0
    TI__Guru** 113455 points

    Hi Jay,

    Jay Sun said:
    From our understanding, the "R" in the device type indicates HS Prime, which supports R5F Lockstep and requires 3rd HSM for secure operations.

    Correct. The "R" variant is primarily about HS-Prime functionality. The R5F LockStep is mostly a standard feature and available on other variants as well.

    Jay Sun said:
    Is 3rd HSM mandatory for the TDA4VM88TRBALFRQ1 device, or is it an optional feature that can be bypassed if AUTOSAR is not used?

    No, this is not mandatory. The HS-Prime feature is to allow customers to customize the TIFS firmware (delivered as a binary normally) to add a HSM stack. 

    Please note that this has nothing to do with AUTOSAR for MCU.

    Jay Sun said:
    If 3rd HSM is not mandatory, what are the alternatives for enabling security features such as secure boot and runtime security?

    Secure Boot and Runtime Security are provided even with our regular HS devices, so they should be available.

    Jay Sun said:
    Can we use TI's Foundational Security Firmware (TIFS) without 3rd HSM in an HS Prime device?

    The TIFS firmware will only need to be signed with Customer Keys on a HS-Prime device, once it is converted to HS-SE.

    regards

    Suman

  • 0 in reply to Suman Anna
    TI__Guru** 113455 points

    Hi Jay,

    Jay Sun said:
    We are using the TDA4VM88TRBALFRQ1 for our mass production (MP) project.

    You mentioned that this is for a Mass Production project. Do you intend to deploy the device in HS-FS mode, or are you expected to blow Customer Keys and convert the devices into a HS-SE (High Security - Security Enforced)?

    Based on your usecase requirements (no HSM customization), TDA4VM88T5BALFRQ1 is the preferred part for your project.

    regards

    Suman

  • 0 in reply to Suman Anna
    Expert 1095 points

    Hi Suman

    We expected to blow Customer Keys and convert the devices into a HS-SE (High Security - Security Enforced).


    If customers need to customize the TIFS firmware (delivered as a binary normally) to add a HSM stack. ", How to do that? 


    BR

    JAY

  • +1 in reply to Jay Sun
    TI__Guru** 113455 points

    Hi Jay,

    Jay Sun said:
    We expected to blow Customer Keys and convert the devices into a HS-SE (High Security - Security Enforced).

    Ok, my previous recommendation still holds true if there are no plans to customize TIFS to add a HSM stack. If this is a new project, I would actually recommend the TDA4VM88T5CALFRQ1 part (SR2.0)

    Jay Sun said:
    If customers need to customize the TIFS firmware (delivered as a binary normally) to add a HSM stack. ", How to do that? 

    This will be upto the customer or their HSM partner to customize the TIFS firmware. TI will provide the source code after necessary approvals.

    regards

    Suman

  • 0 in reply to Suman Anna
    Expert 1095 points

    Hi Suman

    It has been clarified that the HS-Prime variant can operate without an HSM stack while still supporting secure boot using TI's standard TIFS firmware.
    Given this, what are the specific hardware differences between the HS and HS-Prime variants of the TDA4VM?
    Are there additional security-related hardware components or capabilities in HS-Prime that are not present in the HS variant?

    BR
    JAY

  • 0 in reply to Jay Sun
    TI__Guru** 113455 points

    Hi Jay,

    Jay Sun said:
    Are there additional security-related hardware components or capabilities in HS-Prime that are not present in the HS variant?

    The only difference is in how the TIFS firmwares are signed between the two. HS-Prime does not have TI Keys involved in the signing process of TIFS firmware.

    Jay Sun said:
    Are there additional security-related hardware components or capabilities in HS-Prime that are not present in the HS variant?

    The available security features are all the same.

    regards

    Suman

  • 0 in reply to Suman Anna
    Expert 1095 points

    Hi Suman

    Based on the previous response, the key difference between HS and HS-Prime variants is how the TIFS firmware is signed. Specifically:

    • HS devices require TIFS firmware signed with TI Keys.
    • HS-Prime devices do not involve TI Keys in the signing process.

    Could you confirm whether HS hardware contains a built-in authentication mechanism for TI Keys, such as hardware-stored dedicated key management module for verifying TI-signed TIFS firmware?

    HS-Prime device do not involve TI Keys in hardware , allowing customers to manage their own keys and signatures.

    BR

    Jay

  • +1 in reply to Jay Sun
    TI__Guru** 113455 points

    Hi Jay,

    Jay Sun said:
    HS devices require TIFS firmware signed with TI Keys.

    The TIFS firmware is signed and encrypted with TI Keys, and the generated certificate is counter-signed with the Customer Keys.

    Jay Sun said:
    HS-Prime devices do not involve TI Keys in the signing process.

    Correct.

    Jay Sun said:
    Could you confirm whether HS hardware contains a built-in authentication mechanism for TI Keys, such as hardware-stored dedicated key management module for verifying TI-signed TIFS firmware?

    Yes.

    Jay Sun said:
    HS-Prime device do not involve TI Keys in hardware , allowing customers to manage their own keys and signatures.

    TI Keys will be present on all devices, they are just not used for authentication purposes.

    regards

    Suman

  • 0 in reply to Suman Anna
    Expert 1095 points

    Hi Suman

    Thank your feedback.
    We understand that HS and HS-Prime devices have no hardware differences in security features, and the main difference lies in how the TIFS firmware is signed.

    • TI Keys are pre-integrated in HS devices and used for Secure Boot verification of TIFS firmware, whereas HS-Prime devices do not use TI Keys, allowing customers to manage their own signing process.
    • TI Keys are bound to HS hardware and cannot be arbitrarily generated, as they are used to verify the TI-signed TIFS firmware.
    • HS-Prime allows customers to use their own keys for Secure Boot and firmware signing without dependency on TI.

      BR
      JAY
  • 0 in reply to Jay Sun
    TI__Guru** 113455 points

    Hi Jay,

    All of your understanding is correct.

    regards

    Suman