• State
  • Locked Locked
  • Replies 2 replies
  • Subscribers 99 subscribers
  • Views 396 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

AM62A7: Questions on HSM Interrupt Behavior and SA2UL

AM62A7: Issues with HSM on AM62A: Asynchronous Communication via Secure Proxy and TRNG Reliability

Cesc Yang
Prodigy 241 points
Part Number: AM62A7


Tool/software:

Hi TI,

We are encountering critical issues with the HSM on AM62A related to ​​Secure Proxy asynchronous communication​​ and ​​TRNG reliability​​, requiring TI’s expertise to investigate. Below is a summary of the problems and how you can repoduce them. Please note that none of these secure proxy issues occur while we don't use asynchronous communications, that is, both the A53 and MCU-R5 can request HSM services successfully in while loops at the same time.

1. Issue 1: Secure Proxy Asynchronous Communication Anomalies​

​1.1 Single-Core Asynchronous Request Corruption​

​Setup:​

  • ​MCU-R5 Core​​ sends async requests to HSM via Secure Proxy:
    • TX: Secure Proxy ID 12 (R5 → HSM)
    • RX: Secure Proxy ID 13 (HSM → R5)
  • ​HSM​​ receives requests via Secure Proxy ID 0 and sends responses via ID 4.

​Steps to Reproduce:​

  1. R5 sends ​​Request 1​​ via ID 12 → HSM processes and sends Response 1 to ID 4.
  2. R5 ​​does NOT read​​ response from ID 13.
  3. R5 sends ​​Request 2​​ via ID 12 again.

​Observed Behavior:​

  • HSM receives ​​Respnse 1​​ instead of Request 2.
  • Expected: HSM should receive Request 2.

​1.2 Cross-Core Interference​

​Setup:​

  • ​A53 Core​​ uses Secure Proxy IDs:
    • TX: ID 10 (A53 → HSM)
    • RX: ID 11 (HSM → A53)
  • ​R5 Core​​ uses IDs 12 (TX) and 13 (RX).

​Steps to Reproduce:​

  1. R5 sends async Request 1 via ID 12 and ​​does NOT read​​ Response 1 from ID 13.
  2. A53 sends Request 2 via ID 10 and polls ID 11 for response.

​Observed Behavior:​

  • HSM receives ​​Respnse 1​​ instead of Request 2, same as issue 1.1.
  • A53 finds ID 11 empty, but R5 finds ​​A53’s Request​​ 2 in ID 13.
  • Expected: A53 and R5 should have isolated communication channels.

Please note that the HSM code itself does not feed any request message from host cores to the Secure Proxy whatsoever.

​2. Issue 2: TRNG Reliability and Quality​

​2.1 TRNG Fails Under Stress Test​

​Setup:​

  • HSM TRNG initialized via sa2ul_rng_setup_eip76().
  • Stress test: Continuously call sa2ul_rng_read() to collect random data.

​Observed Behavior:​

  • After N power cycles (random occurrence), sa2ul_rng_read() returns failure (-EFAIL) until full reboot.
  • Expected: TRNG should recover without requiring reboot.

​Debugging Attempts:​

  • Aligned sa2ul_rng_setup_eip76() with working SA3UL_rngSetup() code in MCU_PLUS_SDK. No improvement.

​2.2 TRNG Fails NIST Statistical Tests​

​Setup:​

  • Use HSM CARE Package TRNG driver to collect 15KB of data.
  • Validate with NIST tests.

​Observed Behavior:​

  • ​FAIL​​ in multiple NIST tests.
  • Comparison: Same test passes when using ​​MCU PLUS SDK’s SA3UL_rng​​ example.

​Hypothesis:​
HSM CARE Package’s TRNG driver is incomplete compared to MCU PLUS SDK.

3. Request​

We are facing ​​critical defects in the HSM CARE Package drivers​​ that are severely impacting the stability of our customer’s commercial product. These issues are directly tied to low-level drivers of Secure Proxy, TRNG and ​​require patches from TI​​ to avoid project failure and security risks. We urgently request TI to:

  1. Review and validate the driver of the Secure Proxy and TRNG in the HSM CARE Package.
  2. ​​Provide patches that resove the issues.

Best Regards,

Yang