MSPM0G3518: Request for Security Assessment & Side‑Channel Vulnerability Clarification – MSPM0G3518 Hardware AES (CPA)

Hello TI Security / MSPM0 Team,

We are reaching out as part of our ongoing Product Security Incident Response Team (PSIRT) activities to assess a recently disclosed side‑channel vulnerability related to the MSPM0G35xx hardware AES engine.

Background

A security researcher has successfully demonstrated AES‑128 key extraction from the Texas Instruments MSPM0G3507 hardware AES engine using Correlation Power Analysis (CPA).
This is, to our knowledge, the first publicly documented successful key extraction on this target.

Key details from the reported research include:

• Full AES‑128 key recovery achieved using ~45,500 traces out of 100,000
• Measurement setup:
  • ChipWhisperer Nano
  • Synchronous clocking from the MSPM0G3507
• Analysis performed using the eShard SCARed (Side‑Channel Analysis Research and Evaluation) library

Customer Impact Assessment

As part of our cybersecurity analysis for our end customer (Gentex), we are evaluating potential impact on MSPM0G3518, which shares:

• The MSPM0 G‑Series (80 MHz) MCU family
• Expected architectural similarities in the hardware AES accelerator
• A potentially similar security feature set and AES peripheral implementation

Given these similarities, there is concern that MSPM0G3518 could be affected by the same or a closely related side‑channel weakness.

Information Requested from Texas Instruments

To complete our risk assessment and mitigation planning, we kindly request your support with the following:

1. Side‑Channel Evaluation Status

   • Has TI conducted any internal or third‑party empirical side‑channel testing (CPA, DPA, Template Attacks, etc.) on the MSPM0G3518 hardware AES engine?
   • If so, please confirm:
     • Test methodology used
     • Scope (which side‑channel classes were evaluated)
     • High‑level results or conclusions

2. Vulnerability Applicability

   • Based on TI’s internal analysis, is the MSPM0G3518 AES implementation architecturally equivalent or materially similar to MSPM0G3507 with respect to side‑channel resistance?
   • Does TI consider the reported CPA vulnerability to be:
     • Applicable
     • Partially applicable
     • Not applicable
       to MSPM0G3518 silicon?

3. Design‑Level Countermeasures

   • Are any hardware‑level side‑channel countermeasures implemented in MSPM0G3518 (e.g., masking, hiding, randomization, noise injection)?
   • If not, are there documented design considerations or limitations regarding side‑channel resistance?

4. Mitigations / Guidance

   • Are there any software‑level mitigations, configuration recommendations, or usage guidelines to reduce CPA/DPA exposure when using the AES accelerator?
   • Are application‑level countermeasures (e.g., key refresh, timing randomization, protocol‑level protections) recommended?

5. Security Documentation

   • Is there an existing security advisory, app note, or whitepaper covering:
     • Side‑channel resistance of the MSPM0 AES engine
     • Secure usage guidelines for cryptographic peripherals

6. PSIRT Handling

   • Has TI formally tracked this issue via its PSIRT process?
   • If so, is there a reference ID or advisory timeline available?

Timeline

This information is required urgently to support our customer security assessment and response.
We would appreciate any preliminary feedback or confirmation at the earliest possible time, with detailed documentation to follow if needed.

Please let us know if additional technical details or test references are required from our side.

Thank you for your support and collaboration.

Best regards,
Devarajulu A
Project Manager
Product Cybersecurity / PSIRT