• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 98 subscribers
  • Views 443 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Will basic security increase boot image size?

Jeff Johanson
Prodigy 235 points

Hi,

We are considering using an -E version of TI L138 device. If our current code and data in binary format is already 2M bytes, would the encrypted image grow larger in size? We ask this because if the encrypted image is too large then the current flash might not hold it.

Or can we selectively to encrypt only certain sections of the binary content? A large portion of the 2M size is images rather than algorithm, so if encryption comes at the price of increased size then we prefer only to encrypt the core algorithms.

Could anyone help?

  

Jeff

  • 0
    TI__Guru** 116170 points

    Jeff,

    There will  be a small increase in size of the image due to the need to insert Secure boot software header at the top of the boot image. For you to make an quantitative accessment, I used a application image of 2Mb and generated a boot image using HexAIS(non-secure ) utility which generated a boot image of the size 997,596 bytes and the same application image when passed to the Secure_HexAIS utility created an image of the size 998,348. The difference in size was about the same even for smaller images.

    Hope this gives you an good estimate. Let me know if you have any follow up questions.

    Regards,

    Rahul

  • 0
    TI__Guru** 116170 points

    Hi Jeff,

    Each OMAPL138-E device has a unique private key burned in the Efuses, which is generated by programmed into the device during manufacturing process and cannot be read by the outside world. In addition to this the user provides his own encryption key(shared secret between device and the user) in the ini file which is used by the Secure Hex AIS tool to encrypt the application. During the production the user needs to bind the boot image, a process in which the device boots securely and will read a software header (which contains the user encryption key) from the flash,  encrypt and sign the header using the unique private key that is burnt in its efuses and write it back into the flash. Once the binding process is complete the image in the flash becomes unique to the device and cannot be copied and booted on any other OMAPL138-E device.

    Please refer to some of the frequently asked questions on the basic secure devices and let me know if you have any further questions:

    http://processors.wiki.ti.com/index.php/Basic_Secure_Boot_for_OMAP-L138_C6748#FAQ

    If you have a local TI contact supporting you, I can forward you some overview slides to explain this in further detail.

    Regards,

    Rahul

  • 0
    TI__Guru** 116170 points

    You can start a private conversation with any TIer on the forums. I have also sent you a friend request while accepting you should see the option of start a conversation along side the request or after  you accept the request.

    Regards,

    Rahul

  • 0
    TI__Guru** 116170 points

    Sorry for the delayed response. I have responded to the email you sent me privately.

    Regards,

    Rahul

  • 0 in reply to Rahul Prabhu
    Prodigy 235 points

    Dear Rahul,

    We have sent some questions via conversation. Please have a look.

    Jeff