This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMDSLCDK138: Secure Kernel API Availability & Examples

Part Number: TMDSLCDK138
Other Parts Discussed in Thread: OMAP-L138, , OMAPL138, SYSBIOS

I'm looking to purchase the TMDSLCDK138 OMAP-L138 Development Kit since i require an application capable of using the C6748's Secure Kernel API functionality such as SK_decryptMod and SK_switchNonSec to load a secure module at runtime (rather than just basic secure boot). Is this functionality available out-of-the-box with the TMDSLCDK138 and are there implementation examples available for runtime loading of secure modules using this API?

Kind regards,

  • The OMAPL138 LCDK kit only comes with non-secure or general purpose silicon. In order to do secure development, you need to use the basic secure variant of the silicon to take advantage of secure boot on the device. Please refer to OMAPL138 datasheet for the secure part number:

      

    There is no orderable LCDK platform that comes with the secure part. All secure software and documentation is provided here:

    http://www.ti.com/tool/SECDEVTOOL-OMAPL138C6748

    For additional information on secure boot refer:

    https://processors.wiki.ti.com/index.php/Basic_Secure_Boot_for_OMAP-L138_C6748

    Please also note that with basic secure boot, we only offer IP protection through authenticated/encrypted boot and anti-cloning protection. There is no support for runtime security.  The secure SK kernel API is provided only to allow user to do one time binding process. We don`t support full runtime security on this device.

    Hope this helps.

    Regards,

    Rahul 

  • Hi Rahul,

    Thanks for the answer, i'm not entirely clear on two issues though:

    1. If the TMDSLCDK138 does not come with the secure part, could you recommend another OMAP-L138 based platform or component i could order *with* the secure part so i could prototype secure kernel usage? Preferably in the form of an easy-to-use development board.

    2. I understand there is no support for runtime security but from what i understand, the secure SK kernel API allows users to one-time load a secure module (encrypted in flash, decrypted during load with keys embedded in the secure component) and execute it securely on the DSP right? And the OMAP-L138s with marking E should have this feature available right? Is this compatible with SYSBIOS or only DSPBIOS?

    Thanks in advance & kind regards,

  • You can choose to order the LCDK platform and then swap out the GP silicon with HS silicon on the platform as we have done this internally to test secure functionality and examples using LCDK platform.

    qpht said:
    2. I understand there is no support for runtime security but from what i understand, the secure SK kernel API allows users to one-time load a secure module (encrypted in flash, decrypted during load with keys embedded in the secure component) and execute it securely on the DSP right? And the OMAP-L138s with marking E should have this feature available right? Is this compatible with SYSBIOS or only DSPBIOS?

    That is correct. The secure SK API, will work on the OMAPL138 with marking E (with basic secure support enabled). the secure kernel APIs have been tested with bare-metal and early versions of SYSBIOS 6.x. I can send you reference examples and support files for the platform if you would like. I have sent you a private connect request on E2E. Please accept this request so I can provide the examples offline.

    Regards,

    Rahul