This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2745R10-Q1: how to program the HSM to CC2745R10 for third party

Part Number: CC2745R10-Q1

Tool/software:

Hi TI Engineer,

We need to develop the offline programming for CC2745R10.

For this device, the RM mentioned that the HSM is not programmed from TI. so we may have to program the HSM via SACI command. OTA is no

But we did not find the SACI command to program HSM. we only found the SACI command for some flash operation like Erasechip, Prog Main sector and so on.

So could you help to give us detailed information about how to program the HSM to CC2745R10.

  • Hello,

    The SACI command is listed in the TRM under section 9.3.2 SACI Commands:

    Section 8.7.2 Programming HSM FW has more information about using this command:

    Best,

    Nima Behmanesh

  • Hi Nima,

    We noticed this SACI_CMD_HSM_FW_PROVISION, but it is unlike other SACI command, e.g SACI_CMD_FLASH_PROG_CCFG_SECTOR, the TRM listed the Parameter Words and Response Words. So we know how to use this command. Is there any detailed description about how to use the  the SACI_CMD_HSM_FW_PROVISION.

  • Hi,

    The next revision of the TRM, should have this information. 

    SACI_CMD_HSM_FW_PROVISION
    This allows the HSM provision process to be triggered and completed with only one SACI command. For this command, SACI has a data buffer to store the maximum HSM FW Update Image (HUI). The handling of this command is similar to the handling of the SACI_CMD_FLASH_PROG_MAIN_PIPELINED command in that the flow control is unique.


    Flow Control Mechanism and Response Handling
    When SACI receives the initial command, it will first validate the input and then prepare the internal data buffer to be filled with the new HSM FW. This process is relatively lengthy and requires synchronization with the host. The host shall not send subsequent HUI words until SACI is done preparing the buffer. To synchronize, the host shall poll on the DEBUGSS:RXCTL register until the CMD_WORKING bit has been cleared. When the host sees the CMD_WORKING bit has been cleared, it can continue by sending back to back HUI data words until the entirety of the HUI has been sent. Note that SACI will once again set the CMD_WORKING bit to indicate that it is once again receiving and processing HUI words.


    When SACI receives the last word of the HUI words, this ends the transfer and begins the authentication/verification.


    If SACI detects that the huiSize is larger than the maximum of 128kB, it will respond with INVALID_SIZE_PARAM. If SACI detects an authentication failure of the HSM FW it will respond with HSM_UPDATE_FAILED.


    Other Considerations
    When this command is used on a device which does not yet have it's SCFG programmed (empty/blank device) the result will always be HSM_FW_CRYPTO_FAIL. This is due to the optional customer signature verification which is performed. If the SCFG is un-programmed, the ROM is required to assume customer signature verification must take place which will result in a failure. One must first program the device (SCFG included) and properly configure the SCFG.hsmUpdateKeys field. Then reset the device as this command cannot be performed during the same SACI session as the ERASE_* commands. Finally one can submit this command.

    Best,

    Nima Behmanesh