SPRACT3A September   2020  – June 2026 F29H850TU , F29H859TU-Q1 , F29P329SM-Q1 , TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P550SG , TMS320F28P550SJ , TMS320F28P559SG-Q1 , TMS320F28P559SJ-Q1 , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Secure Flash Boot Overview
  6. CMAC Authentication
  7. Secure Flash Boot Options
  8. Secure Flash Boot Flow
  9. C2000Ware Example Details
  10. Authenticating Flash Code Beyond 16 KB
  11. Debug Resources
  12. Additional Information and Points to Consider
  13. 10Alignment of C2000 CMAC Algorithm to OpenSSL
    1. 10.1 C28x Memory and Binary File Byte Ordering
    2. 10.2 Flash Binary Byte Ordering
    3. 10.3 CMAC Key Byte Ordering
    4. 10.4 CMAC Output Alignment Procedure
    5. 10.5 Worked Example
    6. 10.6 Summary of Differences
  14. 11References
  15. 12Revision History

7 Authenticating Flash Code Beyond 16 KB

Thesecure flash boot only authenticates the first 16 KB of the flash sector from the entry address. In order to authenticate other sectors of flash, the user application must call the secure flash boot CMAC API directly.

Using the hex utility, it supports generation of golden CMAC tags for each of the four flash entry addresses + 16KB and 1 custom flash range. The custom flash range is configurable to be able to perform CMAC authentication over a custom address range. This could be the length of all the flash sectors if desired.

CPU1/CPU2 Application CMAC Structure for Custom Flash Range Authentication

struct CMAC_TAG
{
   char tag[8];
   uint32_t start;
   uint32_t end;
}

CPU1/CPU2 Golden CMAC Tag Memory Allocation for Full Flash Range Authentication

#pragma RETAIN(cmac_all)
#pragma LOCATION (cmac_all, 0x087002)
const struct OMAC_TAG cmac_all = {{0}, 0x0, 0x0};

CM Application CMAC Structure for Custom Flash Range Authentication

struct CMAC_TAG
{
   uint8_t tag[16];
   uint32_t start;
   uint32_t end;
}

CM Golden CMAC Tag Memory Allocation for Full Flash Range Authentication

#pragma RETAIN(cmac_all)
#pragma LOCATION (cmac_all, 0x00204004)
const struct OMAC_TAG cmac_all = {{0}, 0x0, 0x0};

Create a structure called “cmac_all” for creating a custom CMAC authentication range.

  • Use the LOCATION pragma to specify any address within the intended authentication range for the CMAC golden tag. (The closer the CMAC golden tag is to the authentication start address, the faster the CMAC algorithm will execute).
  • Leave the “tag” struct element to always initialize to zero.
  • Initialize the “start” and “end” struct elements to set a custom range. If both are zero, then the full length of the device core flash memory will be authenticated including the 16KB memory range of Primary Secure Boot.
  • For additional details on the application CMAC variables/structs, see [3] and [4].

CPU1 Secure Flash CMAC Authentication API

applicationCMACStatus = CPU1BROM_calculateCMAC (CMAC_AUTH_START_ADDRESS,
                                                CMAC_AUTH_END_ADDRESS,
						                        CMAC_AUTH_TAG_ADDRESS);

In the application, include F2838x secure zone code symbols library to your project (Located in C2000Ware [2] at <C2000Ware_Install_Directory>/libraries/boot_rom/f2838x) and call the secure flash boot CMAC API for the applicable core. An example API call on CPU1 is shown in the example above.

  • The CMAC_AUTH_TAG_ADDRESS should match what was provided to the LOCATION pragma
  • The CMAC_AUTH_START_ADDRESS and CMAC_AUTH_END_ADDRESS should match what was provided to the “cmac_all” struct. Additionally, it is important to note that the start and end address should align to 128 bits.
  • For example, the start and end address for authenticating the full length of F2838x CPU1 flash memory would be:
    • Start: 0x00080000
    • End: 0x000C0000
  • The status returned from the secure flash boot CMAC API should then be checked and handled accordingly in the user application.
  • For additional details on the Secure Flash CMAC Authentication APIs, see the ROM Code and Peripheral Booting chapter of [1].
Note: Even though the end address in the above example is actually 0x000BFFFF, it must be provided as 0x000C0000 so that the end address is aligned to 128 bits.