SPRACT3A September   2020  – June 2026 F29H850TU , F29H859TU-Q1 , F29P329SM-Q1 , TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P550SG , TMS320F28P550SJ , TMS320F28P559SG-Q1 , TMS320F28P559SJ-Q1 , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Secure Flash Boot Overview
  6. CMAC Authentication
  7. Secure Flash Boot Options
  8. Secure Flash Boot Flow
  9. C2000Ware Example Details
  10. Authenticating Flash Code Beyond 16 KB
  11. Debug Resources
  12. Additional Information and Points to Consider
  13. 10Alignment of C2000 CMAC Algorithm to OpenSSL
    1. 10.1 C28x Memory and Binary File Byte Ordering
    2. 10.2 Flash Binary Byte Ordering
    3. 10.3 CMAC Key Byte Ordering
    4. 10.4 CMAC Output Alignment Procedure
    5. 10.5 Worked Example
    6. 10.6 Summary of Differences
  14. 11References
  15. 12Revision History

10.2 Flash Binary Byte Ordering

The hex2000 utility does not feed the flash binary directly to the AES-128-CMAC algorithm. Before computing the authentication tag, it applies the swapwords transform, which swaps the two 16-bit words within each 32-bit group of the binary data.

For each group of 4 consecutive bytes [b0, b1, b2, b3] in the binary, where:

  • [b0, b1] = [low byte, high byte] of C28x word at address N
  • [b2, b3] = [low byte, high byte] of C28x word at address N+1
swapwords([b0, b1, b2, b3]) = [b2, b3, b0, b1]

This swaps the two 16-bit words within each 32-bit group, keeping each word's bytes in their natural (little-endian) order. This is equivalent to reading each pair of C28x words in reverse order (high word at N+1 before low word at N). This operation is self-invertible, meaning that applying the transformation twice to any input returns the original data unchanged.

After the AES-128-CMAC tag has been computed over the transformed data, hex2000 applies the same swapwords transform a second time to the 16-byte tag itself before embedding it in the flash image at the golden CMAC tag location (byte offset +0x4 from the flash bank entry address, corresponding to C28x word address +0x2). Both of these transforms must be replicated when using OpenSSL in order to produce a stored tag that is byte-for-byte identical to the one generated by hex2000.