SPRACT3A September   2020  – June 2026 F29H850TU , F29H859TU-Q1 , F29P329SM-Q1 , TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P550SG , TMS320F28P550SJ , TMS320F28P559SG-Q1 , TMS320F28P559SJ-Q1 , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Secure Flash Boot Overview
  6. CMAC Authentication
  7. Secure Flash Boot Options
  8. Secure Flash Boot Flow
  9. C2000Ware Example Details
  10. Authenticating Flash Code Beyond 16 KB
  11. Debug Resources
  12. Additional Information and Points to Consider
  13. 10Alignment of C2000 CMAC Algorithm to OpenSSL
    1. 10.1 C28x Memory and Binary File Byte Ordering
    2. 10.2 Flash Binary Byte Ordering
    3. 10.3 CMAC Key Byte Ordering
    4. 10.4 CMAC Output Alignment Procedure
    5. 10.5 Worked Example
    6. 10.6 Summary of Differences
  14. 11References
  15. 12Revision History

5 Secure Flash Boot Flow

Implementation of secure flash boot on device is a two-step process:

  1. Generation of the authentication tag – this happens outside the device during image creation.
    1. The C2000™ or Arm®, hex utility runs the CMAC algorithm on the flash boot code image using the input CMACKEY and the CMAC application data structures that preserve the memory space for the golden CMAC authentication tag. For more details on the hex utility, see [3] and [4].
    2. The generated golden CMAC tag is embedded in the hex file at the location specified in Table 4-1.
    3. The hex image (now containing the golden CMAC tag) is programmed into the corresponding sector of the flash.
    4. The appropriate secure flash boot mode is chosen as per Table 4-1 and programmed in the CPU1 USER OTP.
  2. Authentication of the application boot code in flash – this happens inside the device as part of the Secure Flash Boot execution
    1. The BOOTDEFx/BOOTPINCONFIG fields are configured to select the Secure Flash Boot option according to Table 4-1 and upon a reset, the device boots and execute the CMAC algorithm on the specified flash sector.
    2. The tag generated by the CMAC algorithm is compared with the Golden CMAC tag residing at the preprogrammed location.
    3. Upon a successful tag match, the boot process branches to the authenticated flash code and begins execution.
    4. Upon a tag match failure, different actions are taken on CPU1/CPU2/CM :
      1. In the case of CPU1, the device is reset (the code remains in a loop and XRSn is issued automatically on the Watchdog expiry).
      2. In the case of CPU2, the secure boot failure flag is set in the CPU2TOCPU1IPCBOOTSTS register, IPC command is sent to CPU1 with secure flash CMAC error code, and the CPU2 boot code waits in a loop for CPU1 to take necessary action. A copy of the CPU2TOCPU1IPCBOOTSTS register is also captured in the 0x0000 0002 address location of CPU2.
      3. In the case of CM, the secure boot failure flag is set in the CMTOCPU1IPCBOOTSTS register, IPC command is sent to CPU1 with secure flash CMAC error code and the CM boot code waits in a loop for CPU1 to take necessary action. A copy of the CMTOCPU1IPCBOOTSTS register is also captured in the 0x2000 0000 address location of CM.
Note: The CMAC algorithm, while calculating the authentication tag on the image and also while authenticating the image, treats the memory addresses containing the golden tag as all ones.