SPRACT3A September   2020  – June 2026 F29H850TU , F29H859TU-Q1 , F29P329SM-Q1 , TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P550SG , TMS320F28P550SJ , TMS320F28P559SG-Q1 , TMS320F28P559SJ-Q1 , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Secure Flash Boot Overview
  6. CMAC Authentication
  7. Secure Flash Boot Options
  8. Secure Flash Boot Flow
  9. C2000Ware Example Details
  10. Authenticating Flash Code Beyond 16 KB
  11. Debug Resources
  12. Additional Information and Points to Consider
  13. 10Alignment of C2000 CMAC Algorithm to OpenSSL
    1. 10.1 C28x Memory and Binary File Byte Ordering
    2. 10.2 Flash Binary Byte Ordering
    3. 10.3 CMAC Key Byte Ordering
    4. 10.4 CMAC Output Alignment Procedure
    5. 10.5 Worked Example
    6. 10.6 Summary of Differences
  14. 11References
  15. 12Revision History

2 Secure Flash Boot Overview

One of the DCSM features related to the application flash boot is the ability to authenticate the user application code in flash before execution. This ascertains the integrity of the application code by ensuring that it has not been tampered with, after getting programmed into the Flash memory. When applied to a Zone1 EXEONLY Flash Sector, this feature acts as an additional layer of security for the critical user application code. The secure flash boot feature provides a set of additional boot options alongside the traditional flash boot options.

The secure flash boot is realized using the 128-bit AES-CMAC Authentication algorithm that is run on the application code contents returning a pass/fail status and proceeds to execute the application code only if the authentication succeeds. Table 2-1 gives an overview of this feature on the different subsystems of the device. The BootROM of each CPU subsystem initiates the authentication of the first 16KB of the application code of that subsystem, which is referred to as Primary Secure Boot. The authentication of the application code beyond the first 16KB of each CPU subsystem is referred to as the Extended Secure Boot. This can be optionally initiated by the pre-authenticated application code.

Due to the execution of the CMAC authentication algorithm during secure flash boot, the boot up sequence requires additional time to reach the user application compared to normal (non-secure) flash boot. Note that the device CM core secure flash boot requires less time compared to the CPU1 or CPU2 secure flash boot implementations since the CM makes use of a hardware AES accelerator.

Table 2-1 Secure Flash Boot Overview Across the Device

Subsystem (Core)

Secure Boot Feature

CMAC Algorithm Implementation

 Additional Time Taken to Authenticate First 16KB of Flash Boot Code
CPU1 SS (C28_1) Yes Software (Secure ROM utility) + AES ROM tables ~400 ms (Running on INTOSC at 10 MHz)
CPU2 SS (C28_2) Yes Software (Secure ROM utility) + AES ROM tables ~20 ms (Running on PLL at 200 MHz)

CMSS (CM4)

Yes

Software (Secure ROM utility) + Hardware AES accelerator

~6 ms (Running on PLL at 125 MHz)