SPRADS1 June   2025 F29H850TU

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Hardware Security Module
    2. 1.2 Flash Programming Fundamentals
    3. 1.3 High-Level Flow
    4. 1.4 Flow Chart
  5. 2Flash-Based UART SBL with FOTA
    1. 2.1 Implementation
    2. 2.2 Triggering a Bank Swap
  6. 3FOTA_Example_Application
    1. 3.1 led_blinky_cpu1.c
    2. 3.2 Combining the Flash-Based SBL with the FOTA_Example_Application
    3. 3.3 Adding a CPU3 Application
  7. 4Host Application: UART Flash Programmer
    1. 4.1 Overview
  8. 5Example Usage
    1. 5.1 Loading the SBL onto the Device
      1. 5.1.1 Loading by CCS (JTAG)
      2. 5.1.2 Loading via UART Boot and the UART Flash Kernel
    2. 5.2 Example UART Loading Process
  9. 6FAQ
    1. 6.1 General
    2. 6.2 Application Load
  10. 7Summary
  11. 8References

1.1 Hardware Security Module

A key difference between C28-based devices and the F29H85x is the integration of the Hardware Security Module (HSM). The HSM is a subsystem that provides security and cryptographic functions. The C29 CPUs interface with the HSM to perform cryptographic operations required for code authentication, secure boot, secure firmware upgrades, and encrypted run-time communications.

During the flash boot sequence, the HSM is responsible for authentication of image present in flash. For the authentication to succeed, the programmed image must include an X.509 certificate. The post-build steps of the project are responsible for generating a valid X.509 certificate. Please refer to this section for details on the post-build steps.

The HSM introduces the concept of different device security states. The device states are High Security - Field Securable (HS-FS), High Security - Key Provisioned (HS-KP), and High Security - Security Enabled (HS-SE). By default, the F29H85x device ships with HS-FS. Table 1-1 describes the differences between these three states.

Table 1-1 Device Security State

HS-FS

HS-KP

HS-SE

C29 boot image (flash kernel)

Secure boot not enforced

Secure boot enforced with customer keys programmed by keywriter

Secure boot enforced with customer keys programmed by keywriter

HSM boot image

 Secure boot enforced (with default TI-provided key) Secure boot enforced with customer keys programmed by keywriter Secure boot enforced with customer keys programmed by keywriter

C29 JTAG

Open by default

 Open by default

Closed by default

SoC firewalls

 Open by default

Disabled for HSM and enabled for C29

Disabled for HSM and enabled fro C29

C29 CPU access to C29 flash banks

Enabled

Disabled

Enabled

The FOTA upgrade process differs between HS-FS and HS-SE devices. For details regarding the C29 CPU1/CPU3 FOTA upgrades on an HS-FS device, refer to the High-Level Flow section.

For details regarding C29 CPU1/3 or HSM FOTA upgrades on an HS-SE device, refer to the Secure Firmware Upgrade section of the TIFS SDK (tifs_f29h85x_xx_xx_xx_xx/docs/api_guide_f29h85x/html/docs_src/secure_firmware_update/secure_firmware_update.html)