SPRUIX1B October 2022 – April 2024 TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137
There are a few functions that are available within Secure ROM to be called by the application to perform EXEONLY Flash/RAM tasks in a secure manner.
If a vector fetch request is given by the CPU (C28x) while the program counter (PC) is within the EXEONLY function API code of the Secure ROM, a reset fires (RSN if from C28x). The consequence of this is if an NMI or ITRAP or Bus Fault occurs while the PC is executing one of the EXEONLY API functions, the NMI/ITRAP/Fault cannot be serviced because a reset is fired to the subsystem.
The secure copy code zone 1 function allow EXEONLY Flash to be copied to EXEONLY RAM in a secure manner. The source must be from EXEONLY Flash and the destination to EXEONLY RAM. There is no support to copy EXEONLY ROM or EXEONLY RAM to RAM. Both Flash and RAM must be set to EXEONLY and configured for the same zone. Additionally, the copy size must not cross over the Flash sector boundary. Any violations of these requirements results in a failure status returned. Upon successful copy of the data, the number of 16-bit words copied is returned.
CPU | Function Prototype | Function Parameters | Function Return Value |
---|---|---|---|
CPU (C28x) | uint16_t SecureCopyCodeZ1(uint32_t size, uint16_t *dst, uint16_t *src) | size : The number of 16-bit words to copy dst : The destination memory address in EXEONLY RAM src : The source memory address in EXEONLY Flash |
0xXXXX : Returns the number of 16-bit words copied. 0x0000 : Indicates one of the following: Copy length is zero; Copy size crosses over Flash sector boundary; Flash and RAM do not belong to the same zone; Flash and RAM are not set to EXEONLY; Error occurred during data copy |
The secure CRC calculation zone 1 function allow a safety CRC check of EXEONLY memory in a secure manner. The CRC length provided must be a value from 1 to 8 where 1 represents a CRC size of 32 16-bit words and 8 represents a CRC size of 4096 16-bit words. The source address specifies the starting address for the CRC and the destination address is the location that the resulting CRC value is stored. The source and destination memories must be configured for the same zone. Additionally, the CRC length must not cross over the Flash sector or RAM block boundary. Any violations of these requirements results in a failure status returned. Upon successful CRC, the number of 16-bit words CRCed is returned.
CPU | Function Prototype | Function Parameters | Function Return Value |
---|---|---|---|
CPU (C28x) | uint16_t SecureCRCCalcZ1(uint16_t len_id, uint16_t *dst, uint16_t *src) | len_id : A number from 1 to 8 that corresponds
to length options of 32, 64, 128, 256, 512, 1024, 2048, or 4096 16-bit words dst : The destination memory address for resulting CRC src : The source memory address to begin CRC calculation |
0xXXXX : Returns the number of 16-bit words CRCed 0x0000 : Indicates one of the following: Invalid length option; Source address is not modulo of length value; Destination address is not within secure RAM; CRC size crosses over Flash sector or RAM block boundary; The source and destination memory do not belong to the same zone. |
The CMAC calculate and compare function allows to calculate CMAC signature of a Flash memory block and compare against a golden signature. This is used in the secure boot mode to authenticate the boot image.
CPU | Function Prototype | Function Parameters | Function Return Value |
---|---|---|---|
CPU (C28x) | uint32_t CPU1BROM_calculateCMAC(uint32_t startAddress, uint32_t endAddress, uint32_t signatureAddress) | startAddress: Starting address of memory for which CMAC has to be calculated | 0xFFFF FFFFU: Calculated CMAC signature did not match golden signature (fail) |
endAddress: Ending address of memory for which CMAC has to be calculated | 0xA5A5 A5A5U: Memory range provided is not aligned to 128-bit boundary or length is zero | ||
signatureAddress: Address of location where golden CMAC signature is stored | 0xE1E1 E1E1U: AES Engine timed out | ||
0x0000 0000U: No Error |