Texas Instruments 180 to 100 Pin DIMM Adapter TMDSADAP180TO100 TMDSADAP180TO100 데이터 시트
제품 코드
TMDSADAP180TO100
SPRS825C – OCTOBER 2012 – REVISED FEBRUARY 2014
3.18 Code Security Module
The Code Security Module (CSM) is a security feature incorporated in Concerto devices. The CSM
prevents access and visibility to on-chip secure memories by unauthorized persons—that is, the CSM
prevents duplication and reverse-engineering of proprietary code. The word "secure" means that access to
on-chip secure memories is protected. The word "unsecure" means that access to on-chip secure memory
is not protected—that is, the contents of the memory could be read by any means [for example, by using a
debugging tool such as Code Composer Studio™ Integrated Development Environment (IDE)].
prevents access and visibility to on-chip secure memories by unauthorized persons—that is, the CSM
prevents duplication and reverse-engineering of proprietary code. The word "secure" means that access to
on-chip secure memories is protected. The word "unsecure" means that access to on-chip secure memory
is not protected—that is, the contents of the memory could be read by any means [for example, by using a
debugging tool such as Code Composer Studio™ Integrated Development Environment (IDE)].
3.18.1 Functional Description
The security module restricts the CPU access to on-chip secure memory without interrupting or stalling
CPU execution. When a read occurs to a protected memory location, the read returns a zero value and
CPU execution continues with the next instruction. This process, in effect, blocks read and write access to
various memories through the JTAG port or external peripherals. Security is defined with respect to the
access of on-chip secure memories and prevents unauthorized copying of proprietary code or data.
CPU execution. When a read occurs to a protected memory location, the read returns a zero value and
CPU execution continues with the next instruction. This process, in effect, blocks read and write access to
various memories through the JTAG port or external peripherals. Security is defined with respect to the
access of on-chip secure memories and prevents unauthorized copying of proprietary code or data.
The zone is secure when CPU access to the on-chip secure memories associated with that zone is
restricted. When secure, two levels of protection are possible, depending on where the program counter is
currently pointing. If code is currently running from inside secure memory, only an access through JTAG is
blocked (that is, through the emulator). This process allows secure code to access secure data.
Conversely, if code is running from unsecure memory, all accesses to secure memories are blocked. User
code can dynamically jump in and out of secure memory, thereby allowing secure function calls from
unsecure memory. Similarly, interrupt service routines can be placed in secure memory, even if the main
program loop is run from unsecure memory.
restricted. When secure, two levels of protection are possible, depending on where the program counter is
currently pointing. If code is currently running from inside secure memory, only an access through JTAG is
blocked (that is, through the emulator). This process allows secure code to access secure data.
Conversely, if code is running from unsecure memory, all accesses to secure memories are blocked. User
code can dynamically jump in and out of secure memory, thereby allowing secure function calls from
unsecure memory. Similarly, interrupt service routines can be placed in secure memory, even if the main
program loop is run from unsecure memory.
The code security mechanism present in this device offers dual-zone security for the Cortex-M3 code and
single-zone security for the C28x code. In case of dual-zone security on the master subsystem, the
different secure memories (RAMs and flash sectors) can be assigned to different security zones by
configuring the GRABRAM and GRABSECT registers associated with each zone. Flash Sector N and
Flash Sector A are dedicated to Zone1 and Zone2, respectively, and cannot be allocated to any other
zone by configuration. Similarly, flash sectors get assigned to different zones based on the setting in the
GRABSECT registers.
single-zone security for the C28x code. In case of dual-zone security on the master subsystem, the
different secure memories (RAMs and flash sectors) can be assigned to different security zones by
configuring the GRABRAM and GRABSECT registers associated with each zone. Flash Sector N and
Flash Sector A are dedicated to Zone1 and Zone2, respectively, and cannot be allocated to any other
zone by configuration. Similarly, flash sectors get assigned to different zones based on the setting in the
GRABSECT registers.
Security is provided by a CSM password of 128 bits of data (four 32-bit words) that is used to secure or
unsecure the zones. Each zone has its own 128-bit CSM password. The zone can be unsecured by
executing the password match flow (PMF).
unsecure the zones. Each zone has its own 128-bit CSM password. The zone can be unsecured by
executing the password match flow (PMF).
The CSM password for each zone is stored in its dedicated flash sector. The password storage locations
in the flash sector store the CSM password. The password is selected by the system designer. If the
password locations of a zone have all 128 bits as ones, the zone is considered "unsecure". Since new
flash devices have erased flash (all ones), only a read of the password locations is required to bring any
zone into unsecure mode. If the password locations of a zone have all 128 bits as zeros, the zone is
considered "secure", regardless of the contents of the CSMKEY registers. The user should not use all
zeros as a password or reset the device during an erase of the flash. Resetting the device during an erase
routine can result in either an all-zero or unknown password. If a device is reset when the password
locations are all zeros, the device cannot be unlocked by the password match flow. Using a password of
all zeros will seriously limit the user’s ability to debug secure code or reprogram the flash.
in the flash sector store the CSM password. The password is selected by the system designer. If the
password locations of a zone have all 128 bits as ones, the zone is considered "unsecure". Since new
flash devices have erased flash (all ones), only a read of the password locations is required to bring any
zone into unsecure mode. If the password locations of a zone have all 128 bits as zeros, the zone is
considered "secure", regardless of the contents of the CSMKEY registers. The user should not use all
zeros as a password or reset the device during an erase of the flash. Resetting the device during an erase
routine can result in either an all-zero or unknown password. If a device is reset when the password
locations are all zeros, the device cannot be unlocked by the password match flow. Using a password of
all zeros will seriously limit the user’s ability to debug secure code or reprogram the flash.
NOTE
If a device is reset while the password locations of a zone contain all zeros or an unknown
value, that zone will be permanently locked unless a method to run the flash erase routine
from secure SARAM is embedded into the flash or OTP. Care must be taken when
implementing this procedure to avoid introducing a security hole.
value, that zone will be permanently locked unless a method to run the flash erase routine
from secure SARAM is embedded into the flash or OTP. Care must be taken when
implementing this procedure to avoid introducing a security hole.
88
Device Overview
Copyright © 2012–2014, Texas Instruments Incorporated
Product Folder Links: