SPRUJ10D May   2022  – September 2023

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Preface: Read This First
    1. 2.1 Sitara MCU+ Academy
    2. 2.2 If You Need Assistance
    3. 2.3 Important Usage Notes
  5. 2Kit Overview
    1. 3.1 Kit Contents
    2. 3.2 Key Features
    3. 3.3 Component Identification
    4. 3.4 BoosterPacks
    5. 3.5 Compliance
    6. 3.6 Security
  6. 3Board Setup
    1. 4.1 Power Requirements
      1. 4.1.1 Power Input Using USB Type-C Connector
      2. 4.1.2 Power Status LEDs
      3. 4.1.3 Power Tree
    2. 4.2 Push Buttons
    3. 4.3 Boot Mode Selection
  7. 4Hardware Description
    1. 5.1  Functional Block Diagram
    2. 5.2  GPIO Mapping
    3. 5.3  Reset
    4. 5.4  Clock
    5. 5.5  Memory Interface
      1. 5.5.1 QSPI
      2. 5.5.2 Board ID EEPROM
    6. 5.6  Ethernet Interface
      1. 5.6.1 Ethernet PHY #1 - CPSW RGMII/ICSSM
      2. 5.6.2 Ethernet PHY #2 - CPSW RGMII/ICSSM
      3. 5.6.3 LED Indication in RJ45 Connector
    7. 5.7  I2C
    8. 5.8  Industrial Application LEDs
    9. 5.9  SPI
    10. 5.10 UART
    11. 5.11 MCAN
    12. 5.12 FSI
    13. 5.13 JTAG
    14. 5.14 Test Automation Header
    15. 5.15 LIN
    16. 5.16 MMC
    17. 5.17 ADC and DAC
    18. 5.18 EQEP and SDFM
    19. 5.19 EPWM
    20. 5.20 BoosterPack Headers
    21. 5.21 Pinmux Mapping
  8. 5References
    1. 6.1 Reference Documents
    2. 6.2 Other TI Components Used in This Design
  9. 6Revision History

2.6 Security

The AM263x LaunchPad features a High Security, Field Securable (HS-FS) device. An HS-FS device has the ability to use a one time programming to convert the device from HS-FS to High Security, Security Enforced (HS-SE).

The AM263x device leaves the TI factory in an HS-FS state where customer keys are not programmed and has the following attributes:

  • Does not enforce the secure boot process
  • M4 JTAG port is closed
  • R5 JTAG port is open
  • Security Subsystem firewalls are closed
  • SoC Firewalls are open
  • ROM Boot expects a TI signed binary (encryption is optional)
  • TIFS-MCU binary is signed by the TI private key

The One Time Programmable (OTP) keyrwriter converts the secure device from HS-FS to HS-SE. The OTP keywriter programs customer keys into the device eFustes to enforce secure boot and establish a root of trust. The secure boot requires an image to be encrypted (optional) and signed using customer keys, which will be verified by the SoC. A secure device in the HS-SE state has the following attributes:

  • M4, R5 JTAG ports are both closed
  • Security Subsystems and SoC Firewalls are both closed
  • TIFS-MCU and SBL need to be signed with active customer key