SPRUJ93 august   2023

 

  1.   1
  2.   Description
  3.   Features
  4.   4
  5. 1Evaluation Module Overview
    1.     Preface: Read This First
      1. 1.1.1 Sitara™ MCU+ Academy
      2. 1.1.2 If You Need Assistance
      3. 1.1.3 Important Usage Notes
    2. 1.1 Introduction
    3. 1.2 Kit Contents
    4. 1.3 Specification
    5. 1.4 Device Information
    6. 1.5 HSEC 180-pin Control Card Docking Station
    7. 1.6 Security
  6. 2Hardware
    1. 2.1  Functional Block Diagram
    2. 2.2  Component Identification
    3. 2.3  Power Requirements
      1. 2.3.1 Power Input Using USB Type-C Connector
      2. 2.3.2 Power Status LEDs
      3. 2.3.3 Power Tree
      4. 2.3.4 Power Sequence
      5. 2.3.5 PMIC
    4. 2.4  Reset
    5. 2.5  Clock
    6. 2.6  Boot Mode Selection
    7. 2.7  JTAG Path Selection
    8. 2.8  Header Information
    9. 2.9  GPIO Mapping
    10. 2.10 Push Buttons
    11. 2.11 Test Points
    12. 2.12 Interfaces
      1. 2.12.1  Memory Interface
        1. 2.12.1.1 QSPI
        2. 2.12.1.2 Board ID EEPROM
      2. 2.12.2  Ethernet Interface
        1. 2.12.2.1 RGMII
        2. 2.12.2.2 PRU-ICSS
        3. 2.12.2.3 LED Indication in RJ45 Connector
      3. 2.12.3  I2C
      4. 2.12.4  Industrial Application LEDs
      5. 2.12.5  SPI
      6. 2.12.6  UART
      7. 2.12.7  MCAN
      8. 2.12.8  FSI
      9. 2.12.9  JTAG
      10. 2.12.10 Test Automation Header
      11. 2.12.11 LIN
      12. 2.12.12 MMC
      13. 2.12.13 ADC and DAC
    13. 2.13 HSEC Pinout and Pinmux Mapping
  7. 3Software
    1. 3.1 SDK Installation
  8. 4Hardware Design Files
  9. 5Additional Information
    1. 5.1 Trademarks
    2. 5.2 E1 Design Hardware Modifications
  10. 6References
    1. 6.1 Reference Documents
    2. 6.2 Other TI Components Used in This Design

1.6 Security

The AM263x Control Card features a High Security, Field Securable (HS-FS) device. An HS-FS device has the ability to use a one time programming to convert the device from HS-FS to High Security, Security Enforced (HS-SE).

The AM263x device leaves the TI factory in an HS-FS state where customer keys are not programmed and has the following attributes:

  • Does not enforce the secure boot process
  • M4 JTAG port is closed
  • R5 JTAG port is open
  • Security Subsystem firewalls are closed
  • SoC Firewalls are open
  • ROM Boot expects a TI signed binary (encryption is optional)
  • TIFS-MCU binary is signed by the TI private key

The One Time Programmable (OTP) keyrwriter converts the secure device from HS-FS to HS-SE. The OTP keywriter programs customer keys into the device eFustes to enforce secure boot and establish a root of trust. The secure boot requires an image to be encrypted (optional) and signed using customer keys, which is verified by the SoC. A secure device in the HS-SE state has the following attributes:

  • M4, R5 JTAG ports are both closed
  • Security Subsystems and SoC Firewalls are both closed
  • TIFS-MCU and SBL need to be signed with active customer key