Embedded Processors

Embedded Security

TI’s security toolbox helps address the emerging threats of an increasingly connected and complex world.

TI security enablers

TI offers security enablers to help developers implement their security measures to protect their assets (data, code, identity and keys).

Embedded security e-book

How do developers achieve their desired level of security in connected devices? Assess the risks and threats, and discover how to implement security in your system.

Find a product

TI offers devices with security features for a wide range of applications and markets.

E-book: Building your application with security in mind

Security is paramount in our increasingly connected and complex world. Security and cybersecurity have become a top concern. The need for designers to improve security from end-point to end-point is increasing. A thorough evaluation of the risks, as well as selection of appropriate measures is necessary in order to protect targeted applications. In this context, the question arises: how do developers achieve their desired level of security in connected devices? This e-book presents the main security enablers TI offers to assist in meeting the designers’ security objectives.

Video: Introduction to TI’s security framework

See how TI’s security toolbox helps address the emerging threats of an increasingly connected and complex world.

TI security enablers

Assessing security should start with three fundamental questions:

  1. What is being protected? (Asset)
  2. Who or what are we protecting against? (Threat and threat probability)
  3. What is the attack surface? (Exposure points and threat probability)

Understanding the targeted application, a risk assessment will identify the security measure(s) that can be implemented in the system and are adequate to mitigating threats. Once the security measures are identified, determine the security enabler(s) needed.

Cryptographic Acceleration

Threat question:
How can you achieve your latency or throughput performance while maintaining your keys/data/code security?

Simple explanation:
You can leverage the efficiency of dedicated hardware to implement your cryptographic objectives. It can be provided as hardware or as ROM, such as Advanced Encryption Standard (AES) tables. In some cases, the device does not provide cryptographic acceleration, but TI provides generic software C libraries.

Debugging Security

Threat question:
Can somebody use a debugger probe to read out your assets?

Simple explanation:
You can lock out debugging ports. Some devices will provide various options such as permanent locks, or you can create a password/credential per device to allow reopening of the debugging port.

Device Identity/Keys

Threat question:
How can you identify and authenticate the identity of your device to the network?

Simple explanation:
You can evaluate and elect to use an identity that TI stores in the devices. It may have the form of a unique ID (UID) and optionally a signature (certificate) key whose public key is easily shareable with a cloud service, for example.

External Memory Protection

Threat question:
You want to expand your application with off-chip flash or double-data-rate (DDR) memory. How do you make sure that only

Simple explanation:
Quad SPI (QSPI)/external memory interface (EMIF) with execute-in-place provides an easy way to expand your application. The capability to decrypt/authenticate on the fly can assist you in protecting confidentiality/authenticity while allowing only your application to run on the CPU.

Initial Secure Programming (Overbuild Protection Plus Counterfeiting)

Threat question:
You want to program your chip in an untrusted environment (such as a foreign manufacturing facility). How can you ensure that your application/keys are not altered, stolen or replaced?

Simple explanation:
TI provides a methodology that you can evaluate and elect to use to strengthen the confidentiality, integrity and authenticity of initial firmware or keys programmed in an untrusted facility or during the first boot of the application.

Networking Security

Threat question:
How can you get optimal performance while connecting to the network with known protocols?

Simple explanation:
You can use networking protocol accelerators for Internet Protocol security (IPsec), Transport Layer Security (TLS), or dedicated hardware and firmware to these protocols (A firmware denotes a piece of software in ROM or a piece of software that TI programs at manufacturing).

Physical Security

Threat question:
If somebody has physical access to your application, can they open the package or use the power supply to get access to your assets?

Simple explanation:
Removing the package and measuring the answer time or power consumed by a protocol request are powerful attacks that anyone with access to the device can use. TI provides various hardware and software features to help you thwart these types of attacks

Secure Boot

Threat question:
Your application runs off an external flash. How can you make sure that only your software runs on your devices?

Simple explanation:
Methodologies can help secure the boot process by preventing the loading of software (bootloaders, drivers, operating systems, applications) not signed with an acceptable digital signature.

Secure Firmware and Software Update

Threat question:
How can you update your application remotely and securely? Nobody should be able to spy, impersonate or replay your updates.

Simple explanation:
You can encrypt and sign the updated image for part or all of the application to help mitigate against efforts to spy, impersonate or replay your firmware updates. TI provides various product-dependent features such as over-the-air updates (OTA) while the application is running, hot swap and load for external flash.

Secure Storage

Threat question:
If somebody tampers with your device or finds a software weakness to exploit, are your critical keys and data secure?

Simple explanation:
Keys and data are stored in a part of the memory that is isolated from the rest of the code and data. TI provides various security features ranging from encrypted blob of keys, anti-tamper modules with master keys, and a private key bus between the nonvolatile memory and the cryptographic accelerators.

Software Intellectual Property (IP) Protection

Threat question:
Your software IP (code) represents a significant investment that you’d like to protect. Can you protect its confidentiality during different parts of your product’s life cycle?

Simple explanation:
Firewalls, IP protection zones/regions, encryption and debugging lockout of part or all of the application are some of the security features that TI provides to help you address these types of concerns.

Trusted Execution Environment (TEE)

Threat question:
Now that you have developed, audited and/or certified your application, how can you make sure that vulnerability in another application running on the same central processing unit (CPU) cannot be exploited to attack your assets: keys, data and code?

Simple explanation:
A TEE enables you to isolate your application (keys/data/code) at run time from other applications, helping you reduce the risk of security vulnerabilities in other parts of the software. A TEE can either be a physically separated MCU or a virtually isolated processing unit

Find a product

Portfolio: Learn about the security offering TI Security Enabler (device feature example)

Microcontrollers

MSP430™ ultra-low power MCUs
  • Device identity (unique ID)
  • Debug security (JTAG lock w/ password)
  • Cryptographic acceleration (AES 128/192/256)
  • Software IP protection (Debug lock-out, IP encapsulation)
C2000™ real-time control MCUs
  • Debug security (JTAG lock w/ password)
  • Software IP protection (IP Protected zones)
SimpleLink™ MSP432™ MCUs
  • Device identity (unique ID)
  • Debug security (JTAG lock w/ password, factory reset configuration)
  • Cryptographic acceleration (AES 128/192/256)
  • Software IP protection (IP Protected zones)
  • Secure firmware & software update (AES-encrypted firmware update/ password authentication)

Wireless Microcontrollers

SimpleLink™ Sub-1 GHz Wireless MCUs
  • Device identity (Unique ID)
  • Debug security/ Software IP protection (JTAG lock)
  • Cryptographic acceleration (AES 128, AES-CCM, TRNG)
SimpleLink™ Bluetooth low energy Wireless MCUs
  • Device identity (Unique ID)
  • Debug security/ Software IP protection (JTAG lock)
  • Cryptographic acceleration (AES 128, AES-CCM, TRNG)
SimpleLink™ Wi-Fi® Wireless MCUs
  • Secure boot (authenticated boot, standard secure, root-of-trust public key)
  • Device identity (unique private key per device)
  • Debug security (JTAG lock)
  • Cryptographic acceleration (AES 128/192/256, DES/3DES, SHA 1/2)
  • Networking security (WPA2, TLS)
  • Secure storage (secure storage)
  • Software IP protection (cloning protection)
  • Initial secure programming (encrypted firmware flow for manufacturing)
  • Secure firmware & software update (file system security, software tamper protection)

Processors

Sitara™ Processors
  • Secure boot (authenticated boot, standard secure, root-of-trust public key)
  • Device identity (unique ID)
  • Debug security (JTAG lock)
  • Cryptographic acceleration (AES 128/92/256, DES/3DES, RSA, ECC, SHA 1/2, TRNG)
  • External memory protection (encrypted execute-in-place with QuadSPI)
  • Trusted execution environment (TEE)
  • Secure storage (TEE)
  • Software IP protection (Debug lock-out)
  • Initial secure programming (secure boot, secure flashing)
  • Physical security (anti-tamper module)
Automotive Processors
  • Secure boot (root-of-trust public key)
  • Device identity (unique ID)
  • Debug security (JTAG lock w/ password)
  • Cryptographic acceleration (AES 128/92/256, DES/3DES, SHA 1/2, TRNG)
  • External memory protection (firewalls)
  • Secure storage (secure ROM APIs, anti-cloning)
  • Software IP protection (Debug lock-out)