SLAAE29A January   2023  – December 2025 MSPM0C1105 , MSPM0C1106 , MSPM0G1105 , MSPM0G1106 , MSPM0G1107 , MSPM0G1505 , MSPM0G1506 , MSPM0G1507 , MSPM0G1518 , MSPM0G1519 , MSPM0G3105 , MSPM0G3106 , MSPM0G3106-Q1 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3506 , MSPM0G3506-Q1 , MSPM0G3507 , MSPM0G3507-Q1 , MSPM0G3518 , MSPM0G3518-Q1 , MSPM0G3519 , MSPM0G3519-Q1 , MSPM0L1105 , MSPM0L1106 , MSPM0L1227 , MSPM0L1227-Q1 , MSPM0L1228 , MSPM0L1228-Q1 , MSPM0L1303 , MSPM0L1304 , MSPM0L1304-Q1 , MSPM0L1305 , MSPM0L1305-Q1 , MSPM0L1306 , MSPM0L1306-Q1 , MSPM0L1343 , MSPM0L1344 , MSPM0L1345 , MSPM0L1346 , MSPM0L2227 , MSPM0L2227-Q1 , MSPM0L2228 , MSPM0L2228-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Key Concepts
    2. 1.2 Goals of Cybersecurity
    3. 1.3 Platform Security Enablers
  5. 2Device Security Model
    1. 2.1 Device Identity
    2. 2.2 Initial Conditions at Boot
    3. 2.3 Boot Configuration Routine (BCR)
    4. 2.4 Bootstrap Loader (BSL)
    5. 2.5 Boot Flow
    6. 2.6 User-Specified Security Policies
      1. 2.6.1 Boot Configuration Routine (BCR) Policies
        1. 2.6.1.1 Serial Wire Debug Related Policies
          1. 2.6.1.1.1 SWD Security Level 0
          2. 2.6.1.1.2 SWD Security Level 1
          3. 2.6.1.1.3 SWD Security Level 2
        2. 2.6.1.2 Bootstrap Loader (BSL) Enable/Disable Policy
        3. 2.6.1.3 Flash Memory Protection and Integrity Related Policies
          1. 2.6.1.3.1 Locking the Application (MAIN) Flash Memory
          2. 2.6.1.3.2 Locking the Configuration (NONMAIN) Flash Memory
          3. 2.6.1.3.3 Verifying Integrity of Application (MAIN) Flash Memory
        4. 2.6.1.4 Bootstrap Loader (BSL) Security Policies
          1. 2.6.1.4.1 BSL Access Password
          2. 2.6.1.4.2 BSL Read-out Policy
          3. 2.6.1.4.3 BSL Security Alert Policy
      2. 2.6.2 Customer Secure Code (CSC) Security Policies
        1. 2.6.2.1 CSC Enforced Bankswap
        2. 2.6.2.2 CSC Enforced Firewalls
        3. 2.6.2.3 CSC Key Write to KEYSTORE
      3. 2.6.3 Configuration Data Error Resistance
        1. 2.6.3.1 CRC-Backed Configuration Data
        2. 2.6.3.2 16-bit Pattern Match for Critical Fields
  6. 3Secure Boot
    1. 3.1 Secure Processing Environment Isolation
    2. 3.2 Customer Secure Code (CSC)
      1. 3.2.1 Secure Boot Flow
      2. 3.2.2 Flash Memory Map
      3. 3.2.3 Features
        1. 3.2.3.1 CMAC Acceleration
        2. 3.2.3.2 Asymmetric Verification
        3. 3.2.3.3 KEYSTORE and Firewall
        4. 3.2.3.4 CSC Performance
      4. 3.2.4 Quick Start Guide
        1. 3.2.4.1 Environment Setup
        2. 3.2.4.2 Step by Step Guidance
        3. 3.2.4.3 CSC NONMAIN Configuration
        4. 3.2.4.4 Customize Changes on CSC Example
    3. 3.3 Boot Image Manager (BIM)
      1. 3.3.1 Secure Boot Flow
      2. 3.3.2 Flash Memory Map
      3. 3.3.3 Quick Start Guide
  7. 4Secure Storage
    1. 4.1 Flash Write Protection
    2. 4.2 Flash Read-Execute Protection
    3. 4.3 Flash IP Protection
    4. 4.4 Data Bank Protection
    5. 4.5 Secure Key Storage
    6. 4.6 SRAM Protection
    7. 4.7 Hardware Monotonic Counter
  8. 5Cryptographic Acceleration
    1. 5.1 Hardware AES Acceleration
      1. 5.1.1 AES
      2. 5.1.2 AESADV
    2. 5.2 Hardware True Random Number Generator (TRNG)
  9. 6FAQ
  10. 7Summary
  11. 8References
  12. 9Revision History

1.1 Key Concepts

Table 1-1 Key Concepts
Term Meaning
NONMAIN A dedicated flash memory region which configures device boot related parameters. See MSPM0 NONMAIN FLASH Operation Guide for NONMAIN operation guide.
Secure Boot The process of verifying and validating the integrity and authenticity of updateable firmware and software components as a pre-requisite to the execution.
INITDONE INITDONE is a register in some MSPM0 devices that is used to isolate privileged state and unprivileged state. INITDONE is triggered at the end of the privileged state by the CSC and all non-static security policies configured in CSC will take effect during INITDONE.
Customer Secure Code (CSC) A secure boot solution provided in MSPM0 SDK for the devices with INITDONE mechanism. It works as part of root of trust and keeps immutable after production and achieves application image integrity and authenticity verification as well as other security policy configuration. CSC could also represent a MSPM0 hardware feature which means a MSPM0 device supports INITDONE mechanism.
Boot Image Manager (BIM) A secure boot solution provided in MSPM0 SDK for devices without INITDONE mechanism.
Root of Trust (RoT) Especially refers to immutable Root of Trust, the most trusted security component on the device. It is inherently trusted because it cannot be modified following manufacture. There is no software at a deeper level that can verify that it as authentic and unmodified. Including ROM-boot code and CSC with static write protection in CSC solution.
Keystore Secure storage for AES key. Only CSC can configure keys into Keystore and the main application can configure the crypto engine (AES) to use one of the stored keys but can never access any stored keys.
Firewall A dynamic protection mechanism for some specific region of Flash memory, including write protection, read-execute protection and IP protection.
Bank Swap A mechanism to configure flash bank address mapping on MSPM0 dual-bank devices. It is configured in CSC and takes effects after INITDONE.
Static Write Protection The static write protection mechanism enabled by NONMAIN configuration. The protected region could not be modified after ROM-boot code finished unless the NONMAIN configuration is changed for enabling writing again.
SHA2-256 The hashing algorithm which takes an entire message and condenses it into a fixed-length (256bit) digest. It is used for verifying message integrity. Only supported via software in MSPM0 devices.
ECDSA P256 An asymmetric algorithm to verifymessage authenticity. Only supported via software in MSPM0 devices.
AES Advanced Encryption Standard, some MSPM0 devices offer hardware accelerators for AES.
TRNG True Random Number Generator, some MSPM0 devices offer hardware accelerators for TRNG.