SPRAD04 January 2022 TDA4VH-Q1 , TDA4VM , TDA4VM-Q1

1 Introduction

In the different customer stages from development to volume production, the J7 series SoC provides several device types according to the different requirements of security, as shown in Figure 1-1.

Figure 1-1 Jacinto7 SoC Device Type

GP device: General-Purpose device type, can be production device, but normally used in development considering security.
HS-SE-TIDK device: High Security device contains TI keys, and TI dummy keys in the customer area. TIDK devices can never be production devices.
HS-FS device: High Security-Field Securable device, the customer area is blank. The HS-FS device needs to program keys before delivery to the end-customer.
HS-SE device: High Security-Security Enforced device. The customer has programmed their keys into the customer area. The HS-SE devices can be production devices.

Different device types bring different security features, but also different restrictions. The GP device has no safety features, so the JTAG port is unlocked and all the binaries do not need to be signed and encrypted, so it is usually used as a development device. The HS device enforces the security feature, but the JTAG port is locked and all the binaries must be signed and encrypted, so it is usually used as a production device. The customer can see the development flow in Figure 1-2 to complete the HS process.

Figure 1-2 Jacinto7 High Security Development

The recommended process is:

Customer engineers do their development on GP device; meanwhile the HS engineers start their security development on HS-SE-TIDK device, to ensure the correctness of the HS sign and encrypt operation.
The HS engineers purchase HS-FS device and use TI dummy keys or random dummy keys to double check the HS process. In order to confirm the process of keys generation, Keywriter setup, and eFuse programming.
Synthesize the work of GP and the security branch of HS-FS, also the customer needs to setup their HSM and program customer keys into eFuse, and use the same customer keys to sign and encrypt the system image.

Lot of keys are used during the security process in the J7 device, as shown in Table 1-1. The notes describe important keys during HS development. The SMPKH, SMEK, BMPKH, and BMEK are programmed into eFuse to authenticate and decrypt the system image. The AES-256 key and TI FEK public key are used to protect the key programming process.

TI also provides test keys in the Keywriter package. Customers can use these test keys to go through the complete HS process, then setup up their HSM and use customer keys to complete these tasks before production.

Table 1-1 Keys in High Security Development

Acronym	Name	Status	Owner	Notes
KEK	Key Encryption Key	Necessary	Device	256-bit statistically unique random number per device
MPK hash	Manufacturer Public Key hash	Necessary	TI	512-bit SHA2 hash of MPK. MPK is a 4096-bit key programmed by TI in factory.
MEK	Manufacturer Encryption Key	Necessary	TI	256-bit initial encryption key for the device, used for encrypted boot, programmed by TI in factory.
SMPK hash	Secondary Manufacturer Public Key hash	Necessary	Customer	512-bit SHA2 hash of SMPK. SMPK is a 4096-bit key used to authenticate the signed binary.
SMEK	Secondary Manufacturer Encryption Key	Necessary	Customer	256-bit customer encryption key for encrypted boot used to decrypt the encrypted binary.
BMPK hash	Back up Manufacturer Public Key hash	Optional	Customer	Back up 512-bit SHA2 hash of SMPK. SMPK is a 4096-bit key used to authenticate the signed binary.
BMEK	Back up Manufacturer Encryption Key	Optional	Customer	Back up 256-bit customer encryption key for encrypted boot used to decrypt the encrypted binary.
AES-256	Advanced Encryption Standard 256-bit Key	Optional	Customer	Random 256-bit number to be used as a temporary AES encryption key for protecting the OTP extension data.
TI FEK Pub	TI Factory Encryption Key	Necessary	TI	RSA 4K encryption key to protect the customer key material before they are written to the eFuses.