SLAAE29 January   2023 MSPM0G1105 , MSPM0G1106 , MSPM0G1107 , MSPM0G1505 , MSPM0G1506 , MSPM0G1507 , MSPM0G3105 , MSPM0G3106 , MSPM0G3107 , MSPM0G3505 , MSPM0G3506 , MSPM0G3507 , MSPM0L1105 , MSPM0L1106 , MSPM0L1303 , MSPM0L1304 , MSPM0L1304-Q1 , MSPM0L1305 , MSPM0L1305-Q1 , MSPM0L1306 , MSPM0L1306-Q1 , MSPM0L1343 , MSPM0L1344 , MSPM0L1345 , MSPM0L1346

 

  1.   Abstract
  2.   Trademarks
  3. 1Introduction
    1. 1.1 Goals of Cybersecurity
    2. 1.2 Platform Security Enablers
  4. 2Device Security Model
    1. 2.1 Initial Conditions at Boot
    2. 2.2 Boot Configuration Routine (BCR)
    3. 2.3 Bootstrap Loader (BSL)
    4. 2.4 Boot Flow
    5. 2.5 User-Specified Security Policies
      1. 2.5.1 Boot Configuration Routine (BCR) Security Policies
        1. 2.5.1.1 Serial Wire Debug Related Policies
          1. 2.5.1.1.1 SWD Security Level 0
          2. 2.5.1.1.2 SWD Security Level 1
          3. 2.5.1.1.3 SWD Security Level 2
        2. 2.5.1.2 Bootstrap Loader (BSL) Enable/Disable Policy
        3. 2.5.1.3 Flash Memory Protection and Integrity Related Policies
          1. 2.5.1.3.1 Locking the Application (MAIN) Flash Memory
          2. 2.5.1.3.2 Locking the Configuration (NONMAIN) Flash Memory
          3. 2.5.1.3.3 Verifying Integrity of Application (MAIN) Flash Memory
      2. 2.5.2 Bootstrap Loader (BSL) Security Policies
        1. 2.5.2.1 BSL Access Password
        2. 2.5.2.2 BSL Read-out Policy
        3. 2.5.2.3 BSL Security Alert Policy
      3. 2.5.3 Configuration Data Error Resistance
        1. 2.5.3.1 CRC-Backed Configuration Data
        2. 2.5.3.2 16-bit Pattern Match for Critical Fields
  5. 3Secure Boot
    1. 3.1 Secure Boot Authentication Flow
    2. 3.2 Asymmetric vs. Symmetric Secure Boot
  6. 4Cryptographic Acceleration
    1. 4.1 Hardware AES Acceleration
      1. 4.1.1 Overview
      2. 4.1.2 AES Performance
    2. 4.2 Hardware True Random Number Generator (TRNG)
  7. 5Device Identity
  8. 6Summary
  9. 7References
  10. 8Revision History
  11.   A Security Enablers by Subfamily

A Security Enablers by Subfamily

The security enablers including in a given MSPM0 subfamily are listed in Table A-1. Note that certain features are planned for future MSPM0 devices and may not be included in the devices families shown in the table.

Table A-1 Security Enablers by MSPM0 Subfamily
Security Enabler Security Enabler MSPM0L110x MSPM0L13xx MSPM0G110x MSPM0G150x MSPM0G3x0x
Debugging security Password authenticated debug access Yes
Password authenticated boot strap loader access Yes
Password authenticated main flash memory mass erase Yes
Password authenticated complete factory reset Yes
TI failure analysis (FA) enable/disable Yes
Complete hardware disable of serial wire debug (SWD) interface Yes
Permanently lockable device configuration data Yes
Error resistant device configuration data Yes
Password memory contains hashes only (SHA2-256) No
Secure boot Permanently lockable main flash memory (static write protection) Yes
CRC-32 verified main flash region Yes
SHA2-256 verified main flash memory region No
Single point of entry to main flash application at boot Yes
Firmware image authentication routines (asymmetric or symmetric) Yes
Lockable flash for key revocation and rollback protection No
SRAM W^X (write-or-execute) boundary enforcement Yes
Secure Storage Static flash memory read/execute (RX) firewall No
IP protection (execute-only) firewall No
W^X (write-or-execute) enforcement on main flash banks No
AES volatile key store (up to four 128-bit keys plus a session key) No
Cryptographic acceleration Hardware AES accelerator (128-bit / 256-bit) No Yes
Hardware TRNG No Yes
Device identity Unique device identifier (96-bit) Yes
Physical security Boot configuration routine fault injection attack countermeasures No