SPRADN2 January   2025 MSPM0G1518 , MSPM0G1519 , MSPM0G3518 , MSPM0G3519 , MSPM0L1227 , MSPM0L1228 , MSPM0L2227 , MSPM0L2228

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Nonvolatile Memory (NVM) Basic Introduction
    1. 1.1 Flash Memory Protection
  5. 2Customer Secure Code (CSC) Introduction
    1. 2.1 CSC Execution Overview
    2. 2.2 CSC Memory Maps
    3. 2.3 CSC Execution Process
  6. 3Bank Swap Example Implementation
    1. 3.1 CSC Code Project Preparation
      1. 3.1.1 Enable CSC in NONMAIN
      2. 3.1.2 Implementation of CSC Application Code - Bank Swap Feature
    2. 3.2 Application Code Project Preparation
  7. 4Common Use Case Introduction
  8. 5Data Bank Introduction
    1. 5.1 Data Bank Protection
    2. 5.2 Data Bank Erase Write Operation
  9. 6Summary
  10. 7References

2 Customer Secure Code (CSC) Introduction

The Customer Secure Code (CSC) is customer-owned software that configures additional advanced security settings after a BOOTRST and SYSRST. This is available on MSPM0 families with advanced security features such as device family MSPM0Gx51x and MSPM0Lx22x and so forth. TI provides a reference implementation in the SDK based on publicly available MCUboot that showcases how to use many of these additional features. This attribute controls whether a second level of security and trusted flash-based code is provisioned or not. When paired with an example such as the customer_secure_image_with_bootloader example in SDK, this represents a full design for updates and verification of new images on the device.

Note: The CSC is not required to put images on the device. In the reference implementation, this is done by the application, which allows for the process to remain updated.

CSC can applied on capable devices that can have any number of banks. The full set of features and execution flow varies depending on the specific device used and features present on the device. Typically, customer owned secure code executes and implements additional security capabilities:

  • Bank swap decision
  • Secure firmware update
  • Secure key storage
  • Flash read-execute firewall
  • Flash IP firewall
  • SRAM write-execute mutual exclusion