SPRADN2 January   2025 MSPM0G1518 , MSPM0G1519 , MSPM0G3518 , MSPM0G3519 , MSPM0L1227 , MSPM0L1228 , MSPM0L2227 , MSPM0L2228

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Nonvolatile Memory (NVM) Basic Introduction
    1. 1.1 Flash Memory Protection
  5. 2Customer Secure Code (CSC) Introduction
    1. 2.1 CSC Execution Overview
    2. 2.2 CSC Memory Maps
    3. 2.3 CSC Execution Process
  6. 3Bank Swap Example Implementation
    1. 3.1 CSC Code Project Preparation
      1. 3.1.1 Enable CSC in NONMAIN
      2. 3.1.2 Implementation of CSC Application Code - Bank Swap Feature
    2. 3.2 Application Code Project Preparation
  7. 4Common Use Case Introduction
  8. 5Data Bank Introduction
    1. 5.1 Data Bank Protection
    2. 5.2 Data Bank Erase Write Operation
  9. 6Summary
  10. 7References

2.3 CSC Execution Process

Figure 2-3 illustrates the boot and startup sequence in security enabled applications. At BOOTRST, TI boot-code execution commences. After successful boot, boot-code issues BOOTDONE. At this point, SYSCTL issues a SYSRST to the device to trigger execution from flash memory. Depending on the boot configuration record, this leads either to the start of the main application (if CSC does not exist in this configuration) or to the start of the CSC (if CSC is configured). CSC is responsible for determining execution bank, memory region protections, secure key initialization into the keystore, and so forth. When the customer secure code issues INITDONE (by writing to SYSCTL.SECCFG.INITDONE MMR), then SYSCTL issues a second SYSRST. The device again starts execution from 0x0 mapped to flash, and the CSC executes a second time. This time, the CSC finds that INITDONE has already been issued previously (this is determined by reading the SYSCTL.SECCFG.SECSTATUS.INITDONE bit) and directly calls the main application.

Note:

Please refer to the Security chapter in the MSPM0 L-Series 32MHz Microcontrollers Technical Reference Manual for further details of register configuration.

The secure execution flow is the path where CSC_EXISTS = YES. In this case, an observation is that after BOOTRST, two SYSRSTs are issued before the main application is launched. After first SYSRST, the customer startup code gets to execute. This configures security and issues INITDONE. At this point, the security configuration is locked and enforced. A second SYSRST is issued at this point, restarting startup code execution. At the second SYSRST, since INITDONE is YES, the main application is launched.

Secure Boot and Start SequenceFigure 2-3 Secure Boot and Start Sequence

Use bank swap function for example, CSC specifies which bank holds the more recent authenticated application image. If that bank is physical bank 0 (same bank as where CSC is executing from), then bank 1 is read-write only and does not have execute privilege. If the correct application image is determined to be on physical bank 1, then the CSC must issue a bank-swap request. Besides image authentication, the CSC sets up additional security configurations that are described later in this document. The CSC indicates the end of CSC execution by writing to the SYSCTL.SECCFG.INITDONE register with a PASS value (0x1) along with a KEY value of 0x9d. Successfully writing to the INITDONE register results in a second SYSRST operation during which the bank-swap takes effect, as well as any additional security configurations. The next section describes how to implement bank swap function in details.