SPRT788 May   2025 AM2612 , AM2612-Q1 , AM2631 , AM2631-Q1 , AM2632 , AM2632-Q1 , AM2634-Q1 , AM263P2-Q1 , AM263P4 , AM263P4-Q1

 

  1.   1
  2. 1Security Goals of AM26x Devices
  3. 2Software Components Delivered by TI
  4. 3Device Lifecycle and Provisioning Flow
  5. 4TI's AM26xx OTP Key Writer Package
    1. 4.1 List of Features Supported by OTP Key Writer Flow
  6. 5TI Foundational Software for MCU devices
    1. 5.1 List of NIST Standards and References
  7. 6List of Valid Devices

5 TI Foundational Software for MCU devices

What is TIFS-MCU ?

TIFS stands for Texas Instruments Foundational Security for AM26xx SoCs. It provides device root of trust and foundational security services. The HSM or hardware security module consists of a secure core based secure subsystem.

TIFS-MCU serves as an add-on package on top of MCU+ SDK offering for AM26xx devices like AM263x/AM263Px/AM261x. TIFS-MCU enables a baremetal security stack on secure CPU that can be leveraged by the user too.

  1. Develop device root of trust and provide foundational security services
  2. Integrate with 3P Auto-HSM stacks

TIFS-MCU is not a replacement for AUTOSAR-HSM stack. TIFS-MCU enables foundational security SW with all the building blocks required for root-of-trust within the device and utilizes various services. TIFS-MCU can be easily integrated by AUTOSAR-HSM stack vendors to develop HSM stacks that adhere to SHE/EVITA standards.

Table 1 List of Features Supported by HSSE Based Secure Boot (Supported by ROM)

Features of Secure Boot

Algorithm Supported (AM263x/AM263Px)

Algorithm Supported (AM261x)

Support available in 10.02.00

HSM Run Time Firmware Boot

  • Certificate verification

  • RSA-4K

  • Decryption Support

  • AES-CBC-256

  • Certificate verification

  • RSA-4K

  • ECDSA (secp256r1)

  • ECDSA (secp384r1)

  • ECDSA (secp521r1)

  • ECDSA (brainpool512r1)

  • Decryption Support

  • AES-CBC-256

Yes

SBL Boot

  • Certificate verification

  • RSA-4K

  • Decryption Support

  • AES-CBC-256

  • Certificate verification

  • RSA-4K

  • ECDSA (secp256r1)

  • ECDSA (secp384r1)

  • ECDSA (secp521r1)

  • ECDSA (brainpool512r1)

  • Decryption Support

  • AES-CBC-256

Yes

Table 2 List of Features Supported by HSSE Based Secure Boot (Support by TIFS-MCU)

Features of Secure Boot

Algorithm Supported (AM263x)

Algorithm Supported (AM263Px)Algorithm Supported (AM261x)

Support Available in 10.02.00

RAM based Multi Core Application Boot through Root Keys

  • Certificate verification

  • RSA-4K

  • Decryption Support

  • AES-CBC-256

  • Certificate verification

  • RSA-4K

  • Decryption Support

  • AES-CBC-256

  • Certificate verification

  • RSA-4K

  • ECDSA (secp256r1)

  • ECDSA (secp384r1)

  • ECDSA (secp521r1)

  • ECDSA (brainpool512r1)

  • Decryption Support

  • AES-CBC-256

Yes

XiP based Multi Core Application Boot through Root Keys

  • XiP not supported on AM263x

  • MAC Support via Root Keys

  • AES-GCM-128

  • Decryption Support via Root Keys

  • AES-CTR-128

  • MAC Support via Root Keys

  • AES-GCM-128

  • Decryption Support via Root Keys

  • AES-CTR-128

Yes

RAM based Multi Core Application Boot through Auxilary Keys

  • Certificate verification (with different SHA options)

  • RSA-4K

  • ECDSA (secp256r1)

  • ECDSA (secp384r1)

  • ECDSA (secp521r1)

  • ECDSA (brainpool512r1)

  • Decryption Support

  • AES-CBC-256

  • Certificate verification (with different SHA options)

  • RSA-4K

  • ECDSA (secp256r1)

  • ECDSA (secp384r1)

  • ECDSA (secp521r1)

  • ECDSA (brainpool512r1)

  • Decryption Support

  • AES-CBC-256

  • Certificate verification (with different SHA options)

  • RSA-4K

  • ECDSA (secp256r1)

  • ECDSA (secp384r1)

  • ECDSA (secp521r1)

  • ECDSA (brainpool512r1)

  • Decryption Support

  • AES-CBC-256

Yes

XiP based Multi Core Application Boot through Auxilary Keys

  • XiP not supported on AM263x

  • MAC Support via Auxilary Keys

  • AES-GCM-128

  • Decryption Support via Auxilary Keys

  • AES-CTR-128

  • MAC Support via Auxilary Keys

  • AES-GCM-128

  • Decryption Support via Auxilary Keys

  • AES-CTR-128

Yes

For more details on secure boot time on AM26x devices are available in the list of links.
Table 3 List of Software Deliverables for Secure Programming flow
List of Software ComponentsSoftware TypeOPNDelivery LocationSource Available in 10.02.00

SBL Keywriter

Example

AM263X_RESTRICTED_SECURITY

Secure Resources

Yes

AM263PX_RESTRICTED_SECURITY

AM261x-TIFS-SDK

Uart Bootloader

Tool for -

  • Windows
  • Linux
  • MacOS

MCU_PLUS_SDK

ti.com

Yes

Uart Uniflash

Tool for -

  • Windows
  • Linux
  • MacOS

MCU_PLUS_SDK

ti.com

Yes

OTP Key Writer Certificate Generation

Python tool

AM263X_RESTRICTED_SECURITY

Secure Resources

Yes

AM263PX_RESTRICTED_SECURITY

AM261x-TIFS-SDK

OTP KW HSM firmware

Encrypted and signed with TI Keys

AM263X_RESTRICTED_SECURITY

Secure Resources

No

AM263PX_RESTRICTED_SECURITY

AM261x-TIFS-SDK

SBL and HSM signing tool

Python tool

MCU_PLUS_SDK

Secure Resources

Yes

App signing tool

Python tool

MCU_PLUS_SDK

Secure Resources

Yes

Native services provided by TIFS-MCU

Top Security Features of TIFS-SDK of AM26x DevicesFigure 2 Top Security Features of TIFS-SDK of AM26x Devices

Software block diagram of TIFS-MCU

AM261x SW Block DiagramFigure 3 AM261x SW Block Diagram
Table 4 TIFS-MCU Software Components

TIFS-MCU Software Components

Description

OS Kernel

No RTOS

Contains modules which implement no-RTOS execution environment consisting of timers, ISR, main thread. Allows software on top to run in bare metal mode. Note - HSM Server is only supported in NORTOS.

Driver Porting Layer (DPL)

APIs used by drivers to abstract the OS environment. Example, Semaphore, HW interrupts, mutex, clock.

Security Device Drivers and Modules

TIFS-MCU Peripheral Drivers

Device Drivers library and APIs for HSM.

List of SOC Peripheral Driver:

  • HSM MBOX and Secure IPC
  • Crypto Drivers
  • HSM Flash
  • Security Manager
  • Firewall

TIFS-MCU Middle-ware

TIFS-MCU middleware that are supported in TIFS-MCU package

List of Middleware:

  • HSM Server
  • HSM Memory Log
  • ASN1 Parser and Certificate Parser
  • Key Derivation
  • Crypto Interface

TIFS-MCU Services

TIFS-MCU middleware that are supported in TIFS-MCU package

List of HSM Services:

  • HSM Get Version Service
  • HSM Get UID Service
  • HSM Run Time Debug Authentication Service
  • HSM Derived KEK Service
  • HSM Random Number Generate Service
  • HSM Runtime Firewall Service
  • HSM Extended OTP Service
  • HSM Anti Rollback Service
  • HSM Root of Trust Switch Service
  • HSM Proc Auth Boot Service (single/streaming)
  • HSM Key Import Service
  • HSM OTFA Service

TIFS-MCU Firmware

Out of Box Example implementation of TIFS-MCU firmware with all the mentioned services enabled

Examples and Demos

Examples and Demos

List of HSM Examples:

  • HSM Get Version Example

  • Debug Authentication Example

  • Extended OTP Examples

  • Run-time Firewall Example

  • Firewall Interrupt Service Example

  • Anti Rollback Example

  • Derived KEK Example

  • RNG Example

  • Encryption/Decryption Cryptograhic Examples

  • Hashing Cryptograhic Examples

  • Asymmetric Cryptograhic Examples

Tools (used on host machine)

Code Composer Studio (CCS)

IDE used to build projects, debug programs

TI CLANG Compiler Toolchain

CLANG based ARM compiler from TI for ARM M4F, R5F

SysConfig

System configuration tool, used to configure peripherals, pinmux, clocks and generate system initialization code

SDK Tools and Utilities

Additional tools and utilities, like flashing tools, booting tools, CCS loading scripts used with the SDK development flow

OTP Keywriter

OTP Keywriter is used to fuse customer keys into the device and convert HS-FS to HS-SE to establish customer root-of-trust.

TIFS-MCU tools

Tools and scripts to leverage the services provided via

Table 5 HSM Services Supported in 10.02 Release
ServicesDescriptionExamples Available

HSM Get Version Service

HSM GetVersion service is to get the current TIFS-MCU Firmware version

Yes

HSM Get UID Service

When TIFS-MCU Firmware receives a request to GetUID from HSM Server, the UID is copied from secure memory to the output memory location requested by the user.

Yes

HSM Run Time Debug Authentication Service

To unlock the debug port during the run-time, you need an X509 certificate signed with private keys. This service is used to provide the signed certificate to TIFS-MCU Firmware for processing.

Yes

HSM Derived KEK Service

TIFS-MCU provides this service to get a derived KEK based on some input constants.

  • This key is unique for every unit device and is kept secret.

  • This key cannot be fetched from hardware in any manner.

Yes

HSM Random Number Generate Service

TIFS-MCU provides this service to get a random number from the given input constants.

Yes

HSM Runtime Firewall ServiceTIFS-MCU provides this service to program the system firewalls controlled by HSM only for protection, isolation etc.

Yes

HSM Extended OTP ServiceTIFS-MCU provides this service to program general purpose or user defined OTP row programming.

Yes

HSM Anti Rollback ServiceTIFS-MCU provides this service to program SW revisions in the eFuses to prevent Anti-Rollback to previous software in the system.Yes
HSM Root of Trust Switch ServiceTIFS-MCU provides this service to change the root of trust switch from the primary key to backup key.

Yes

HSM Proc Auth Boot ServiceTIFS-MCU provides the Proc Auth Boot service to authenticate and decrypt the application images signed with root or auxillary keys.

Yes (part of SBL in MCU+ SDK)

HSM Key Import ServiceTIFS-MCU provides the Key import service to import the Auxillary keys into the system.Yes (part of SBL in MCU+ SDK)
HSM OTFA ServiceTIFS-MCU provides the OTFA service to configure the OTFA regions based on root as well as auxiliary keys.Yes (part of SBL in MCU+ SDK)
Table 6 Crypto HW Accelerators and Modes Supported
Crypto CoreSupport Available in SW DriverExamples AvailableSpecification

AES

Encryption and Decryption

  • 128,192 and 256 bits Keys

  • ECB, CBC, CCM, CTR, CFB

  • One-Shot + Streaming Mode

  • CPU Polling Mode

  • EDMA Mode (Polling)

Yes

AES

MAC Generation and Verification

  • 128,192 and 256 bits Keys

  • CCM, CBC-MAC, CMAC

  • One-Shot + Streaming Mode

  • CPU Polling Mode

  • EDMA Mode (Polling)

Yes

SHA

Hasing Algorithm

  • SHA256, SHA512

  • HMAC SHA-256, HMAC SHA-512

  • One-Shot + Streaming Mode

  • CPU Polling Mode

  • EDMA Mode (Polling)

Yes

RSA

Encryption and Decryption Signing and Verification

  • RSA 2048, 3072, 4096 bit

  • RSA PKCS1_5, PSS2_1

  • CPU Polling Mode

RSA PKCS1_5 with 4K only

RSA

Key Generation Service

  • RSA 2048, 3072, 4096 bit

  • CPU Polling Mode

Example with 4096 bit key only

(only for AM261x)

ECDSA

Signing and Verification

  • SECP256, SECP384, SECP521

  • BRAINPOOL-P512

  • CPU Polling Mode

Yes

ECDSA

Key Generation Service

  • SECP256, SECP384, SECP521

  • BRAINPOOL-P512

  • CPU Polling Mode

Yes

EDDSA

Signing and Verification

  • ED25519

  • CPU Polling Mode

Yes

ECDH

  • SECP256, SECP384, SECP521

  • BRAINPOOL-P512

  • CPU Polling Mode

Yes

(only for AM261x)