Device Lifecycle and Provisioning Flow

The flow is also explained in Enabling Cybersecurity for High Performance Real-Time Control Systems.

Figure 2 F29x Device Provisioning Flow

Stage 1:

User is delivered the device in HSFS (Field Secure) state. The device contains TI keys provisioned. In this state, the HSM core only executes a code which is encrypted and signed with TI keys.

Stage 2:

TI supports provisioning of user keys by using a key provisioning package (in a trusted environment), with user keys encrypted and signed using the TI keys. This key certificate is then securely transmitted using the flash kernel example and host programmer tool. Confidentiality of the user keys is maintained throughout the process that allows users to replicate the process even in a non-secure environment. Once user encryption keys are provisioned, the life-cycle of the device is changed to HSKP (Key Provisioned) state.

Stage 3:

Now as the device is in HSKP state, the application code can be programmed into the device. The code provisioning is then encrypted and signed with user keys. This is also securely transmitted using the flash kernel and the host programmer. The user code which is suppose to be provisioned into the HSM or C29 flash is encrypted and signed using the user keys that are available in the device secure storage. Once all the required images for example HSM Code, C29 Code, and Secure Config (SecCfg) are provisioned, the device is converted to HSSE state. HSSE (Security Enforced) life-cyle of device maintains that the code is always a secure boot.

TI Security software components

TI delivers 2 primary software components as part of TIFS-SDK:

• One-Time Programmable (OTP) Key Provisioning Package
• TI-Foundational Security for MCU devices Add-on Package