SPRY303F May   2019  – February 2025 AM3351 , AM3352 , AM3354 , AM3356 , AM3357 , AM3358 , AM3358-EP , AM3359 , AM4372 , AM4376 , AM4377 , AM4378 , AM4379 , AM5706 , AM5708 , AM5746 , AM5748 , AM623 , AM625 , AM625-Q1 , AM625SIP , AM62A1-Q1 , AM62A3 , AM62A3-Q1 , AM62A7 , AM62A7-Q1 , AM62L , AM62P , AM62P-Q1 , AM6411 , AM6412 , AM6421 , AM6422 , AM6441 , AM6442 , AM6526 , AM6528 , AM6546 , AM6548 , AM68 , AM68A , AM69 , AM69A , DRA821U , DRA821U-Q1 , DRA829J , DRA829J-Q1 , DRA829V , DRA829V-Q1 , TDA4VM , TDA4VM-Q1

 

  1.   1
  2.   Introduction
  3.   Risk management
  4.   What to protect?
  5.   How much security?
  6.   Architectural considerations
  7.   The security pyramid
  8.   Secure boot
  9.   Cryptographic acceleration
  10.   Device-ID and keys
  11.   Debug security
  12.   Trusted execution environment
  13.   External memory protection
  14.   Network security
  15.   Secure storage
  16.   Initial secure programming
  17.   Secure firmware and software updates
  18.   Software Intellectual Property (IP) protection
  19.   Physical security
  20.   Enclosure protection
  21.   Where to start with embedded security?
  22.   Security enablers for TI application processors
  23.   Conclusion
  24.   References

What to protect?

Anything of value could be subject to attack. And, of course, depending on the perspective and intent of the hacker, just about everything could be perceived as valuable. At the crudest level, the mere thrill of breaking into a system has value for a large portion of the hacker community. Most hackers are not innocuous thrill seekers. Many hackers would not hesitate to dip into an electronic wallet or steal financial information like credit card and bank account numbers for fraudulent use. IP can be stolen for sale or competitive advantage, while government secrets could be misappropriated and applied to disrupt, damage or destroy transportation systems, water suppliers, energy distribution networks, nuclear power plants and other aspects of a country’s public infrastructure.

Of course, all of these valuables must be protected, but before that can happen, the security system itself must be secure. For embedded systems, the security elements within the system and what it protects must be safeguarded. At the most basic level, this means securing the cryptographic keys and identity that are used to validate software, users and connectivity links. It also means ensuring the integrity of the software running on every system or node in a network. This requires visibility into and control over the boot-up and run-time software on even the most unassuming node in a network or on the Internet.