SPRY303F May   2019  â€“ February 2025 AM3351 , AM3352 , AM3354 , AM3356 , AM3357 , AM3358 , AM3358-EP , AM3359 , AM4372 , AM4376 , AM4377 , AM4378 , AM4379 , AM5706 , AM5708 , AM5746 , AM5748 , AM623 , AM625 , AM625-Q1 , AM625SIP , AM62A1-Q1 , AM62A3 , AM62A3-Q1 , AM62A7 , AM62A7-Q1 , AM62L , AM62P , AM62P-Q1 , AM6411 , AM6412 , AM6421 , AM6422 , AM6441 , AM6442 , AM6526 , AM6528 , AM6546 , AM6548 , AM68 , AM68A , AM69 , AM69A , DRA821U , DRA821U-Q1 , DRA829J , DRA829J-Q1 , DRA829V , DRA829V-Q1 , TDA4VM , TDA4VM-Q1

 

  1.   1
  2.   Introduction
  3.   Risk management
  4.   What to protect?
  5.   How much security?
  6.   Architectural considerations
  7.   The security pyramid
  8.   Secure boot
  9.   Cryptographic acceleration
  10.   Device-ID and keys
  11.   Debug security
  12.   Trusted execution environment
  13.   External memory protection
  14.   Network security
  15.   Secure storage
  16.   Initial secure programming
  17.   Secure firmware and software updates
  18.   Software Intellectual Property (IP) protection
  19.   Physical security
  20.   Enclosure protection
  21.   Where to start with embedded security?
  22.   Security enablers for TI application processors
  23.   Conclusion
  24.   References

Architectural considerations

Many security subsystems are architected in layers and take advantage of compartmentalization. Deploying security measures in layers has a cumulative effect on the security of the system because each layer can certify the security of the layer below or above it before any action is taken. Compartmentalization is important for ensuring run-time security of software running on the system and it gives designers the ability to tailor security measures depending on the relative value of the resource or process being protected.

Embedded security starts in hardware. Coupling software and hardware security features together enables a more secure layer of protection than either solution working independently. In addition, the tools provided by vendors can streamline the development of security subsystems and ensure that the resulting architecture meets the developers’ requirements. For example, hardware-based security accelerators can mitigate performance cost of a security subsystem.

Of course, the strength of a security architecture will depend on the foundation upon which it is built. Three aspects of the foundational layer are essential: a secure boot process, hardware-based device ID/keys and cryptographic acceleration.