SPRY303F May   2019  â€“ February 2025 AM3351 , AM3352 , AM3354 , AM3356 , AM3357 , AM3358 , AM3358-EP , AM3359 , AM4372 , AM4376 , AM4377 , AM4378 , AM4379 , AM5706 , AM5708 , AM5746 , AM5748 , AM623 , AM625 , AM625-Q1 , AM625SIP , AM62A1-Q1 , AM62A3 , AM62A3-Q1 , AM62A7 , AM62A7-Q1 , AM62L , AM62P , AM62P-Q1 , AM6411 , AM6412 , AM6421 , AM6422 , AM6441 , AM6442 , AM6526 , AM6528 , AM6546 , AM6548 , AM68 , AM68A , AM69 , AM69A , DRA821U , DRA821U-Q1 , DRA829J , DRA829J-Q1 , DRA829V , DRA829V-Q1 , TDA4VM , TDA4VM-Q1

 

  1.   1
  2.   Introduction
  3.   Risk management
  4.   What to protect?
  5.   How much security?
  6.   Architectural considerations
  7.   The security pyramid
  8.   Secure boot
  9.   Cryptographic acceleration
  10.   Device-ID and keys
  11.   Debug security
  12.   Trusted execution environment
  13.   External memory protection
  14.   Network security
  15.   Secure storage
  16.   Initial secure programming
  17.   Secure firmware and software updates
  18.   Software Intellectual Property (IP) protection
  19.   Physical security
  20.   Enclosure protection
  21.   Where to start with embedded security?
  22.   Security enablers for TI application processors
  23.   Conclusion
  24.   References

Where to start with embedded security?

The fundamental basis for the security of an embedded multicore application processor begins in hardware. If the hardware is not secure, no amount of security software will assist in making it so. Assuming security features are built into the hardware, the first place to look to begin building a security subsystem is in the first software that will execute following power up, the boot code. If the booting process cannot be authenticated, then no other software running on the system can be either. So, securing the boot process is the fulcrum upon which all of the security in the system depends.

A secure boot process establishes the root-of- trust, which is the goal of every security subsystem. Establishing a root-of-trust through a secure boot process helps to ensure the integrity of the system and guards against hackers taking over any part of the system. This also helps protect customer software in the system and acts as an anti-cloning barrier so the system or any part of it cannot be copied.

Usually, a secure boot process involves programming a public cryptographic key into non-volatile, one-time-programmable memory somewhere in the system. Then, this public key must be matched up with private/public keys associated with the boot code to authenticate the validity of the encrypted boot code before execution begins. Booting firmware can either be loaded into the embedded processor’s RAM or, for added security; can be secured and executed-in-place out of memory external to the embedded processor. Some firmware images are made up of various components or modules. Requiring authentication before decrypting and executing each module enhances boot security.