So if an ELF executable defines only cmac_sb_1 and cmac_all, then only those two CMAC tags will be generated and populated in the generated hex output file.FlashBoot is a tool to make USB storage devices bootable. The hex conversion utility applies the CMAC algorithm only to CMAC regions that have global symbols defined. No changes are made to the original input ELF executable. The CMAC algorithm is applied prior to the hex conversion. However, it must not be located within any secure flash boot regions, because the ROM CMAC implementation on the devices does not support this. The LOCATION address for cmac_all can be user-specified. The LOCATION entries for cmac_sb_1 through cmac_sb_4 are at fixed addresses. LOCATION pragmas are required to place symbols at the required memory locations.
FLASHBOOT CODE
RETAIN pragmas are required in the C code if these symbols are not accessed in the application code. If the start and end members are non-zero, then the CMAC algorithm is instead applied between the specified addresses. The hex conversion utility populates the start and end memory locations with the addresses input from the HEX directive entry. If the start and end CMAC_TAG struct members are zero, then the CMAC algorithm runs over entire memory region specified in the HEX directive. The cmac_all symbol stores the CMAC tag for the flexible user-specified region. The four secure flash boot region CMAC tags are stored in the cmac_sb_1 through cmac_sb_4 symbols. The flexible region can encompass the entire allocated region as input in the HEX directive or user-specified start/end addresses defined in C code.Ĭ code definitions like the following are required to reserve space for the CMAC tag symbols. The CMAC feature uses four secure flash boot memory regions that are hardcoded for start/end/tag addresses, and one flexible CMAC region. Use a 128-bit aligned length and specify the optional fill value. Specify a HEX directive with one entry that represents all the allocated flash memory. Because of this assumption, you should also set -fill=0xFFFFFFFF when using the -boot and -cmac options together. If you use the -boot option (and other boot table options described in Building a Table for an On-Chip Boot Loader) with the -cmac option, the CMAC algorithm assumes that a fill value of 1 is used for gaps between boot table regions. If you use the -image option, set both -memwidth and -romwidth to the same value. Use either the -image option or the -load_image option when using the -cmac option. For example, the following file contents represent CMACKEY registers containing key0=0x7c0b7db9, key1=`0x811f10d0`, key2=`0x0e476c7a`, and ke圓=`0x0d92f6e0`: The CMAC key in the file specified by the -cmac command-line option must use the format 0xkey0key1key2ke圓 in order to access the device registers for CMACKEY0-3.
The file should contain a 128-bit hex CMAC key. In order to apply the CMAC algorithm to the appropriate regions in allocated memory, use the hex conversion utility as follows:
FLASHBOOT MANUAL
See the TMS320F2838x Microcontrollers Technical Reference Manual ( SPRUII0) for further details about secure flash boot and the CMAC algorithm. If authentication passes, the boot flow continues and branches to flash to begin executing the application. During secure flash boot, the calculated CMAC tag is compared to the golden CMAC tag in flash to determine the pass/fail status of the CMAC authentication. Additionally, you must calculate a golden CMAC tag based on the 16 KB flash memory range and store it along with the application code at a hardcoded address in flash. The CMAC calculation requires a 128-bit key that you define. The flash authentication uses CMAC to authenticate 16 KB of flash. The difference is that this branch occurs only after the flash memory contents have been authenticated. Secure flash boot is similar to the regular flash boot mode in that the boot flow branches to the configured memory address in flash. The secure flash boot applies the Cipher-based Message Authentication Protocol (CMAC) algorithm to verify CMAC tags for regions of allocated memory. The hex conversion utility supports the secure flash boot capability provided by TMS320F2838x devices, which have both C28 and Arm cores. Using Secure Flash Boot on TMS320F2838x Devices ¶
0 kommentar(er)
