The HSM or Hardware security Module is a subsystem that acts as the secure host by offering security services to the rest of the system. TI offers HS-FS (High Security - Field Securable) as the primary device for the customers. The MCU+ SDK supports HS-FS device type for AM263x/AM263Px. It supports loading the HSM firmware (TIFS-MCU) via SBL (Secondary Boot Loader), which enables access to the hardware resources for cryptographic operations for R5FSS.
The SBL for AM263x/AM263Px/AM273x supports for loading firmware on the HSM. The firmware is provided in an encrypted form at source/security/security_common/drivers/hsmclient/soc/am263x/hsmRtImg.h
. The function Bootloader_socLoadHsmRtFw
sends a message to ROM and ROM loads the HSM firmware. After the HSM firmware is loaded and has done its init time operations, it sends a message to the SBL called HSM_MSG_BOOT_NOTIFY
.
HSMRt does the following firewall configurations. These configurations gives necessary access of various memory regions to host cores.
Firewall/MPU | Programmable Region Num. | Start Address | End Address | AID/privID permissions | SR | SW | SX | UR | UW | UX | NS | Debug | Comments |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
FW HSM_SLV | 0 | 0x44000400 | 0x44000800 | HSM, R5FSS0_0, R5FSS0_1 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | HSM MBOX region R5->HSM queues |
1 | 0x44000000 | 0x44000400 | R5FSS0_0, R5FSS0_1 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | HSM MBOX region HSM->R5 queues | |
2 | 0x40020000 | 0x4011FFFF | R5FSS0_0, R5FSS0_1, R5FSS1_0, R5FSS1_1 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | MPU Region Space | |
3 | 0x40140000 | 0x4023FFFF | R5FSS0_0, R5FSS0_1, R5FSS1_0, R5FSS1_1 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | MPU Region Space | |
4 | 0x40260000 | 0x402E03FF | R5FSS0_0, R5FSS0_1, R5FSS1_0, R5FSS1_1 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | MPU Region Space | |
FW DTHE_SLV | 0 | 0xCE007000 | 0xCE0073FF | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | HSM AES (public context) |
1 | 0xCE005000 | 0xCE0053FF | All AIDs can acces | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | HSM SHA (public context) | |
2 | 0xCE000000 | 0xCEFFFFFF | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | HSM DTHE and Crpyto | |
3 | 0xCE000800 | 0xCE000FFF | All AIDs can acces | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | HSM DTHE and Crpyto | |
FW SCRM2SCRP0 | 0 | 0x53600000 | 0x53600400 | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | Secure Asset and is protected during runtime |
1 | 0x50000000 | 0x53600000 | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | To access peripheral region master side MPU | |
FW SCRM2SCRP1 | 0 | 0x53600000 | 0x53600400 | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | Secure Asset and is protected during runtime |
1 | 0x50000000 | 0x53600000 | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | To access peripheral region master side MPU | |
FW R5SS0_CORE0_AHB_MST | 0 | 0x53600000 | 0x53600400 | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | Secure Asset and is protected during runtime |
1 | 0x50000000 | 0x53600000 | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | To access peripheral region master side MPU | |
FW R5SS0_CORE1_AHB_MST | 0 | 0x53600000 | 0x53600400 | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | Secure Asset and is protected during runtime |
1 | 0x50000000 | 0x53600000 | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | To access peripheral region master side MPU | |
FW R5SS1_CORE0_AHB_MST | 0 | 0x53600000 | 0x53600400 | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | Secure Asset and is protected during runtime |
1 | 0x50000000 | 0x53600000 | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | To access peripheral region master side MPU | |
FW R5SS1_CORE1_AHB_MST | 0 | 0x53600000 | 0x53600400 | HSM | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | Secure Asset and is protected during runtime |
1 | 0x50000000 | 0x53600000 | All AIDs can access | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | To access peripheral region master side MPU |
By default, the access to the crypto resources are firewalled on HS-FS devices. The HSM firmware so loaded, bypasses the firewalls and makes the following crypto modules available for the R5FSS to use.
This provides ability for the R5F core to be able to do the following computations:
SBL should always wait for HSM_MSG_BOOT_NOTIFY
before using the crypto accelerator because HSM firmware initializes these firewalls. Failing to do so, the SBL or application may run into abort exception while accessing the MMR regions for the crypto accelerator.
The TIFS-MCU firmware that gets loaded on HSM provides the variety of services. For more information refer HSM client
This page links to sub modules that enable authentication, data integrity and its confidentiality with the on-chip hardware accelarators.
The cryptographic accelarator on this device is supported via these modules in the SDK: