[processor-sdk/pdk.git] / packages / ti / drv / sciclient / soc / sysfw / binaries / system-firmware-public-documentation / 6_topic_user_guides / security_handover.html
3 <!DOCTYPE html>
4 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
5 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
6 <head>
7 <meta charset="utf-8">
9 <meta name="viewport" content="width=device-width, initial-scale=1.0">
11 <title>Performing Security Handover — TISCI User Guide</title>
16 <link rel="shortcut icon" href="../_static/favicon.ico"/>
29 <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
33 <link rel="stylesheet" href="../_static/theme_overrides.css" type="text/css" />
37 <link rel="index" title="Index"
38 href="../genindex.html"/>
39 <link rel="search" title="Search" href="../search.html"/>
40 <link rel="top" title="TISCI User Guide" href="../index.html"/>
41 <link rel="up" title="Chapter 6: Topic User Guides" href="index.html"/>
42 <link rel="next" title="Secure Debug User Guide" href="secure_debug.html"/>
43 <link rel="prev" title="SA2UL Access Outside of SYSFW" href="sa2ul_access.html"/>
46 <script src="../_static/js/modernizr.min.js"></script>
48 </head>
50 <body class="wy-body-for-nav" role="document">
51 <header id="tiHeader">
52 <div class="top">
53 <ul>
54 <li id="top_logo">
55 <a href="http://www.ti.com">
56 <img src="../_static/img/ti_logo.png"/>
57 </a>
58 </li>
59 </ul>
60 </div>
61 <div class="nav"></div>
62 </header>
63 <div class="wy-grid-for-nav">
66 <nav data-toggle="wy-nav-shift" class="wy-nav-side">
67 <div class="wy-side-scroll">
68 <div class="wy-side-nav-search">
72 <a href="../index.html" class="icon icon-home"> TISCI
76 </a>
81 <div class="version">
82 08.04.02
83 </div>
88 <div role="search">
89 <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
90 <input type="text" name="q" placeholder="Search docs" />
91 <input type="hidden" name="check_keywords" value="yes" />
92 <input type="hidden" name="area" value="default" />
93 </form>
94 </div>
97 </div>
99 <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
103 <ul class="current">
104 <li class="toctree-l1"><a class="reference internal" href="../1_intro/index.html">Chapter 1: Introduction</a></li>
105 <li class="toctree-l1"><a class="reference internal" href="../2_tisci_msgs/index.html">Chapter 2: TISCI Message Documentation</a></li>
106 <li class="toctree-l1"><a class="reference internal" href="../3_boardcfg/index.html">Chapter 3: Board Configuration</a></li>
107 <li class="toctree-l1"><a class="reference internal" href="../4_trace/index.html">Chapter 4: Interpreting Trace Data</a></li>
108 <li class="toctree-l1"><a class="reference internal" href="../5_soc_doc/index.html">Chapter 5: SoC Family Specific Documentation</a></li>
109 <li class="toctree-l1 current"><a class="reference internal" href="index.html">Chapter 6: Topic User Guides</a><ul class="current">
110 <li class="toctree-l2"><a class="reference internal" href="devgrp_usage.html">Device Group Primer</a></li>
111 <li class="toctree-l2"><a class="reference internal" href="domgrp_usage.html">Domain Group Primer</a></li>
112 <li class="toctree-l2"><a class="reference internal" href="secure_boot_signing.html">Signing binaries for Secure Boot on HS Devices</a></li>
113 <li class="toctree-l2"><a class="reference internal" href="hs_boardcfg_signing.html">Signing Board Configuration on HS devices</a></li>
114 <li class="toctree-l2"><a class="reference internal" href="extended_otp.html">Using Extended OTP on HS devices</a></li>
115 <li class="toctree-l2"><a class="reference internal" href="dkek_management.html">Using Derived KEK on HS devices</a></li>
116 <li class="toctree-l2"><a class="reference internal" href="firewall_faq.html">Firewall FAQ</a></li>
117 <li class="toctree-l2"><a class="reference internal" href="sa2ul_access.html">SA2UL Access Outside of SYSFW</a></li>
118 <li class="toctree-l2 current"><a class="current reference internal" href="#">Performing Security Handover</a><ul>
119 <li class="toctree-l3"><a class="reference internal" href="#board-configuration">Board configuration</a></li>
120 <li class="toctree-l3"><a class="reference internal" href="#normal-runtime-operation">Normal runtime operation</a></li>
121 <li class="toctree-l3"><a class="reference internal" href="#triggering-security-handover">Triggering security handover</a></li>
122 <li class="toctree-l3"><a class="reference internal" href="#post-security-handover">Post Security handover</a></li>
123 <li class="toctree-l3"><a class="reference internal" href="#mcusram-bank-7-resource-usage-after-security-handover">MCUSRAM Bank 7 Resource usage after security handover</a></li>
124 </ul>
125 </li>
126 <li class="toctree-l2"><a class="reference internal" href="secure_debug.html">Secure Debug User Guide</a></li>
127 <li class="toctree-l2"><a class="reference internal" href="key_writer.html">Key Writer</a></li>
128 <li class="toctree-l2"><a class="reference internal" href="otp_revision.html">Run time read/write to KEYREV and SWREV</a></li>
129 </ul>
130 </li>
131 </ul>
135 </div>
136 </div>
137 </nav>
139 <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
142 <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
143 <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
144 <a href="../index.html">TISCI</a>
145 </nav>
149 <div class="wy-nav-content">
150 <div class="rst-content">
157 <div role="navigation" aria-label="breadcrumbs navigation">
158 <ul class="wy-breadcrumbs">
159 <li><a href="../index.html">Docs</a> »</li>
161 <li><a href="index.html">Chapter 6: Topic User Guides</a> »</li>
163 <li>Performing Security Handover</li>
164 <li class="wy-breadcrumbs-aside">
168 </li>
169 </ul>
170 <hr/>
171 </div>
172 <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
173 <div itemprop="articleBody">
175 <div class="section" id="performing-security-handover">
176 <h1>Performing Security Handover<a class="headerlink" href="#performing-security-handover" title="Permalink to this headline">¶</a></h1>
177 <div class="admonition note">
178 <p class="first admonition-title">Note</p>
179 <p class="last">This document is only applicable to devices AM64.</p>
180 </div>
181 <p>AM64 SOC is targeted towards usecases with limited runtime security
182 operations in steady state operation. When runtime security operations
183 are complete, it supports releasing the security resources to a host
184 designated via board configuration. This feature is called security
185 handover.</p>
186 <p>On AM64 device, security code uses the last 128 KB of MCUSRAM Bank 7 along with
187 some portion of DMSC internal memory. Security code also maintains control of
188 the security configuration region on the device from 0x45000000 to 0x45FFFFFF.
189 After the system initialization and all runtime security operations are
190 complete, a designated host on the system can trigger security handover
191 operation. After the security handover is complete, the part of memory used by security
192 code in MCUSRAM bank 7 is wiped and released to the system and part of memory
193 is retained for the firmware (Refer <a class="reference internal" href="#mcusram-resource-usage"><span class="std std-ref">MCUSRAM Bank 7 Resource usage after security handover</span></a>).
194 Of all security functionality, only processor boot control functionality is left running
195 out of DMSC IRAM. Control of system firewalls not protecting any secrets is handed over
196 to a designated host.</p>
197 <p>This document describes the steps that need to be performed for security handover.
198 This document must be read along side</p>
199 <ol class="arabic simple">
200 <li><a class="reference internal" href="../2_tisci_msgs/security/security_handover.html"><span class="doc">Security Handover Message Description</span></a> and</li>
201 <li><a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html"><span class="doc">Security Board Configuration</span></a>, specifically <a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html#pub-boardcfg-security-handover"><span class="std std-ref">Security Handover</span></a></li>
202 </ol>
203 <div class="section" id="board-configuration">
204 <h2>Board configuration<a class="headerlink" href="#board-configuration" title="Permalink to this headline">¶</a></h2>
205 <p>Security handover is controlled by board configuration
206 <a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html"><span class="doc">Security Board Configuration</span></a>, specifically
207 <a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html#pub-boardcfg-security-handover"><span class="std std-ref">Security Handover</span></a>.</p>
208 <p>There are two entries that the user needs to compulsorily specify.</p>
209 <ol class="arabic simple">
210 <li>ID of the host who will trigger the security handover.</li>
211 <li>ID of the host who will take control of a portion of the system firewalls.</li>
212 </ol>
213 <p>If the security handover functionality is not desired, both the above fields must be set to 0.
214 0 corresponds to the DMSC host ID.
215 Both these host ID’s are validated during security board configuration processing.
216 Please ensure that these fields are initialized correctly.</p>
217 <div class="figure">
218 <img alt="../_images/sec_handover_boardcfg.svg" src="../_images/sec_handover_boardcfg.svg" /></div>
219 </div>
220 <div class="section" id="normal-runtime-operation">
221 <h2>Normal runtime operation<a class="headerlink" href="#normal-runtime-operation" title="Permalink to this headline">¶</a></h2>
222 <p>During normal runtime operation, System Firmware processes all runtime security messages as described in
223 the TISCI documentation. Once all the runtime security operations are complete, the host described
224 in board configuration can trigger security handover.</p>
225 </div>
226 <div class="section" id="triggering-security-handover">
227 <h2>Triggering security handover<a class="headerlink" href="#triggering-security-handover" title="Permalink to this headline">¶</a></h2>
228 <div class="figure">
229 <img alt="../_images/sec_handover_during.svg" src="../_images/sec_handover_during.svg" /></div>
230 <p>Security handover is triggered by <a class="reference internal" href="../2_tisci_msgs/security/security_handover.html#sec-api-sec-handover"><span class="std std-ref">TISCI_MSG_SEC_HANDOVER</span></a>.
231 This TISCI message can only sent by the host specified in the board configuration.
232 The TISCI message request and response take no additional arguments as the
233 required information is included in the board configuration.</p>
234 <p>The above diagram shows the sequence of operation in M3 when the security handover
235 TISCI message is received. In the diagram, we are assuming that R5 has been specified
236 as the sender of the handover message.</p>
237 <p>In the last step in the diagram labelled as “Open firewall protecting the
238 firewall configuration”, the firewall is programmed to only allow the host
239 specified in the security board configuration <code class="docutils literal"><span class="pre">handover_to_host_id</span></code>.</p>
240 </div>
241 <div class="section" id="post-security-handover">
242 <h2>Post Security handover<a class="headerlink" href="#post-security-handover" title="Permalink to this headline">¶</a></h2>
243 <div class="figure">
244 <img alt="../_images/sec_handover_after.svg" src="../_images/sec_handover_after.svg" /></div>
245 <p>As most of the security functionality is removed to free up memory, processor
246 control functionality is the only security feature available after handover. In
247 processor control, secure boot API is not available. Any security TISCI messages
248 other than processor control functionality are NACKED.</p>
249 <p>Below is the list of supported processor control API.</p>
250 <table border="1" class="docutils">
251 <colgroup>
252 <col width="17%" />
253 <col width="83%" />
254 </colgroup>
255 <thead valign="bottom">
256 <tr class="row-odd"><th class="head">TISCI Message ID</th>
257 <th class="head">Message Name</th>
258 </tr>
259 </thead>
260 <tbody valign="top">
261 <tr class="row-even"><td>0xC000</td>
262 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-request-processor"><span class="std std-ref">TISCI_MSG_PROC_REQUEST</span></a>.</td>
263 </tr>
264 <tr class="row-odd"><td>0xC001</td>
265 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-release-processor"><span class="std std-ref">TISCI_MSG_PROC_RELEASE</span></a>.</td>
266 </tr>
267 <tr class="row-even"><td>0xC005</td>
268 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-handover-processor"><span class="std std-ref">TISCI_MSG_PROC_HANDOVER</span></a>.</td>
269 </tr>
270 <tr class="row-odd"><td>0xC100</td>
271 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-set-processor-configuration"><span class="std std-ref">TISCI_MSG_PROC_SET_CONFIG</span></a></td>
272 </tr>
273 <tr class="row-even"><td>0xC101</td>
274 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-set-processor-control"><span class="std std-ref">TISCI_MSG_PROC_SET_CONTROL</span></a></td>
275 </tr>
276 <tr class="row-odd"><td>0xC400</td>
277 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-get-processor-status"><span class="std std-ref">TISCI_MSG_PROC_GET_STATUS</span></a></td>
278 </tr>
279 <tr class="row-even"><td>0xC401</td>
280 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-wait-processor-status"><span class="std std-ref">TISCI_MSG_PROC_WAIT_STATUS</span></a></td>
281 </tr>
282 </tbody>
283 </table>
284 <p>The below processor control feature is not supported.</p>
285 <table border="1" class="docutils">
286 <colgroup>
287 <col width="17%" />
288 <col width="83%" />
289 </colgroup>
290 <thead valign="bottom">
291 <tr class="row-odd"><th class="head">TISCI Message ID</th>
292 <th class="head">Message Name</th>
293 </tr>
294 </thead>
295 <tbody valign="top">
296 <tr class="row-even"><td>0xC120</td>
297 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-authenticate-image-and-configure-processor"><span class="std std-ref">TISCI_MSG_PROC_AUTH_BOOT</span></a></td>
298 </tr>
299 </tbody>
300 </table>
301 <p>System Firmware continues to process and clear firewall exceptions to avoid distributing
302 this functionality among multiple cores.</p>
303 <p>On HS devices, System Firmware firewalls the SA2UL for use during secure boot. This
304 firewall is not opened by System Firmware during security handover. However the host
305 specified in the security board configuration can open the SA2UL firewalls as
306 required.</p>
307 <p>Any resource management ring configuration API are also unavailable after security
308 handover as they internally invoke ISC configuration API.</p>
309 <div class="admonition warning">
310 <p class="first admonition-title">Warning</p>
311 <p class="last">Any resource management ring configuration API are also unavailable after
312 security handover as they internally invoke ISC configuration API.</p>
313 </div>
314 </div>
315 <div class="section" id="mcusram-bank-7-resource-usage-after-security-handover">
316 <span id="mcusram-resource-usage"></span><h2>MCUSRAM Bank 7 Resource usage after security handover<a class="headerlink" href="#mcusram-bank-7-resource-usage-after-security-handover" title="Permalink to this headline">¶</a></h2>
317 <p>Post security handover, firmware uses last 48KB memory of MCUSRAM Bank 7. The rest of
318 the MCUSRAM bank 7 memory will be available for application use. MCUSRAM bank 7 is
319 protected by regions of firewall ID 24, and the below table shows firewall 24 reserved/locked
320 regions for System Firmware after security handover.</p>
321 <table border="1" class="docutils">
322 <colgroup>
323 <col width="22%" />
324 <col width="30%" />
325 <col width="25%" />
326 <col width="22%" />
327 </colgroup>
328 <thead valign="bottom">
329 <tr class="row-odd"><th class="head">Firewall ID</th>
330 <th class="head">Region</th>
331 <th class="head">Start Address</th>
332 <th class="head">End Address</th>
333 </tr>
334 </thead>
335 <tbody valign="top">
336 <tr class="row-even"><td>24</td>
337 <td>1</td>
338 <td>0x44077000</td>
339 <td>0x44079FFF</td>
340 </tr>
341 <tr class="row-odd"><td>24</td>
342 <td>2</td>
343 <td>0x44074000</td>
344 <td>0x44076FFF</td>
345 </tr>
346 <tr class="row-even"><td>24</td>
347 <td>6</td>
348 <td>0x4407C000</td>
349 <td>0x4407FFFF</td>
350 </tr>
351 <tr class="row-odd"><td>24</td>
352 <td>7</td>
353 <td>0x701FC000</td>
354 <td>0x701FFFFF</td>
355 </tr>
356 </tbody>
357 </table>
358 <p>The below table shows which firewall 24 regions are open to all users
359 after security handover and can be reconfigured by application as necessary.</p>
360 <table border="1" class="docutils">
361 <colgroup>
362 <col width="22%" />
363 <col width="30%" />
364 <col width="25%" />
365 <col width="22%" />
366 </colgroup>
367 <thead valign="bottom">
368 <tr class="row-odd"><th class="head">Firewall ID</th>
369 <th class="head">Region</th>
370 <th class="head">Start Address</th>
371 <th class="head">End Address</th>
372 </tr>
373 </thead>
374 <tbody valign="top">
375 <tr class="row-even"><td>24</td>
376 <td>0</td>
377 <td>0x701E0000</td>
378 <td>0x701FCFFF</td>
379 </tr>
380 <tr class="row-odd"><td>24</td>
381 <td>3</td>
382 <td>0x44060000</td>
383 <td>0x44073FFF</td>
384 </tr>
385 <tr class="row-even"><td>24</td>
386 <td>5</td>
387 <td>0x701C0000</td>
388 <td>0x701DFFFF</td>
389 </tr>
390 </tbody>
391 </table>
392 <ul class="simple">
393 <li>Region 4 is disabled and can be configured by the application.</li>
394 <li>The last 48KB of MCUSRAM Bank 7 is unavailable for application use.</li>
395 <li>Regions 0,3,4,5 of Firewall 24 can be reconfigured by the application as needed.</li>
396 </ul>
397 </div>
398 </div>
401 </div>
402 </div>
403 <footer>
405 <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
407 <a href="secure_debug.html" class="btn btn-neutral float-right" title="Secure Debug User Guide" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
410 <a href="sa2ul_access.html" class="btn btn-neutral" title="SA2UL Access Outside of SYSFW" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
412 </div>
415 <hr/>
417 <div role="contentinfo">
418 <p>
419 <a href="http://www.ti.com/corp/docs/legal/copyright.shtml">© Copyright 2016-2022</a>, Texas Instruments Incorporated. All rights reserved. <br>
420 <a href="http://www.ti.com/corp/docs/legal/trademark/trademrk.htm">Trademarks</a> | <a href="http://www.ti.com/corp/docs/legal/privacy.shtml">Privacy policy</a> | <a href="http://www.ti.com/corp/docs/legal/termsofuse.shtml">Terms of use</a> | <a href="http://www.ti.com/lsds/ti/legal/termsofsale.page">Terms of sale</a>
422 </p>
423 </div>
425 </footer>
427 </div>
428 </div>
430 </section>
432 </div>
438 <script type="text/javascript">
439 var DOCUMENTATION_OPTIONS = {
440 URL_ROOT:'../',
441 VERSION:'08.04.02',
442 COLLAPSE_INDEX:false,
443 FILE_SUFFIX:'.html',
444 HAS_SOURCE: true
445 };
446 </script>
447 <script type="text/javascript" src="../_static/jquery.js"></script>
448 <script type="text/javascript" src="../_static/underscore.js"></script>
449 <script type="text/javascript" src="../_static/doctools.js"></script>
450 <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
452 <script src="http://www.ti.com/assets/js/headerfooter/analytics.js" type="text/javascript" charset="utf-8"></script>
458 <script type="text/javascript" src="../_static/js/theme.js"></script>
463 <script type="text/javascript">
464 jQuery(function () {
465 SphinxRtdTheme.StickyNav.enable();
466 });
468 var menuHeight = window.innerHeight;
470 var contentOffset = $(".wy-nav-content-wrap").offset();
471 var contentHeight = $(".wy-nav-content-wrap").height();
472 var contentBottom = contentOffset.top + contentHeight;
474 function setNavbarTop() {
475 var scrollTop = $(window).scrollTop();
476 var maxTop = scrollTop + menuHeight;
478 // If past the header
479 if (scrollTop > contentOffset.top && maxTop < contentBottom) {
480 stickyTop = scrollTop - contentOffset.top;
481 } else if (maxTop > contentBottom) {
482 stickyTop = scrollTop - contentOffset.top - (maxTop - contentBottom);
483 } else {
484 stickyTop = 0;
485 }
487 $(".wy-nav-side").css("top", stickyTop);
488 }
490 $(document).ready(function() {
491 setNavbarTop();
492 $(window).scroll(function () {
493 setNavbarTop();
494 });
496 $('body').on("mousewheel", function () {
497 // Remove default behavior
498 event.preventDefault();
499 // Scroll without smoothing
500 var wheelDelta = event.wheelDelta;
501 var currentScrollPosition = window.pageYOffset;
502 window.scrollTo(0, currentScrollPosition - wheelDelta);
503 });
504 });
505 </script>
508 </body>
509 </html>