[processor-sdk/pdk.git] / packages / ti / drv / sciclient / soc / sysfw / binaries / system-firmware-public-documentation / 6_topic_user_guides / security_handover.html
3 <!DOCTYPE html>
4 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
5 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
6 <head>
7 <meta charset="utf-8">
9 <meta name="viewport" content="width=device-width, initial-scale=1.0">
11 <title>Performing Security Handover — TISCI User Guide</title>
16 <link rel="shortcut icon" href="../_static/favicon.ico"/>
29 <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
33 <link rel="stylesheet" href="../_static/theme_overrides.css" type="text/css" />
37 <link rel="index" title="Index"
38 href="../genindex.html"/>
39 <link rel="search" title="Search" href="../search.html"/>
40 <link rel="top" title="TISCI User Guide" href="../index.html"/>
41 <link rel="up" title="Chapter 6: Topic User Guides" href="index.html"/>
42 <link rel="next" title="Secure Debug User Guide" href="secure_debug.html"/>
43 <link rel="prev" title="SA2UL Access Outside of SYSFW" href="sa2ul_access.html"/>
46 <script src="../_static/js/modernizr.min.js"></script>
48 </head>
50 <body class="wy-body-for-nav" role="document">
51 <header id="tiHeader">
52 <div class="top">
53 <ul>
54 <li id="top_logo">
55 <a href="http://www.ti.com">
56 <img src="../_static/img/ti_logo.png"/>
57 </a>
58 </li>
59 </ul>
60 </div>
61 <div class="nav"></div>
62 </header>
63 <div class="wy-grid-for-nav">
66 <nav data-toggle="wy-nav-shift" class="wy-nav-side">
67 <div class="wy-side-scroll">
68 <div class="wy-side-nav-search">
72 <a href="../index.html" class="icon icon-home"> TISCI
76 </a>
84 <div role="search">
85 <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
86 <input type="text" name="q" placeholder="Search docs" />
87 <input type="hidden" name="check_keywords" value="yes" />
88 <input type="hidden" name="area" value="default" />
89 </form>
90 </div>
93 </div>
95 <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
99 <ul class="current">
100 <li class="toctree-l1"><a class="reference internal" href="../1_intro/index.html">Chapter 1: Introduction</a></li>
101 <li class="toctree-l1"><a class="reference internal" href="../2_tisci_msgs/index.html">Chapter 2: TISCI Message Documentation</a></li>
102 <li class="toctree-l1"><a class="reference internal" href="../3_boardcfg/index.html">Chapter 3: Board Configuration</a></li>
103 <li class="toctree-l1"><a class="reference internal" href="../4_trace/index.html">Chapter 4: Interpreting Trace Data</a></li>
104 <li class="toctree-l1"><a class="reference internal" href="../5_soc_doc/index.html">Chapter 5: SoC Family Specific Documentation</a></li>
105 <li class="toctree-l1 current"><a class="reference internal" href="index.html">Chapter 6: Topic User Guides</a><ul class="current">
106 <li class="toctree-l2"><a class="reference internal" href="devgrp_usage.html">Device Group Primer</a></li>
107 <li class="toctree-l2"><a class="reference internal" href="domgrp_usage.html">Domain Group Primer</a></li>
108 <li class="toctree-l2"><a class="reference internal" href="secure_boot_signing.html">Signing binaries for Secure Boot on HS Devices</a></li>
109 <li class="toctree-l2"><a class="reference internal" href="hs_boardcfg_signing.html">Signing Board Configuration on HS devices</a></li>
110 <li class="toctree-l2"><a class="reference internal" href="extended_otp.html">Using Extended OTP on HS devices</a></li>
111 <li class="toctree-l2"><a class="reference internal" href="dkek_management.html">Using Derived KEK on HS devices</a></li>
112 <li class="toctree-l2"><a class="reference internal" href="firewall_faq.html">Firewall FAQ</a></li>
113 <li class="toctree-l2"><a class="reference internal" href="sa2ul_access.html">SA2UL Access Outside of SYSFW</a></li>
114 <li class="toctree-l2 current"><a class="current reference internal" href="#">Performing Security Handover</a><ul>
115 <li class="toctree-l3"><a class="reference internal" href="#board-configuration">Board configuration</a></li>
116 <li class="toctree-l3"><a class="reference internal" href="#normal-runtime-operation">Normal runtime operation</a></li>
117 <li class="toctree-l3"><a class="reference internal" href="#triggering-security-handover">Triggering security handover</a></li>
118 <li class="toctree-l3"><a class="reference internal" href="#post-security-handover">Post Security handover</a></li>
119 </ul>
120 </li>
121 <li class="toctree-l2"><a class="reference internal" href="secure_debug.html">Secure Debug User Guide</a></li>
122 <li class="toctree-l2"><a class="reference internal" href="key_writer.html">Key Writer</a></li>
123 </ul>
124 </li>
125 </ul>
129 </div>
130 </div>
131 </nav>
133 <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
136 <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
137 <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
138 <a href="../index.html">TISCI</a>
139 </nav>
143 <div class="wy-nav-content">
144 <div class="rst-content">
151 <div role="navigation" aria-label="breadcrumbs navigation">
152 <ul class="wy-breadcrumbs">
153 <li><a href="../index.html">Docs</a> »</li>
155 <li><a href="index.html">Chapter 6: Topic User Guides</a> »</li>
157 <li>Performing Security Handover</li>
158 <li class="wy-breadcrumbs-aside">
162 </li>
163 </ul>
164 <hr/>
165 </div>
166 <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
167 <div itemprop="articleBody">
169 <div class="section" id="performing-security-handover">
170 <h1>Performing Security Handover<a class="headerlink" href="#performing-security-handover" title="Permalink to this headline">¶</a></h1>
171 <div class="admonition note">
172 <p class="first admonition-title">Note</p>
173 <p class="last">This document is only applicable to devices AM64.</p>
174 </div>
175 <p>AM64 SOC is targeted towards usecases with limited runtime security
176 operations in steady state operation. When runtime security operations
177 are complete, it supports releasing the security resources to a host
178 designated via board configuration. This feature is called security
179 handover.</p>
180 <p>On AM64 device, security code uses the last 128 KB of MCUSRAM Bank 7 along with
181 some portion of DMSC internal memory. Security code also maintains control of
182 the security configuration region on the device from 0x45000000 to 0x45FFFFFF.
183 After the system initialization and all runtime security operations are
184 complete, a designated host on the system can trigger security handover
185 operation. After the security handover is complete, the memory used by security
186 code in MCUSRAM bank 7 is wiped and released to the system. Of all security
187 functionality, only processor boot control functionality is left running out of
188 DMSC IRAM. Control of system firewalls not protecting any secrets is handed over
189 to a designated host.</p>
190 <p>This document describes the steps that need to be performed for security handover.
191 This document must be read along side</p>
192 <ol class="arabic simple">
193 <li><a class="reference internal" href="../2_tisci_msgs/security/security_handover.html"><span class="doc">Security Handover Message Description</span></a> and</li>
194 <li><a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html"><span class="doc">Security Board Configuration</span></a>, specifically <a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html#pub-boardcfg-security-handover"><span class="std std-ref">Security Handover</span></a></li>
195 </ol>
196 <div class="section" id="board-configuration">
197 <h2>Board configuration<a class="headerlink" href="#board-configuration" title="Permalink to this headline">¶</a></h2>
198 <p>Security handover is controlled by board configuration
199 <a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html"><span class="doc">Security Board Configuration</span></a>, specifically
200 <a class="reference internal" href="../3_boardcfg/BOARDCFG_SEC.html#pub-boardcfg-security-handover"><span class="std std-ref">Security Handover</span></a>.</p>
201 <p>There are two entries that the user needs to compulsorily specify.</p>
202 <ol class="arabic simple">
203 <li>ID of the host who will trigger the security handover.</li>
204 <li>ID of the host who will take control of a portion of the system firewalls.</li>
205 </ol>
206 <p>If the security handover functionality is not desired, both the above fields must be set to 0.
207 0 corresponds to the DMSC host ID.
208 Both these host ID’s are validated during security board configuration processing.
209 Please ensure that these fields are initialized correctly.</p>
210 <div class="figure">
211 <img alt="../_images/sec_handover_boardcfg.svg" src="../_images/sec_handover_boardcfg.svg" /></div>
212 </div>
213 <div class="section" id="normal-runtime-operation">
214 <h2>Normal runtime operation<a class="headerlink" href="#normal-runtime-operation" title="Permalink to this headline">¶</a></h2>
215 <p>During normal runtime operation, System Firmware processes all runtime security messages as described in
216 the TISCI documentation. Once all the runtime security operations are complete, the host described
217 in board configuration can trigger security handover.</p>
218 </div>
219 <div class="section" id="triggering-security-handover">
220 <h2>Triggering security handover<a class="headerlink" href="#triggering-security-handover" title="Permalink to this headline">¶</a></h2>
221 <div class="figure">
222 <img alt="../_images/sec_handover_during.svg" src="../_images/sec_handover_during.svg" /></div>
223 <p>Security handover is triggered by <a class="reference internal" href="../2_tisci_msgs/security/security_handover.html#sec-api-sec-handover"><span class="std std-ref">TISCI_MSG_SEC_HANDOVER</span></a>.
224 This TISCI message can only sent by the host specified in the board configuration.
225 The TISCI message request and response take no additional arguments as the
226 required information is included in the board configuration.</p>
227 <p>The above diagram shows the sequence of operation in M3 when the security handover
228 TISCI message is received. In the diagram, we are assuming that R5 has been specified
229 as the sender of the handover message.</p>
230 <p>In the last step in the diagram labelled as “Open firewall protecting the
231 firewall configuration”, the firewall is programmed to only allow the host
232 specified in the security board configuration <code class="docutils literal"><span class="pre">handover_to_host_id</span></code>.</p>
233 </div>
234 <div class="section" id="post-security-handover">
235 <h2>Post Security handover<a class="headerlink" href="#post-security-handover" title="Permalink to this headline">¶</a></h2>
236 <div class="figure">
237 <img alt="../_images/sec_handover_after.svg" src="../_images/sec_handover_after.svg" /></div>
238 <p>As most of the security functionality is removed to free up memory, processor
239 control functionality is the only security feature available after handover. In
240 processor control, secure boot API is not available. Any security TISCI messages
241 other than processor control functionality are NACKED.</p>
242 <p>Below is the list of supported processor control API.</p>
243 <table border="1" class="docutils">
244 <colgroup>
245 <col width="17%" />
246 <col width="83%" />
247 </colgroup>
248 <thead valign="bottom">
249 <tr class="row-odd"><th class="head">TISCI Message ID</th>
250 <th class="head">Message Name</th>
251 </tr>
252 </thead>
253 <tbody valign="top">
254 <tr class="row-even"><td>0xC000</td>
255 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-request-processor"><span class="std std-ref">TISCI_MSG_PROC_REQUEST</span></a>.</td>
256 </tr>
257 <tr class="row-odd"><td>0xC001</td>
258 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-release-processor"><span class="std std-ref">TISCI_MSG_PROC_RELEASE</span></a>.</td>
259 </tr>
260 <tr class="row-even"><td>0xC005</td>
261 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-handover-processor"><span class="std std-ref">TISCI_MSG_PROC_HANDOVER</span></a>.</td>
262 </tr>
263 <tr class="row-odd"><td>0xC100</td>
264 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-set-processor-configuration"><span class="std std-ref">TISCI_MSG_PROC_SET_CONFIG</span></a></td>
265 </tr>
266 <tr class="row-even"><td>0xC101</td>
267 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-set-processor-control"><span class="std std-ref">TISCI_MSG_PROC_SET_CONTROL</span></a></td>
268 </tr>
269 <tr class="row-odd"><td>0xC400</td>
270 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-get-processor-status"><span class="std std-ref">TISCI_MSG_PROC_GET_STATUS</span></a></td>
271 </tr>
272 <tr class="row-even"><td>0xC401</td>
273 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-wait-processor-status"><span class="std std-ref">TISCI_MSG_PROC_WAIT_STATUS</span></a></td>
274 </tr>
275 </tbody>
276 </table>
277 <p>The below processor control feature is not supported.</p>
278 <table border="1" class="docutils">
279 <colgroup>
280 <col width="17%" />
281 <col width="83%" />
282 </colgroup>
283 <thead valign="bottom">
284 <tr class="row-odd"><th class="head">TISCI Message ID</th>
285 <th class="head">Message Name</th>
286 </tr>
287 </thead>
288 <tbody valign="top">
289 <tr class="row-even"><td>0xC120</td>
290 <td><a class="reference internal" href="../2_tisci_msgs/security/PROC_BOOT.html#proc-boot-authenticate-image-and-configure-processor"><span class="std std-ref">TISCI_MSG_PROC_AUTH_BOOT</span></a></td>
291 </tr>
292 </tbody>
293 </table>
294 <p>System Firmware continues to process and clear firewall exceptions to avoid distributing
295 this functionality among multiple cores.</p>
296 <p>On HS devices, System Firmware firewalls the SA2UL for use during secure boot. This
297 firewall is not opened by System Firmware during security handover. However the host
298 specified in the security board configuration can open the SA2UL firewalls as
299 required.</p>
300 <p>Any resource management ring configuration API are also unavailable after security
301 handover as they internally invoke ISC configuration API.</p>
302 <div class="admonition warning">
303 <p class="first admonition-title">Warning</p>
304 <p class="last">Any resource management ring configuration API are also unavailable after
305 security handover as they internally invoke ISC configuration API.</p>
306 </div>
307 </div>
308 </div>
311 </div>
312 </div>
313 <footer>
315 <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
317 <a href="secure_debug.html" class="btn btn-neutral float-right" title="Secure Debug User Guide" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
320 <a href="sa2ul_access.html" class="btn btn-neutral" title="SA2UL Access Outside of SYSFW" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
322 </div>
325 <hr/>
327 <div role="contentinfo">
328 <p>
329 <a href="http://www.ti.com/corp/docs/legal/copyright.shtml">© Copyright 2016-2020</a>, Texas Instruments Incorporated. All rights reserved. <br>
330 <a href="http://www.ti.com/corp/docs/legal/trademark/trademrk.htm">Trademarks</a> | <a href="http://www.ti.com/corp/docs/legal/privacy.shtml">Privacy policy</a> | <a href="http://www.ti.com/corp/docs/legal/termsofuse.shtml">Terms of use</a> | <a href="http://www.ti.com/lsds/ti/legal/termsofsale.page">Terms of sale</a>
332 </p>
333 </div>
335 </footer>
337 </div>
338 </div>
340 </section>
342 </div>
348 <script type="text/javascript">
349 var DOCUMENTATION_OPTIONS = {
350 URL_ROOT:'../',
351 VERSION:'',
352 COLLAPSE_INDEX:false,
353 FILE_SUFFIX:'.html',
354 HAS_SOURCE: true
355 };
356 </script>
357 <script type="text/javascript" src="../_static/jquery.js"></script>
358 <script type="text/javascript" src="../_static/underscore.js"></script>
359 <script type="text/javascript" src="../_static/doctools.js"></script>
360 <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
362 <script src="http://www.ti.com/assets/js/headerfooter/analytics.js" type="text/javascript" charset="utf-8"></script>
368 <script type="text/javascript" src="../_static/js/theme.js"></script>
373 <script type="text/javascript">
374 jQuery(function () {
375 SphinxRtdTheme.StickyNav.enable();
376 });
378 var menuHeight = window.innerHeight;
380 var contentOffset = $(".wy-nav-content-wrap").offset();
381 var contentHeight = $(".wy-nav-content-wrap").height();
382 var contentBottom = contentOffset.top + contentHeight;
384 function setNavbarTop() {
385 var scrollTop = $(window).scrollTop();
386 var maxTop = scrollTop + menuHeight;
388 // If past the header
389 if (scrollTop > contentOffset.top && maxTop < contentBottom) {
390 stickyTop = scrollTop - contentOffset.top;
391 } else if (maxTop > contentBottom) {
392 stickyTop = scrollTop - contentOffset.top - (maxTop - contentBottom);
393 } else {
394 stickyTop = 0;
395 }
397 $(".wy-nav-side").css("top", stickyTop);
398 }
400 $(document).ready(function() {
401 setNavbarTop();
402 $(window).scroll(function () {
403 setNavbarTop();
404 });
406 $('body').on("mousewheel", function () {
407 // Remove default behavior
408 event.preventDefault();
409 // Scroll without smoothing
410 var wheelDelta = event.wheelDelta;
411 var currentScrollPosition = window.pageYOffset;
412 window.scrollTo(0, currentScrollPosition - wheelDelta);
413 });
414 });
415 </script>
418 </body>
419 </html>