TI Processor Security#

This section covers the security features on TI’s ARM based processors.

Security Architecture#

TI enables security on ARM based processors through both hardware and software. The security specific hardware components on these devices are important to ensure a secure foundation, protect critical assets like keys and config data, and accelerate security-related processes. The security architecture shown below highlights these components.

TI’s ARM based processors have a dedicated security module in hardware that consists of the following components.

Hardware Security Components#
Component	Functionality
SMS	Security CoProcessor that manages and controls overall security on the device including secure boot and debug security
Crypto subsystem	Accelerator for generating and certifying keys
Secure DMA	Dedicated DMA for crypto subsystem

Device Security Configurations#

TI’s ARM based processors have two security states: HS-FS and HS-SE. The image below shows the distinction between the two.

What is an HS-FS device?#

TI delivers ARM based processors to customers as High Secure Field Securable (HS-FS) devices. These devices come with the hardware components needed to enforce all security features, but these features are not enabled by default on an HS-FS device. An HS-FS device allows customers to run diagnostics code without creating signed images, it does not enforce secure boot, and the JTAG port is unlocked.

What is an HS-SE device?#

Upon generating a x509 certificate and programming keys into an HS-FS device, the processor gets converted to High Secure Security Enforced (HS-SE) device. An HS-SE device enforces secure boot, has a locked JTAG port, and engages firewalls between hardware modules. It is considered a fully secure device with all security features enabled.