www.ti.com
2.5 Security
The AM273x EVM can have a Non-Secure (GP or General Purpose) or a Secure device (HS-FS). To determine
if the device is secure, refer to field parameter for security: "y" of the Device name. If the Security Parameter is
"H", then the device is a Secure device.
The AM273x device leaves the TI factory in an HS-FS state where customer keys are not programmed and has
the following attributes:
•
Does not enforce the secure boot process
•
M4 JTAG port is closed
•
R5 JTAG port is open
•
Security Subsystem firewalls are closed
•
SoC Firewalls are open
•
ROM Boot expects a TI signed binary (encryption is optional)
•
TIFS-MCU binary is signed by the TI private key
The One Time Programmable (OTP) keywriter converts the secure device from HS-FS to HS-SE. The OTP
keywriter programs customer keys into the device eFuses to enforce secure boot and establish a root of trust.
The secure boot requires an image to be encrypted (optional) and signed using customer keys, which is verified
by the SoC. A secure device in the HS-SE state has the following attributes:
•
M4, R5 JTAG ports are both closed
•
Security Subsystems and SoC Firewalls are both closed
•
TIFS-MCU and SBL need to be signed with active customer key
2.6 Compliance
All components selected meet RoHS and REACH compliance.
SPRUIY1B – NOVEMBER 2020 – REVISED FEBRUARY 2024
Submit Document Feedback
Figure 2-4. Security Field Parameter
Copyright © 2024 Texas Instruments Incorporated
Kit Overview
AM273x Evaluation Module
7