Scribd
Upload
95 views9 pages

Infineon-AURIX Hardware Security Module-Training-v01 01-EN

İnfineon

Uploaded by

bülent şahin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
95 views9 pages

Infineon-AURIX Hardware Security Module-Training-v01 01-EN

İnfineon

Uploaded by

bülent şahin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

HSM

Hardware Security Module

AURIX™ TC2xx Microcontroller Training


V1.1 2019-03
Please read the Important Notice and Warnings at the end of this document
HSM
Hardware Security Module

Flash
32-bit
CPU
32-bit
CPU
32-bit
CPU
Highlights
Cross Bar Interconnect
RAM
› 32 bit ARM Cortex M3 processor with up

Firewall
Boot to 100 MHz CPU speed.
ROM
DSPR Bridge
AES 128 › MPU (Memory Protection Unit)
System Peripheral Bus TRNG › True Random Number Generator
Peripherals Timer
HSM Domain

Key Features Customer Benefits


AES128 and TRNG implemented in HW › AES-128 Hardware Accelerator for
symmetric cryptography

AES CMAC with minimum rate 25 MBytes/s › Protection against logical attacks, debugger
protection

Secure Key Storage in separate HSM P/DFlash › Secured boot and communication, Tuning
portion (8 x 8 KB DF1 only in HE) protection, Authentication, Immobilizer

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 2


HSM
AES128 and TRNG implemented in HW

› The AES module is a fast hardware device that supports encryption and
decryption via a 128-bit key AES (Advanced Encryption System)
› It enables plain/simple encryption and decryption of a single 128-bit data (i.e., plain text
or cipher text) block as well as encryption or decryption of a multitude of data blocks of
128 bits each. For these, several so called modes of operation are implemented
– ECB (electronic code book mode)
– CBC (cipher block chaining mode)
– CTR (32-bit counter mode)
– OFB (output feedback mode)
– CFB (cipher feedback mode)
› This enables also the additional modes
– GCM (Galois counter mode)
– XTS (XEX-based Tweaked Code Book mode (TCB) with Cipher Text Stealing (CTS))
› TRNG generates Random Numbers:
– Keys for cryptographic algorithm
– Support Protocols (Challenges, blinding values, padding bytes, etc.)
– Fully compliant to the AIS 20/31 standard

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 3


HSM
AES CMAC with minimum rate 25 MBytes/s

› CMAC (Cipher-based Message Authentication Code) is widely used for


authentication
› It is based on symmetrical encryption like the CBC-MAC algorithm
› Secured boot uses the CMAC for tampering detection
› A fast calculation of a CMAC is desired to speed up the boot process time
00...0 𝑚𝑛
𝑘1 Legend:
k
E Derive Tweak
E – block cypher
𝑘2 K – secret key
𝑚1 𝑚2 𝑚′𝑛 𝑘1 , 𝑘2 - sub-keys

k k k
E E E
Output

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 4


HSM
Secure key storage in separate HSM P/DFlash portion

› Secured key storage, secured data and counters can be saved in a


dedicated Data Flash area
› 8 x 8 KB = 64 KB of DFlash (DF1) reserved for HSM (only in AURIX™
TC27x/TC29x devices)
› Data Flash content is refreshed in Round Robin via FEE drivers
› The segregation of the sensible information inside the HSM Data Flash
can be enforced using the feature „exclusive access“, which allows the
read and write access only to the HSM core
› A dedicated HSM Data Flash allows that the execution of the TriCore™
application can fetch and read code or data from Program Flash while
updating secured non-volatile information

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 5


HSM
System integration

› HSM is connected with the device via the SPB (System Peripheral bus)
› The Bridge module acts as a „firewall“ so the HSM internal resources are
protected from accesses by other masters
› P/DFlash of the HSM are shared with the device, but can be protected via
an „exclusive access“ from TriCore™ and other masters accesses
› HSM, as a system on chip, is a bus master on the SPB

HSM

SPB

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 6


Application example
Chip tuning protection

Overview Advantages
› Challenge Response Authentication › Memory protection plus the option to
close the debug interfaces protects
› Closed Debugger Interface against unauthorized read and write
› IP Protection access

› Tuning Protection › An exchange of the micro can be


prevented by means of challenge-
response authentication

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 7


Revision history

Revision Description of change


V1.0 Initial version
V1.1 Update of highlights and AES CMAC, spelling corrections

2019-11-12 Copyright © Infineon Technologies AG 2019. All rights reserved. 8


Trademarks
All referenced product or service names and trademarks are the property of their respective owners.

Edition 2019-03 IMPORTANT NOTICE For further information on the product,


Published by The information given in this document shall in no technology, delivery terms and conditions and
Infineon Technologies AG event be regarded as a guarantee of conditions or prices please contact your nearest Infineon
81726 Munich, Germany characteristics (“Beschaffenheitsgarantie”) . Technologies office (www.infineon.com).
With respect to any examples, hints or any typical
© 2019 Infineon Technologies AG. WARNINGS
values stated herein and/or any information
All Rights Reserved. Due to technical requirements products may
regarding the application of the product, Infineon
contain dangerous substances. For information
Technologies hereby disclaims any and all
Do you have a question about this on the types in question please contact your
warranties and liabilities of any kind, including
document? nearest Infineon Technologies office.
without limitation warranties of non-infringement
Email: [email protected]
of intellectual property rights of any third party. Except as otherwise explicitly approved by
Infineon Technologies in a written document
Document reference In addition, any information given in this
signed by authorized representatives of Infineon
AURIX_Training_1_ document is subject to customer’s compliance
Technologies, Infineon Technologies’ products
Hardware_Security_Module with its obligations stated in this document and
may not be used in any applications where a
any applicable legal requirements, norms and
failure of the product or any consequences of the
standards concerning customer’s products and
use thereof can reasonably be expected to result
any use of the product of Infineon Technologies in
in personal injury.
customer’s applications.
The data contained in this document is exclusively
intended for technically trained staff. It is the
responsibility of customer’s technical
departments to evaluate the suitability of the
product for the intended application and the
completeness of the product information given in
this document with respect to such application.

You might also like