I want to secure my application code and maintain its confidentiality. I've decided that I want to use Lockbox and encrypt my code. Which encryption method/cipher should I use?
If you require your application code to be encrypted, you are free to use any encryption/decryption cipher you choose. Lockbox does not implement encryption/decryption natively in hardware, Lockbox only supports digital signature authentication. The ECC and SHA-1 ciphers in the Blackfin ROM are implemented as part of ECDSA for digital signature authentication only.
The specific security feature in Lockbox enabled Blackfins that facilitates this process is the secure environment the Blackfin provides. In other words, once you perform digital signature authentication and transition the Secure State Machine into Secure Mode operation, you can now operate in a secure environment with memory access restrictions in place, JTAG emulation disabled, etc. This secure processing environment can be utilized to perform decryption of sensitive information that was stored off-chip in encrypted form.
Blackfin and Lockbox do not actually perform the encryption or decryption of application code/data with any hardware built into the processor. The Blackfin simply executes decryption code that the customer chooses and loads onto the processor in order to perform this task.
A cipher such as AES is typically used for encryption/decryption of code or data. AES is a published standard and you may find information about it via the internet. Resources such as 3rd party DSP Collaborative Security IP Vendor Elliptic Semi and software libraries such as MIRACL may also provide encryption/decryption support as well as open source code resources available on the web.
Please also be aware that the ADSP-BF54x processor family includes AES and ARC4 ciphers in on-chip ROM which are user-callable. If the user decides to use these ciphers, they may call and execute them from the on-chip ROM without having to load their own cipher into on-chip SRAM. Other processors with Lockbox such as the BF51x and BF52x do not include these ciphers on-chip, however, these ciphers or other ciphers of the developer's choosing may be loaded and executed on the Blackfin internal SRAM.
Retrieving data ...