4.1.1.5.1 Code Execution in RAM: Integrity

Ensuring the integrity of mutable code in RAM means verifying that the code has not been altered, corrupted or tampered with before or during execution. Integrity verification is typically performed by calculating a cryptographic hash of the code and comparing it to an authenticated digest. This can be accelerated using the Cryptographic Accelerator Module (CAM).

Once the code is loaded into RAM, the contents are locked for modification by setting the BMXIRAML/H registers as described in Locking an Executable RAM Region. A final integrity check could be computed after locking the RAM before handing control to the code in RAM.

Once the code is loaded and locked for execution, the integrity of the code in RAM can be monitored for errors using the Error Correction Code (ECC) module as described in the data sheet or by periodically calculating the hash of the memory, if desired.

Key Considerations:

• Verify the integrity and authenticity of code loaded into RAM
• Lock the RAM region registers, if reconfiguration is not permitted in later stages to prevent modification