The subject line has the whole question, but a little background...I need an air-tight, rock solid, secure way to update a 28069, in the field, without ever exposing the CSM passwords, or any code. My plan is to keep the bootloader and encryption code in sector A. I'll have application code in Sector B &C. In theory, my sequence will look like this:
- bootloader copies the Flash API to secure RAM area 1 (because the ROM can't access secured RAM)
- for each sector...
- bootloader will get encrypted source for Sector B over CAN/serial, and places encrypted code buffer in an unsecure SARAM area
- sector A code decrypts that buffer to secure RAM area 2
- Flash API executes from secure RAM area1 to Erase Sector B, then programs unencrypted code from secure area RAMarea2 into Sector B
- and we never, ever, unlock the CSM in the field.
Another post indicated that one could clear the CSM passwords to 0sFFFF by erasing sector A only, but leaving the other sectors alone. Doesn't that then expose my unencrypted source in sectors B-H?
Thanks in advance...