Hi,
I have a question about the secure flash boot and the authentication of the flash region where an application firmware is located.
We are developing a project which involves:
1. a secondary/customer bootloader located in flash sectors 0 to 1, and
2. an application firmware located from sector 2 and onwards.
It will be configured to secure flash boot to the customer bootloader first. The customer bootloader will be responsible to switch to run the application firmware at some stage.
Here are my questions regarding the authentications of the two firmware:
1. The customer bootloader is authenticated by the ROM bootloader before the customer bootloader is started?
2. Should the customer bootloader be responsible to authenticate the application firmware memory region, and how?
e.g.,
- should the user customized region CMAC tag be in stored the memory range of the application, e.g., somewhere in Sector 2 and onwards?
- should the customer bootloader perform the authentication using "CPU1BROM_calculateCMAC (CMAC_AUTH_START_ADDRESS, CMAC_AUTH_END_ADDRESS, CMAC_AUTH_TAG_ADDRESS), before switching to the application firmware? And it also must include
#pragma RETAIN(cmac_all)
#pragma LOCATION (cmac_all, <CMAC location>)
const struct OMAC_TAG cmac_all = {{0}, <start address>, <end address>};
3. Should the CMAC be generated and built into the application hex by the hex tool?
Thanks!
