Tool/software:
Hi,
I'm providing CAN bootloaders for various C2000 microcontrollers to customers of mine. Now, I'm finishing an encrypted firmware update option and that's where I have to think about the DCSM implemented in some of the C2000 µCs.
Typically, for a bootloader is, that the usage requires some amount of flash memory, but practically no RAM. The reason is, that application and bootloader will never run at the same time. So when one of the both is running, the RAM can be fully used.
I'm using a symmetric encryption / signing algorithm, that requires a secrete key to be stored with the bootloader. Disabling JTAG will be sufficient to secure the key, but potentially, bugs in the bootloader or application could be used to read out the flash memory (and thus compromising the applications confidentiality and / or the key).
DCSMs ability to restrict access to certain flash memory sectors to EXECUTION only, seems like a very good fit to the problem. But: The bootloader needs some portion of RAM run the flash library from there. As far as I understood the concept, it is possible to copy the library from flash to RAM, only when the RAM is assigned to the same zone and also set to EXECUTION only.
By setting this RAM portion to a specific zone and EXECUTION only, the RAM couldn't be used by the application any more (beside using it for a similar purpose when assigning the application flash to the same zone).
Is there a way to overcome this limitation, set the bootloaders flash memory to EXECUTION only, and still have the overall RAM still available for the application?
best regards
Torsten