Hello e2e,
We have a customer want to implement secure boot in MSP432, is it possible to achieve the real secure bootloader in this device? or just a part of the function.
they have below questions want to check, pls help to have a review.
They are creating a system with cyber security requirement that they must implement secure boot which relay on a immutable first stage bootloader.
So according to the RM for MPS432P4, they decide to implement this feature based on the IP Protection Zone, JTAG/SWD Lockdown & Factory Reset Disable functionality from the MSP432P4111 device. The only concern is IP Protection Zone is protected by a 128bit password with a 256bit encryption which they theory need hundreds of year brute force, but not absolutely impossible.
- they want to ask is it possible to permanently lockdown the Boot Override feature/IP Protection Zone on this device?Since they don’t want anyone can reprogram the first stage bootloader intentionally or by accident;
- The other question is for the boot-code mentioned in the TRM, can I consider it as a boot rom code running before any application? Since there is no description for how it is implemented;
- For the configuration through Boot Override feature, they are stored to somewhere else inside the IC which can be accessed by the boot code only, right? And so they can erase the content in Flash Mailbox to make the information even hided to my own application;
- From the RM, for the Flash Erase & Write Protection that will be ignored by the Flash Controller if the IP Protection Zone is enabled, so it means this is the default behavior after we enable the IP Protection Zone right?
thanks in advance.
