Secure boot process

Gideon — Sat, 17 Jun 2023 09:16:41 GMT

My Flash map like this: refer to AN12218

location

I wish to implement the following sequence：refer to S32k-RM.pdf

According to the AN4235.pdf scheme, verify the Bootloader area using the Secure boot mechanism (I know how to use the CSEc module) at Power ON.

The Flash address is set to 0x1000_0000 and Length is set to 16K (the expected Bootloader size) as shown in the red box above, and I can achieve my goal, but now I cannot find such a function interface，I found the interface CSEC_DRV_BootDefine in the SDK, but it cannot specify the Flash address。

In AN5401, it is described that once secure boot is configured, on every reset, the autonomous secure boot runs on the Program Flash block starting at address '0' and finishes at BOOT_SIZE number of bits. If BOOT_SIZE is specified as 4K, then the FLASH area verified by Secure boot is 0x0000_0000-0x0000_1000.

I think there is a contradiction between AN5401 and AN4235 regarding Secure boot. My question is whether there is an interface in CSEc to specify the position and size of the verification area (such as the bootloader) during Secure boot?

Re: Secure boot process

lukaszadrapa — Mon, 19 Jun 2023 12:01:21 GMT

Hi @Gideon

the start address is fixed to 0x0 on S32K1 devices. This is allowed by SHE specification.
"SHE_BL_START - Address of the first byte of the bootloader. The address might be fixed for certain CPU architectures or it might be stored in internal or external memory"

There's following workaround for this scenario: Create small primary bootloader which will be placed to address 0x0 and which will be covered by standard secure boot. This primary bootloader then should check CMAC of secondary bootloader in data flash. If it is correct, it can jump to the secondary bootloader. This will create a chain of trust.

Regards,
Lukas

S32KのトピックSecure boot process

Secure boot process

Re: Secure boot process