I'm trying to implement secure boot on my project. I'm using the K32L3A and using BLhost to write the IFR's. I seem to have all other functions working except secure boot. For simplicity of testing, I'm putting an unsigned image and not programming the RKTH onto the part. I would like to see it not boot when I enable secure boot. My process is as follows.
- Enable secure boot
- The command I use is: ./blhost --spi <mysettings> --noping -- flash-program-once 0x98 8 FFFFFF00FFFFFF00
- According to this article each bit in the IFR is mapped to a CCOB register and the register should be written with a 0xFF for b'1 and 0x00 for b'0. I should be writing 11101110 to the register, which according to the documentation is:
- secure boot enabled.
- secure boot development mode disabled
- if secure boot fails, go to bootloader mode.
- Enable Flash security.
- The command I use is: ./blhost --spi <mysettings> --noping -- flash-program-once 0x80 4 FFFFFFFF
- I'm very confident this command works because any subsequent BLHost commands get a response of "security must be disabled".
Upon reset, the unsigned image boots, meaning secure boot is not active. I can't find any examples of how to enable secure boot and based on the user guide, these seemed to be the only two necessary steps. Any help is appreciated!
1 Solution
