Bootloader protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bootloader protection

Jump to solution
818 Views
martindusek
Contributor V

Hello,

I'm writing custom USB generic HID bootloader.

How to protect bootloader from accidental execution due to malfunctional main application (jump from main application to bootloader due to eg. stack overflow and accidental erase/overwrite of application's code)?

Thanks

Martin

Labels (1)
Tags (2)
0 Kudos
1 Solution
533 Views
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

View solution in original post

0 Kudos
2 Replies
533 Views
Monica
Senior Contributor III

Hello Martin,

was this workaround useful to your project? Share with us! :smileywink:

Best regards,

Monica

0 Kudos
534 Views
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

0 Kudos