帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Bootloader protection

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

Bootloader protection

跳至解决方案
‎05-15-2013 10:23 PM
878 次查看
martindusek
Contributor V

Hello,

I'm writing custom USB generic HID bootloader.

How to protect bootloader from accidental execution due to malfunctional main application (jump from main application to bootloader due to eg. stack overflow and accidental erase/overwrite of application's code)?

Thanks

Martin

标签 (1)
标签
标记 (2)
0 项奖励
回复
1 解答

跳至解决方案
‎05-15-2013 10:41 PM
593 次查看
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

在原帖中查看解决方案

0 项奖励
回复
2 回复数

跳至解决方案
‎05-21-2013 04:43 PM
593 次查看
Monica
Senior Contributor III

Hello Martin,

was this workaround useful to your project? Share with us! :smileywink:

Best regards,

Monica

0 项奖励
回复

跳至解决方案
‎05-15-2013 10:41 PM
594 次查看
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

0 项奖励
回复