ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Viability of using ROM Bootloader as part of user firmware updates

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Viability of using ROM Bootloader as part of user firmware updates

‎10-12-2016 06:13 PM
1,946件の閲覧回数
chrismc
Contributor II

We've been looking at the possibility of user the Kinetis ROM bootloader (on MKL27Z4) as part of the user (post-shipping) firmware update process via USB, however from what we can tell it doesn't seem it would be a viable option for us if we're interested in securing the flash.

The main issue we would hit is that once flash has been configured as secure, it seems that to make any update via the  ROM bootloader it would require a full erase (of absolutely all flash). This would mean that any 'factory' data stored in flash would be lost (the PC side updater app could potentially request and cache that data before switching the target to ROM bootloader mode, but the process could be interrupted and the data lost).

Is that understanding correct? If so, it would seem to mean that the ROM bootloader fundamentally can't be part of a secure firmware update process (where no other secure data storage is available).

ラベル(1)
ラベル
タグ(2)
0 件の賞賛
返信
4 返答(返信)

‎10-12-2016 11:58 PM
1,791件の閲覧回数
cutworth
NXP Employee
NXP Employee

Hi Chris,

Please note the flash security feature apply only to external access from debug. CPU access to flash is not affected by flash security status.

Also Kinetis ROM bootloader has a command called FlashSecurityDisable which can be used for disabling flash security by comparing 8-byte backdoor key during flash firmware update. And you can enable flash security again as long as your updated firmware has 0x40C(flash configuration byte) configured as flash secured.

Hao

0 件の賞賛
返信

‎10-16-2016 03:43 PM
1,791件の閲覧回数
chrismc
Contributor II

Hi Hao

Thanks for the reply.

Regarding the CPU still having flash access... doesn't the ROM bootloader also respect the flash security status and not allow access through itself (even though it's running on the CPU)? Related to that, I have wondered if the bootloader's 'write-memory' and 'execute' command would mean that it would be relatively simple to bypass that.

On the backdoor key, we had previously discounted that as an option due to the need of transferring it unencrypted over USB, but we've reevaluated that and it does look like we can use that in a useful way.

Cheers, Chris

0 件の賞賛
返信

‎10-18-2016 10:24 PM
1,791件の閲覧回数
cutworth
NXP Employee
NXP Employee

Hi Chris,

Yes, you are correct.

For write memory command with the ROM bootloader, if you need to write flash area, then you need to first unsecure flash. See following note from RM.

First, any flash sector written to must have been previously erased with a FlashEraseAll, FlashEraseRegion, or FlashEraseAllUnsecure command.

But for execute command, there is no relationship with flash security, you can still execute code in flash under secure state. Secure mode just prevents external access to flash content.

Hao

0 件の賞賛
返信

‎03-08-2017 01:30 PM
1,791件の閲覧回数
chrismc
Contributor II

So if the bootloader allows you to upload and execute any code to be run on the CPU (which can then access the Flash and make its content available no matter what the security setting is), then it's possible to work around the security features right?

0 件の賞賛
返信