Hi
In S32k118, CSEc safe boot introduces three safe boot methods, why sequential boot mode and parallel boot mode can still execute ROM code after failure, what are the considerations of this setting, if you can still enter the App to run, then what is the meaning of safe boot?
Solved! Go to Solution.
Hi @ZEROOO
the sentence about execution of ROM code is little bit confusing. It comes from SHE specification and it has different meaning here.
Regardless of that, let me explain how it works:
If sequential or parallel boot mode fails, the only effect is that boot protected keys cannot be used (boot protected keys - when BOOT_PROT attribute is set when loading a key). The application will run but the application cannot use boot protected keys.
The only difference between sequential and parallel boot mode: in sequential mode, boot protected keys are available immediately when the application starts execution (of course, if the secure boot is successful). In parallel boot mode, the application needs to wait until the secure boot is finished and then the boot protected keys will be available.
Next level of protection is strict sequential boot mode. If this boot mode fails, the application won't run, the device will stay in reset forever and there's no way to recover. The only option is to replace the device.
Regards,
Lukas
Hi @ZEROOO
the sentence about execution of ROM code is little bit confusing. It comes from SHE specification and it has different meaning here.
Regardless of that, let me explain how it works:
If sequential or parallel boot mode fails, the only effect is that boot protected keys cannot be used (boot protected keys - when BOOT_PROT attribute is set when loading a key). The application will run but the application cannot use boot protected keys.
The only difference between sequential and parallel boot mode: in sequential mode, boot protected keys are available immediately when the application starts execution (of course, if the secure boot is successful). In parallel boot mode, the application needs to wait until the secure boot is finished and then the boot protected keys will be available.
Next level of protection is strict sequential boot mode. If this boot mode fails, the application won't run, the device will stay in reset forever and there's no way to recover. The only option is to replace the device.
Regards,
Lukas