Advanced Secure Boot - SMR verification

anakha · ‎03-22-2024

Hi,

Advanced Secure Boot authentication proof is based on defined start address, size and config. (regarding to HSE Demo Advanced Secure Boot example and also Secure Boot App demo - SW745310)

The start address and the reserved SMR size for the application remains same for most of the time even the application updates. Key catalog and the key values are also remain same.

then, the TAG value and its address in flash remain same all the time even App changes.

What am I missing here? How Secure boot checks my app is secured?

Do I need to change keys or catalog each time I change app? But these values are defined in bootloader not in app.

Do I need to implement another signature (RSA or ECC) depend on the content of the App? if yes, how?

Thanks in advance.

regards,

anakha · ‎03-27-2024

Hi @lukaszadrapa,

I am using full_mem right now, but will use AB_Swap soon.

Anyway, please correct me if I am wrong. I understand that you are saying to create a new TAG each time I update my App and write it to the same address. My problem/question is creating a different TAG.

KEY Catalog and and initial key is defined in bootloader not in APP and how can I crate different TAG if they remain same?

I only change App, bootloader config stays same, right?

lukaszadrapa · ‎03-27-2024

Hi @anakha

there's some explanation in section "7.3. Implement secure boot" in the Secure boot application note.

When you update your application, you load also new auth_tag to the passive block (auth_tag of your new application). After AB swap, still the same SMR will read still the same address of auth_tag in active block - the auth_tag corresponds to the new application now, so everything is ok a secure boot will pass.
If you don't do that in this way, it would be necessary to update the SMR.

Regards,
Lukas