Hello, I am using S32K314 and trying to implement Basic Secure Boot.
By modifying the linker script provided with the DEMO APP, the AppBL header (64 bytes) and the bootloader were placed at the address pointed to by the IVT Boot_Target field, as described in the 'HSE-B Firmware Reference Manual'.
However, it doesn't boot.
What other settings are needed to boot using the AppBL?
P.S. This is an early development stage, so Secure Boot is not enabled, and I haven't generated signs for the IVT and bootloader image.
Hi @wodudwo
IVT offset 0xC is not used to start AppBL (application covered by Basic Secure Boot). This is a pointer to vector table of application which is supposed to be started on core 0 when secure boot is not enabled by BOOT_SEQ bit.
IVT offset 0x14 is not used to start AppBL either. This is a pointer to vector table of application which is supposed to be started on core 1 (if available on a derivative).
IVT offset 0x30 is used as a pointer to app header of AppBL. This is used when secure boot is enabled by BOOT_SEQ.
See “Table 118. IVT structure” for details.
Screenshot from "S32K344_Basic_SecureBoot" mentioned below:
Another point is that start address of application must be aligned to 128 bytes. And there must be 64 byte app header before the application.
I recommend to check following resources:
HSE DemoExamples:
https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples
Take a look at projects:
This one configures the basic secure boot:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Basic_SecureBoot\
This is the application which will be executed once secure boot is enabled:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_SecureBootBlinky\
Secure Boot application note including demo projects. It can be downloaded from:
https://www.nxp.com/products/S32K3
Application note can be found here:
Documentation -> Secure Files -> Secure Boot Application note v0.1.1.0 (AN744511)
Associated demo project can be downloaded here:
Design Resources -> Software -> Secure Files -> SecureBootAppNoteDemo (SW745310)
Take a look at “5. Basic Secure Boot”, especially the last part of “5.2 Configuration” which talks about the alignment.
Regards,
Lukas
Hi @wodudwo
IVT offset 0xC is not used to start AppBL (application covered by Basic Secure Boot). This is a pointer to vector table of application which is supposed to be started on core 0 when secure boot is not enabled by BOOT_SEQ bit.
IVT offset 0x14 is not used to start AppBL either. This is a pointer to vector table of application which is supposed to be started on core 1 (if available on a derivative).
IVT offset 0x30 is used as a pointer to app header of AppBL. This is used when secure boot is enabled by BOOT_SEQ.
See “Table 118. IVT structure” for details.
Screenshot from "S32K344_Basic_SecureBoot" mentioned below:
Another point is that start address of application must be aligned to 128 bytes. And there must be 64 byte app header before the application.
I recommend to check following resources:
HSE DemoExamples:
https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples
Take a look at projects:
This one configures the basic secure boot:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Basic_SecureBoot\
This is the application which will be executed once secure boot is enabled:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_SecureBootBlinky\
Secure Boot application note including demo projects. It can be downloaded from:
https://www.nxp.com/products/S32K3
Application note can be found here:
Documentation -> Secure Files -> Secure Boot Application note v0.1.1.0 (AN744511)
Associated demo project can be downloaded here:
Design Resources -> Software -> Secure Files -> SecureBootAppNoteDemo (SW745310)
Take a look at “5. Basic Secure Boot”, especially the last part of “5.2 Configuration” which talks about the alignment.
Regards,
Lukas
