The products I am currently working on are based on the Kinetis K61 MCU.
The components we use are USB, Crypyo engine, FlexBus and "Program Flash Swap"
It appears that the RT1020 USB is the same as the K61 HS-USB - great!
The RT1020 crypto engine is also similar to the K61. The mbedtls implementation form the RT1020 SDK includes everything needed.
The FlexBus on the K61 has been replaced by the SEMC on the RT1020. Currently we use the FlexBus to communicate with an FPGA (intel FPGA). What level, if any, of compatibility exists between FlexBus and SEMC?
The RT1020 has no internal flash and as such has no Program Flash Swap feature!
We liked that feature because it allowed us to get rid of the "bootloader".
The RT1020 does not seem to have a similar feature.
The K61 processor does not have the High Assurance Boot, a feature we have long desired.
But our firmware does support field updates using signed firmware. This firmware signature is verified while being downloaded into the unused K61 bank. On a reset the new firmware is executed, but it is not re-verified.
It seems that I have a couple choices for the RT1020
- implement a bootloader that is signed and installed in manufacturing, never to be replaced, which can call a loaded application. The application would not run from the HAB , but would have been verified while downloading
- implement a hardware circuit which would support two (twin) QSPI Flash devices on separate, swapable, chip selects.
- The hardware would respond to a HAB failure by switching the chip selects and resetting the MCU
- This would allow the HAB to evaluate the application, not just the bootloader
- Once running the firmware would use the second CS to write an update image! ( no need to run code from RAM)
- Seems like the Rt1020 ROM could do this
I assume the ROM has a callable function to verify an image after it has been downloaded??