Hello !
Do I undestand right and by using this API , application can enter to bootloader without reboot ?
After that update can happens or whatever and it is possible jump back to application start address ( without reboot ) ?
Becouse not all areas of SRAM in use by bootloader, I can keep own data in SRAM while update is ongoing and there are retain.
is this so ?
But what is not clear if by ISP command(s) , host can read any data areas what is stored in SRAM ?
Even in case of Secure boot and "SB file format is encrypted and digitally signed", it is always possible to turn MCU to ISP mode and read SRAM ?
Or if secure boot is enabled already, some areas of flash/sram can be protected from reading, becouse
initial image is able to apply some protection and any next update ( FOTA like) is not able read all memory areas ?
I can see by default in ISP update is possibel to read/write/erase almost everything. Of couse it dosn't boot after that.
But it is other story.
Can you explain in more details how and what memory areas can be completely hidden from ISP type of update ?
Regards,
Eugene
Hi Eugene:
Please check my answers bellow:
Do I undestand right and by using this API , application can enter to bootloader without reboot ?
Yes
After that update can happens or whatever and it is possible jump back to application start address ( without reboot ) ?
You can use some commands for it, the easiest way would be use the reset command but you can also use the execute command to set the program counter.
Becouse not all areas of SRAM in use by bootloader, I can keep own data in SRAM while update is ongoing and there are retain.
is this so ?
Yes, if you not erase your region using the commands you could keep the SRAM regions
But what is not clear if by ISP command(s) , host can read any data areas what is stored in SRAM ?
Any secure region can't be accessed by the ISP.
Even in case of Secure boot and "SB file format is encrypted and digitally signed", it is always possible to turn MCU to ISP mode and read SRAM ?
This would not be possible in case there's a secure environment configured.
Can you explain in more details how and what memory areas can be completely hidden from ISP type of update ?
If you already set your secure environment, shouldn't be possible for the ISP to read, write this section
Best Regards,
Alexis Andalon
Hi Alexis !
Secure environment is not set yat. We verify all documentation if it have sense and really secure or we should start to design own bootloader and disable ISP mode as nonsecure at all.
In blhost v5.0 is no any info about ISP command limitation in case of Secure boot.
For old bootloaders it was like this:
"
When flash security is enabled, only the get-property, set property, reset, flash-security-disable, and flash-erase-all-unsecure
commands are supported. The MCU bootloader returns kStatus_SecurityViolation if a command is received that is not supported
due to flash security settings.
"
May be ReceiveSB file is also should be in this list.
But it should be clearly mentioned what exact limitation secure Boot have to ISP mode.
Regards,
Eugene