Bootloader protection

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Bootloader protection

ソリューションへジャンプ
687件の閲覧回数
martindusek
Contributor V

Hello,

I'm writing custom USB generic HID bootloader.

How to protect bootloader from accidental execution due to malfunctional main application (jump from main application to bootloader due to eg. stack overflow and accidental erase/overwrite of application's code)?

Thanks

Martin

ラベル(1)
タグ(2)
0 件の賞賛
1 解決策
402件の閲覧回数
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

元の投稿で解決策を見る

0 件の賞賛
2 返答(返信)
402件の閲覧回数
Monica
Senior Contributor III

Hello Martin,

was this workaround useful to your project? Share with us! :smileywink:

Best regards,

Monica

0 件の賞賛
403件の閲覧回数
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

0 件の賞賛