Bootloader protection

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Bootloader protection

跳至解决方案
1,308 次查看
martindusek
Contributor V

Hello,

I'm writing custom USB generic HID bootloader.

How to protect bootloader from accidental execution due to malfunctional main application (jump from main application to bootloader due to eg. stack overflow and accidental erase/overwrite of application's code)?

Thanks

Martin

标签 (1)
标记 (2)
0 项奖励
回复
1 解答
1,023 次查看
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

在原帖中查看解决方案

0 项奖励
回复
2 回复数
1,023 次查看
Monica
Senior Contributor III

Hello Martin,

was this workaround useful to your project? Share with us! :smileywink:

Best regards,

Monica

0 项奖励
回复
1,024 次查看
BlackNight
NXP Employee
NXP Employee

Hi Martin,

I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.

The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.

What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.

I hope this gives you an idea.

You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.

I hope this helps.

0 项奖励
回复