SPRADN0 December   2024 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Programming Fundamentals
  5. 2Introduction
    1. 2.1 Hardware Security Module
    2. 2.2 ROM Bootloader
    3. 2.3 Combined Image with X.509 Certificate
  6. 3Flash Kernel Implementation
    1. 3.1 CPU1 Firmware Upgrade (HS-FS)
    2. 3.2 Key Provision (HS-FS to HS-KP)
    3. 3.3 CPU1 Secure Firmware Upgrade (HS-KP/SE to HS-SE)
    4. 3.4 HSM Firmware Upgrade (HS-KP/SE to HS-SE)
    5. 3.5 SECCFG Code Provisioning (HS-KP/SE to HS-SE)
  7. 4Host Application: UART Flash Programmer
    1. 4.1 Overview
    2. 4.2 Build UART Flash Programmer with Visual Studio
    3. 4.3 Build UART Flash Programmer with CMake
    4. 4.4 Packet Format
    5. 4.5 Kernel Commands
  8. 5Example Usage
    1. 5.1 Loading the Flash Kernel onto the Device
      1. 5.1.1 Hardware Setup
      2. 5.1.2 Running the UART Flash Programmer
    2. 5.2 CPU1 Device Firmware Upgrade (HS-FS only)
    3. 5.3 Convert HS-FS to HS-SE
    4. 5.4 Loading a RAM-based HSMRt Image
    5. 5.5 Key Provision (HS-FS to HS-KP)
    6. 5.6 Code Provision (HS-KP/SE to HS-SE)
  9. 6Troubleshooting
    1. 6.1 General
    2. 6.2 UART Boot
    3. 6.3 Application Load
  10. 7Summary
  11. 8References

3.3 CPU1 Secure Firmware Upgrade (HS-KP/SE to HS-SE)

To perform a secure firmware upgrade on CPU1 of an HS-KP or HS-SE device, compile the CP_APP build configuration of the project. This can be done by right-clicking the project, hovering over Build Configurations, and selecting CP_APP.

To perform a CPU1 secure firmware upgrade on an HS-KP or HS-SE device, the following events occur:

  1. BootROM in UART boot mode receives the UART flash kernel and boots the kernel.
  2. The kernel in CPU1 receives a command packet to receive the HSMRt image.
  3. The kernel prepares to receive an X.509 certificate as part of the combined image from the host.
  4. The kernel verifies that the incoming certificate is of the proper size and format and derives the size of the incoming image. For now, the certificate is stored in RAM.
  5. The kernel stores HSMRt image in shared LDAx RAM and requested HSM to authenticate.
  6. Upon successful authentication, the HSM begins executing the HSMRt in shared LDAx RAM.
  7. The kernel receives a command packet to receive CPU1 flash application image.
  8. Kernel receives the X.509 image certificate and shares the same with HSMRt.
  9. After successful authentication of the image, HSMRt responds with an acknowledgment, after which flash kernel starts importing the chunk of data via UART into the LDAx memory.
  10. After each 16KB (size of LDAx memory) of data received, the flash kernel sends an HSM requests to program the data for further processing.
  11. After all chunks are received and programmed, HSMRt is requested to verify the code programmed in HSM active and dormant banks. When the HSMRt firmware authenticates the programmed image against the certificate, the certificate is further programmed to make sure of a successful boot in the subsequent power cycles.
  12. Upon successful authentication, the HSM programs the firmware to CPU1 flash.
    1. If the device is previously in HS-KP, then the device is transitioned to HS-SE.

Refer to Section 5.6 on steps to perform on the host application.

CAUTION:

For HS-KP or HS-SE devices, the DPL interrupt LINK and STACK pointer needs to be set to LINK2 and STACK2, respectively. To adjust the setting, open the syscfg file in CCS, select Clock under TI Driver Porting Layer (DPL) section.

The Keywriter binary image described in Section 2.1 needs to be used as the HSMRt.