SPRADN0 December   2024 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Programming Fundamentals
  5. 2Introduction
    1. 2.1 Hardware Security Module
    2. 2.2 ROM Bootloader
    3. 2.3 Combined Image with X.509 Certificate
  6. 3Flash Kernel Implementation
    1. 3.1 CPU1 Firmware Upgrade (HS-FS)
    2. 3.2 Key Provision (HS-FS to HS-KP)
    3. 3.3 CPU1 Secure Firmware Upgrade (HS-KP/SE to HS-SE)
    4. 3.4 HSM Firmware Upgrade (HS-KP/SE to HS-SE)
    5. 3.5 SECCFG Code Provisioning (HS-KP/SE to HS-SE)
  7. 4Host Application: UART Flash Programmer
    1. 4.1 Overview
    2. 4.2 Build UART Flash Programmer with Visual Studio
    3. 4.3 Build UART Flash Programmer with CMake
    4. 4.4 Packet Format
    5. 4.5 Kernel Commands
  8. 5Example Usage
    1. 5.1 Loading the Flash Kernel onto the Device
      1. 5.1.1 Hardware Setup
      2. 5.1.2 Running the UART Flash Programmer
    2. 5.2 CPU1 Device Firmware Upgrade (HS-FS only)
    3. 5.3 Convert HS-FS to HS-SE
    4. 5.4 Loading a RAM-based HSMRt Image
    5. 5.5 Key Provision (HS-FS to HS-KP)
    6. 5.6 Code Provision (HS-KP/SE to HS-SE)
  9. 6Troubleshooting
    1. 6.1 General
    2. 6.2 UART Boot
    3. 6.3 Application Load
  10. 7Summary
  11. 8References

5.6 Code Provision (HS-KP/SE to HS-SE)

After Key Provision converts the device into HS-KP, Code Provision can be conducted to either flash CPU1/HSM application or SEC CFG section into the corresponding flash banks.

The process on the Flash Programmer is as follows:

  • Start the flash programmer, wait for flash kernel to be downloaded onto the device and prompts the user with options listed in Figure 6-1.
  • Select Load HSMRt Image (option 2), wait until completion.
  • Select either one of the three options and wait until completion.
    • Program Sec Cfg (option 4)
    • Load HSM Image (option 5)
    • Load C29 CPU1 Image (option 6)
  • Continue to perform the other two Code Provision options if needed.

Note that all image (flash kernel, HSMRt, application/sec cfg) requires the user key certificate as part of the binary image. Refer to Section 2.3 on instructions to generate key certificate with custom key.

The necessary parameters are -d (--device), -p (--port), -k (--kernel), and either -t (--cpappcpu1), -g (--cpapphsm), -s (--cpseccfg) depending on the Code Provision options.

For instance:

uart_flash_programmer.exe -d f29h85x -p COM41 --kernel ex3_uart_flash_kernel.bin --hsmrt HSM_runtimeImage.bin --cpseccfg sec_cfg_cert.bin --cpappcpu1 c29_cpu1_application.bin --cpapphsm hsm_application.bin

For procedures and important notes on building the flash kernel for Code Provisioning, refer to Section 3.3.