Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

PSoC™ 6 Boot Options (Table of Contents 2)

PSoC™ 6 Boot Options (Table of Contents 2)

MarkH_61
Employee
Employee
25 likes received 50 replies posted 25 replies posted

PSoC 6 Boot Options (Table of Contents 2)

This article describes a structure called Table of Contents 2 (TOC2) that is used to tell the boot system where specific data is located in memory and sets some boot flags that allow the user to affect the boot process.  This structure is stored in SFlash and must be stored prior to advancing to the Secure lifecycle stage.  It may also be used in the Normal lifecycle stage but that is optional.  Below is the actual structure defined which fills one complete Flash row of 512 bytes.  There is also a copy of this structure called RTOC2.  If the boot system finds an error in TOC2, it will check to see if RTOC2 is correct.  If RTOC2 is valid, the boot system will ignore TOC2 and use RTOC2 instead.  The designer should always make these two structures identical.

 

/* Table of Content2 structure */

typedef struct{

    volatile uint32_t objSize;     /* Object size (Bytes) */

    volatile uint32_t magicNum;    /* TOC ID (magic number = 0x01211220 ) */

    volatile uint32_t userKeyAddr; /* Secure key address in user Flash (optional) */

    volatile uint32_t smifCfgAddr; /* SMIF configuration structure (optional) */

    volatile uint32_t appAddr1;    /* First user application object address */

    volatile uint32_t appFormat1;  /* First user application format */

    volatile uint32_t appAddr2;    /* Second user application object address (optional) */

    volatile uint32_t appFormat2;  /* Second user application format (optional) */

    volatile uint32_t shashObj; /* Number of additional objects to be verified(Secure-HASH) */

    volatile uint32_t sigKeyAddr;  /* Signature verification key address */

    volatile uint32_t addObj[116]; /* Additional objects to include in Secure-HASH */

    volatile uint32_t tocFlags;    /* Flags in TOC to control Flash boot options */

    volatile uint32_t crc;         /* CRC16-CCITT */

}cy_stc_ps_toc_t;

 

This table defines each of the elements in the structure.

  • TOC2 parameter definitions

Parameter

Size

Description

objSize

32-bit number

This is the flash row size (512 bytes) minus the size of the crc (4 bytes), which is 508.

magicNum

32-bit value

This is a magic number to help to verify the structure quickly.  A valid TOC2 will always have the value 0x0121_1220 stored at this location.

userKeyAddr (optional)

32-bit value

This is a pointer to an optional area of additional key storage. This is optional and may be zero. If used to store keys that should not be changed, it should be added to the blocks that are hashed.

smifCfgAddr

32-bit Address

Null terminated table of pointers representing the SMIF (external flash memory) configuration structure.

appAddr1

32-bit Address

This is a pointer to the first user application.  Often this will point to the users bootloader project.  If TOC2 is invalid (Normal lifecycle stage), Flashboot assumes the starting code is at 0x1000_0000.

appFormat1

32-bit value

This is the format of the header for the project pointed to with “appAddr1”.  Use only CYPRESS™ application format, all other formats have been deprecated.

appAddr2 (optional)

32-bit Address

This points to an optional application address that Flashboot does not use.  The user could have the bootloader refer to this address as where the actual application starts.  For most cases, this value is null.

appFormat2 (optional)

32-bit value

This defines the appFormat for the application pointed to by appAddr2. 

shashObj

32-bit number

The number of objects in addition to the objects included in the FACTORY_HASH, starting with “sigKeyAddr” that are listed in “addObj” that will be included in the SECURE_HASH.  In the SECURE LCS all these items will be validated at boot time by default.  The maximum number of items is 15.  If no additional objects are hashed, this value should be “1” for the RSA public Key.

sigKeyAddr

32-bit Address

This is a pointer to the RSA public key that is used to validate the first project pointed to by “appAddr1”.

addObj

[116] 32-bit Addresses

This is an array of pointers to objects, terminated by a null value, that will be added to the SECURE_HASH.  This array may be up to 15 words long and the remaining values should be null.

tocFlags

32-bit value

Flashboot parameters, see table below for description.

crc

32-bit value

This value should be left blank.  The build system will automatically calculate and populate it, if it sees the TOC2 and RTOC2 defined.

Note:  The “SECURE_HASH” is a cryptographic hash of boot items that will not change once the device is moved to the Secure lifecycle stage.  This hash is stored in eFuse and cannon be changed once stored.

tocFlags

This is a set of flags that the user can set to adjust some of the boot parameters.  If TOC2 is not stored or invalid, it will use default values.  There are some minor differences in the definition of these flags for 1st and 2nd generation parts.  See end of this article for a table that defines what parts are 1st and 2nd generation.

  • Flashboot options (tocFlags) for 1st generation parts

Parameter

Bits

Settings

Notes

IMO/FLL clock frequency

[1:0]

0 = 25 MHz (FLL) [Default]

1 = 8 MHz (IMO)

2 = 50 MHz (FFL)

3 = Reserved

CM0+ clock during boot. This clock will remain at this setting after flash boot execution and until the OEM firmware changes it.

Wait window time

[4:2]

0 = 20 ms

1 = 10 ms

2 = 1 ms

3 = 0 ms (No wait window)

4 = 100 ms

5-7 = Reserved

Determines the wait window to allow sufficient time to acquire the debug port.  If the debug ports are closed for production devices, you can set the wait window to 0, to speed up the boot time.

Reserved

[30:5]

 

Not used

VALIDATE_APP_NORMAL

[31]

0 = No authentication

1  = Authentication

 

Setting this bit to 1 enables the authentication of the user code.  The TOC2 must be complete and the public key must be written in to Sflash.  This should always be set for the Secure lifecycle and is optional for devices in Normal lifecycle.

  • Flashboot options (tocFlags) for second generation parts

Parameter

Bits

Settings

Notes

IMO/FLL clock frequency

[1:0]

0 = 8 MHz, IMO, no FLL

1 = 25 MHz IMO + FLL

2 = 50 MHz IMO + FLL

3 = Use ROM boot clocks configuration (100 MHz)

CM0+ clock during boot. This clock will remain at this setting after flash boot execution until the OEM firmware changes it.

Wait window time

[4:0]

0 = 20 ms

1 = 10 ms

2 = 1 ms

3 = 0 ms (No wait window)

4 = 100 ms

5-7 = Reserved

Determines the wait window to allow sufficient time to acquire the debug port.  If the debug ports are closed for production devices, you can set the wait window to 0, to speed up the boot time.

SWJ (debug) pin state

[6:5]

0 = Do not enable SWJ pins

1 = Do not enable SWJ pins

2 = Enable SWJ pins

3 = Do not enable SWJ pins

Determines whether SWJ pins are configured in SWJ mode by flashboot in SECURE LCS.

Note: SWJ pins may be enabled later in the user code.

 

App authenticate disable

[8:7]

0 = Authentication is enabled

1 = Authentication is disabled

2 = Authentication is enabled

3 = Authentication is enabled

Determines whether the application image digital signature verification (authentication) is performed.

 

The TOC2 must be complete and the public key must be written in to Sflash.  This should always be set for the Secure lifecycle and is optional for devices in Normal lifecycle.

 

 

Table 1 PSoC 6 device generations

1st Generation PSoC 6 devices

CY8C61x6, CY8C62x6, CY8C63x6 

CY8C61x7, CY8C62x7, CY8C63x7 

2nd Generation PSoC 6 devices

CY8C61x4, CY8C62x4 

CY8C61x5, CY8C62x5 

CY8C61x8, CY8C62x8 

CY8C61xA, CY8C62xA 

 

Examples of programming and using the TOC2 structure can be found in the code example CE234992 “PSoC6™ MCU: Security Application Template”

 

0 Likes
275 Views
Authors