Close
PSoC 6 Boot Options (Table of Contents 2)
This article describes a structure called Table of Contents 2 (TOC2) that is used to tell the boot system where specific data is located in memory and sets some boot flags that allow the user to affect the boot process. This structure is stored in SFlash and must be stored prior to advancing to the Secure lifecycle stage. It may also be used in the Normal lifecycle stage but that is optional. Below is the actual structure defined which fills one complete Flash row of 512 bytes. There is also a copy of this structure called RTOC2. If the boot system finds an error in TOC2, it will check to see if RTOC2 is correct. If RTOC2 is valid, the boot system will ignore TOC2 and use RTOC2 instead. The designer should always make these two structures identical.
/* Table of Content2 structure */
typedef struct{
volatile uint32_t objSize; /* Object size (Bytes) */
volatile uint32_t magicNum; /* TOC ID (magic number = 0x01211220 ) */
volatile uint32_t userKeyAddr; /* Secure key address in user Flash (optional) */
volatile uint32_t smifCfgAddr; /* SMIF configuration structure (optional) */
volatile uint32_t appAddr1; /* First user application object address */
volatile uint32_t appFormat1; /* First user application format */
volatile uint32_t appAddr2; /* Second user application object address (optional) */
volatile uint32_t appFormat2; /* Second user application format (optional) */
volatile uint32_t shashObj; /* Number of additional objects to be verified(Secure-HASH) */
volatile uint32_t sigKeyAddr; /* Signature verification key address */
volatile uint32_t addObj[116]; /* Additional objects to include in Secure-HASH */
volatile uint32_t tocFlags; /* Flags in TOC to control Flash boot options */
volatile uint32_t crc; /* CRC16-CCITT */
}cy_stc_ps_toc_t;
This table defines each of the elements in the structure.
Parameter |
Size |
Description |
objSize |
32-bit number |
This is the flash row size (512 bytes) minus the size of the crc (4 bytes), which is 508. |
magicNum |
32-bit value |
This is a magic number to help to verify the structure quickly. A valid TOC2 will always have the value 0x0121_1220 stored at this location. |
userKeyAddr (optional) |
32-bit value |
This is a pointer to an optional area of additional key storage. This is optional and may be zero. If used to store keys that should not be changed, it should be added to the blocks that are hashed. |
smifCfgAddr |
32-bit Address |
Null terminated table of pointers representing the SMIF (external flash memory) configuration structure. |
appAddr1 |
32-bit Address |
This is a pointer to the first user application. Often this will point to the users bootloader project. If TOC2 is invalid (Normal lifecycle stage), Flashboot assumes the starting code is at 0x1000_0000. |
appFormat1 |
32-bit value |
This is the format of the header for the project pointed to with “appAddr1”. Use only CYPRESS™ application format, all other formats have been deprecated. |
appAddr2 (optional) |
32-bit Address |
This points to an optional application address that Flashboot does not use. The user could have the bootloader refer to this address as where the actual application starts. For most cases, this value is null. |
appFormat2 (optional) |
32-bit value |
This defines the appFormat for the application pointed to by appAddr2. |
shashObj |
32-bit number |
The number of objects in addition to the objects included in the FACTORY_HASH, starting with “sigKeyAddr” that are listed in “addObj” that will be included in the SECURE_HASH. In the SECURE LCS all these items will be validated at boot time by default. The maximum number of items is 15. If no additional objects are hashed, this value should be “1” for the RSA public Key. |
sigKeyAddr |
32-bit Address |
This is a pointer to the RSA public key that is used to validate the first project pointed to by “appAddr1”. |
addObj |
[116] 32-bit Addresses |
This is an array of pointers to objects, terminated by a null value, that will be added to the SECURE_HASH. This array may be up to 15 words long and the remaining values should be null. |
tocFlags |
32-bit value |
Flashboot parameters, see table below for description. |
crc |
32-bit value |
This value should be left blank. The build system will automatically calculate and populate it, if it sees the TOC2 and RTOC2 defined. |
Note: The “SECURE_HASH” is a cryptographic hash of boot items that will not change once the device is moved to the Secure lifecycle stage. This hash is stored in eFuse and cannon be changed once stored.
tocFlags
This is a set of flags that the user can set to adjust some of the boot parameters. If TOC2 is not stored or invalid, it will use default values. There are some minor differences in the definition of these flags for 1st and 2nd generation parts. See end of this article for a table that defines what parts are 1st and 2nd generation.
Parameter |
Bits |
Settings |
Notes |
IMO/FLL clock frequency |
[1:0] |
0 = 25 MHz (FLL) [Default] 1 = 8 MHz (IMO) 2 = 50 MHz (FFL) 3 = Reserved |
CM0+ clock during boot. This clock will remain at this setting after flash boot execution and until the OEM firmware changes it. |
Wait window time |
[4:2] |
0 = 20 ms 1 = 10 ms 2 = 1 ms 3 = 0 ms (No wait window) 4 = 100 ms 5-7 = Reserved |
Determines the wait window to allow sufficient time to acquire the debug port. If the debug ports are closed for production devices, you can set the wait window to 0, to speed up the boot time. |
Reserved |
[30:5] |
|
Not used |
VALIDATE_APP_NORMAL |
[31] |
0 = No authentication 1 = Authentication
|
Setting this bit to 1 enables the authentication of the user code. The TOC2 must be complete and the public key must be written in to Sflash. This should always be set for the Secure lifecycle and is optional for devices in Normal lifecycle. |
Parameter |
Bits |
Settings |
Notes |
IMO/FLL clock frequency |
[1:0] |
0 = 8 MHz, IMO, no FLL 1 = 25 MHz IMO + FLL 2 = 50 MHz IMO + FLL 3 = Use ROM boot clocks configuration (100 MHz) |
CM0+ clock during boot. This clock will remain at this setting after flash boot execution until the OEM firmware changes it. |
Wait window time |
[4:0] |
0 = 20 ms 1 = 10 ms 2 = 1 ms 3 = 0 ms (No wait window) 4 = 100 ms 5-7 = Reserved |
Determines the wait window to allow sufficient time to acquire the debug port. If the debug ports are closed for production devices, you can set the wait window to 0, to speed up the boot time. |
SWJ (debug) pin state |
[6:5] |
0 = Do not enable SWJ pins 1 = Do not enable SWJ pins 2 = Enable SWJ pins 3 = Do not enable SWJ pins |
Determines whether SWJ pins are configured in SWJ mode by flashboot in SECURE LCS. Note: SWJ pins may be enabled later in the user code.
|
App authenticate disable |
[8:7] |
0 = Authentication is enabled 1 = Authentication is disabled 2 = Authentication is enabled 3 = Authentication is enabled |
Determines whether the application image digital signature verification (authentication) is performed.
The TOC2 must be complete and the public key must be written in to Sflash. This should always be set for the Secure lifecycle and is optional for devices in Normal lifecycle. |
Table 1 PSoC 6 device generations
1st Generation PSoC 6 devices |
CY8C61x6, CY8C62x6, CY8C63x6 CY8C61x7, CY8C62x7, CY8C63x7 |
2nd Generation PSoC 6 devices |
CY8C61x4, CY8C62x4 CY8C61x5, CY8C62x5 CY8C61x8, CY8C62x8 CY8C61xA, CY8C62xA |
Examples of programming and using the TOC2 structure can be found in the code example CE234992 “PSoC6™ MCU: Security Application Template”.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.