PSoC6 Secure Boot Example

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
DeanG
Level 3
Level 3
10 replies posted First like given 5 questions asked

I’m trying to prototype secure boot using the CY8CPROTO-06204343W PSoC6 dev kit and getting stuck on how the flash boot code knows the length of the app to verify.  In the TOC2, the TOC2_FIRST_USER_APP_ADDRESS which points to the beginning of the app, OK understand that part.   But how does the flash boot code know the length of the image to verify?  The TOC2_FIRST_USER_APP_FORMAT defines several format which may contains a header with the image length.  Is this correct?  Does anyone know how these formats (Basic App Format, Cypress Secure format, Simplified Secure Format) are defined?

Is there a PSoC6 secure boot example somewhere?  The DFU sample code here:  https://github.com/Infineon/dfu  doesn't contain any info about how to setup the TOC2 or how the image length is set. The sample uses defined linker variables such as __cy_app0_verify_start, __cy_app_verify_length, etc..  But how does the flash boot code  know the length of the image?  It doesn't look like __cy_app0_verify_start, __cy_app_verify_length are linked into the flash boot code.

 

Thanks

Dean

0 Likes
1 Solution
DeanG
Level 3
Level 3
10 replies posted First like given 5 questions asked

I found a very good sample code showing how to implement secure boot.  It's included in the PDL library for the Creator IDE.   You can find the sample code here:  C:\Program Files (x86)\Cypress\PDL\3.1.5\security.   There's also good post on how to setup and test secure boot here:  https://community.element14.com/products/roadtest/rv/roadtest_reviews/413/psoc_6_wifi-bt_pione

NOTE: There's a bug with the linker script here:  source/linker/psoc6_si_cm0plus.ld

    /* Supervisory Flash: Table of Content #2 */
    .cy_toc_part2 :
    {
        KEEP(*(.cy_toc_part_2)) <-- Should be .cy_toc_part2
    } > sflash_toc2


    /* Supervisory Flash: Redundant Table of Content #2 */
    .cy_rtoc_part2 :
    {
        KEEP(*(.cy_rtoc_part_2)) <-- Should be .cy_rtoc_part2
    } > sflash_rtoc2

   

 

View solution in original post

0 Likes
6 Replies
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

Hello @DeanG ,

The image size to verify is supplied by the app header in the Cypress Secure format. Here's a reference implementation that you can use:

#define CY_PS_VERSION_MAJOR             1UL /**< Major version */
#define CY_PS_VERSION_MINOR             20UL /**< Minor version */
#define CY_PS_APP_VERSION               ((CY_PS_VERSION_MAJOR << 24u) | (CY_PS_VERSION_MINOR << 16u)) /**< App Version */

/** Secure image application header in Cypress format */
typedef struct{
    volatile uint32_t objSize;       /**< Object size (Bytes) */
    volatile uint32_t appId;         /**< Application ID/version */
    volatile uint32_t appAttributes; /**< Attributes (reserved for future use) */
    volatile uint32_t numCores;      /**< Number of cores */
    volatile uint32_t core0Vt;       /**< (CM0+)VT offset - offset to the vector table from that entry */
    volatile uint32_t core0Id;       /**< CM0+ core ID */
}cy_stc_ps_appheader_t;

/***************************************
 *   Application header and signature
 ***************************************/
#define CY_PS_VT_OFFSET     ((uint32_t)(&__Vectors[0]) - CY_START_OF_FLASH \
		- offsetof(cy_stc_ps_appheader_t, core0Vt)) /* CM0+ VT Offset */
#define CY_PS_CPUID         (0xC6000000UL)          /* CM0+ ARM CPUID[15:4] Reg shifted to [31:20] */
#define CY_PS_CORE_IDX      (0UL)                   /* Index ID of the CM0+ core */

/** Secure Application header */
CY_SECTION(".cy_app_header") __USED
		static const cy_stc_ps_appheader_t cy_ps_appHeader = {
				.objSize        = <YOUR_IMAGE_SIZE> - <APP_SIGNATURE_SIZE>,
				.appId          = (CY_PS_APP_VERSION | CY_PS_APP_ID_SECUREIMG),
				.appAttributes  = 0UL,                          /* Reserved */
				.numCores       = 1UL,                          /* Only CM0+ */
				.core0Vt        = CY_PS_VT_OFFSET,              /* CM0+ VT offset */
				.core0Id        = CY_PS_CPUID | CY_PS_CORE_IDX, /* CM0+ core ID */
};

 

Additionally, you need to add this section in the linker script before the application image in this fashion:

SECTIONS
{
    .cy_app_header :
    {
        KEEP(*(.cy_app_header))
    } > flash

    /* Cortex-M0+ application flash area */
    .text :
    {
        . = ALIGN(4);
        __Vectors = . ;
        KEEP(*(.vectors))
        ....
        ....
        ....


I don't think we have any documentation on Basic and Simplified Secure formats, so I would recommend just using the Cypress Secure format. 

Hope this helps! 🙂

Regards,
Dheeraj

 

0 Likes

Thanks Dheeraj.  I appreciate the information.  I'll give this a try.

Dean

DeanG
Level 3
Level 3
10 replies posted First like given 5 questions asked

Hi Dheeraj,

Follow up question on secure boot.   I’ve got the TOC2 setup and can use the SROM API GenerateHash (opcode 0x1E) to generate a hash of the TOC2 and what it points to.  The TOC2 points to my RSA pub key, I’ve verified the sflash address, no problems.  However, I notice when I change the RSA key itself, the hash doesn’t change as I would expect it.  Shouldn’t the secure hash also include the RSA pub key the TOC2 is pointing to?

Ultimately, I’m trying to generate the correct secure hash to blow into the eFuses.  Digging around I noticed a previous posting you commented on (see: https://community.infineon.com/t5/PSoC-6/Secure-blink/m-p/74824) stating the SECURE_HASH is calculated for you when transitioning to Secure Lifecyle.  However other documents state I need to set the secure hash into the eFuses before transitioning to secure lifecycle.

Clarification would be helpful.

Also how do you set the Lifecycle bit?  I should be able to simply set the bit in the .efuse section of my app.  Is this correct?

Thanks,

Dean

0 Likes
DeanG
Level 3
Level 3
10 replies posted First like given 5 questions asked

@DheerajK_81    Please refer to previous post.

Dean

0 Likes
DeanG
Level 3
Level 3
10 replies posted First like given 5 questions asked

I found a very good sample code showing how to implement secure boot.  It's included in the PDL library for the Creator IDE.   You can find the sample code here:  C:\Program Files (x86)\Cypress\PDL\3.1.5\security.   There's also good post on how to setup and test secure boot here:  https://community.element14.com/products/roadtest/rv/roadtest_reviews/413/psoc_6_wifi-bt_pione

NOTE: There's a bug with the linker script here:  source/linker/psoc6_si_cm0plus.ld

    /* Supervisory Flash: Table of Content #2 */
    .cy_toc_part2 :
    {
        KEEP(*(.cy_toc_part_2)) <-- Should be .cy_toc_part2
    } > sflash_toc2


    /* Supervisory Flash: Redundant Table of Content #2 */
    .cy_rtoc_part2 :
    {
        KEEP(*(.cy_rtoc_part_2)) <-- Should be .cy_rtoc_part2
    } > sflash_rtoc2

   

 

0 Likes
AlenAn14
Moderator
Moderator
Moderator
500 replies posted 100 solutions authored 250 replies posted

Hi @DeanG ,

Thank you for sharing your solution with the community!
Glad your query is solved as well,.

Please feel free to post any queries or issues you may have on Infineon products in the community and we will be happy to help.

 

Warm Regards
Alen

0 Likes