Versions Compared

Old Version 9

changes.mady.by.user Larry Li

Saved on

compared with

New Version 10

changes.mady.by.user Larry Li

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Closely following e2studio/FSP
  • Project/make files
  • S project
    • src
    • include
    • test
  • NS project
    • src
    • include
    • test
  • Scripts
  • Tools
  • Docs

3.4 Factory Bootloader

...

One SDK bootloading follows a three-state model: 

  • Factory state (STATE_FACTORY) – most priviledged mode; MCU runs in S mode; secure code/data accessible.
  • Unsealed state (STATE_UNSEALED) – user-controlled previledged mode, MCU runs in NS mode; secure code/data inaccessible.
  • Sealed state (STATE_SEALED) – user-controlled non-previledged mode.  

3.4.1 Top-level pseudo code

Factory bootloader is the first firmware element that runs after MCU reset, and it runs in Trust Zone secure mode.  The code block below shows the bootloader pseudo code.  The code logic enforces the following behaviors:

  • If the device is in factory state, processing of factory command set is enabled and runs in secure mode.  
  • If the device is in factory state, any reset of POR event will cause the device to revert back to seal state or unsealed state depending on how the user code
  • If the device is in unsealed state or sealed state, command processing is passed onto the NS application by calling NS_entry().
  • If the device

the bootloader.  After power-on-reset (POR), the MCU startup code shall call bootloader_start().  If the device is sealed, it will immediately call the NS_entry() function and start executingis immediately called.  Note that g_dev_state is a SRAM variable.  If the device is unsealed prior to POR (e.g., gf_dev_state == STATE_UNSEALED) then bootloader will fall into a communication loop until it receives the CMD_RESET command which will cause the MCU to reset and restart the bootloader, except this time it will immediately call the NS_entry() function.  

...

Code Block
void bootloader_start()
{
   uint8_t cmd;
   uint8_t param[MAX_PARAM_SZ] = {0};

   gs_dev_state = gsf_dev_state;

   if  if (gs_dev_state == STATE_UNSEALEDFACTORY)
     {
      bool done = false;flash_write(&gfs_dev_state, STATE_SEALED); 
        while (!donetrue)
      {
         bool rc = read_cmd(&cmd, param);
         if (rc == OK)
         { 
            if (cmd == CMD_RESET)
            {
               flash_write(&gsf_dev_state, STATE_SEALED);
               sys_reset();
            }
            else if ((cmd == CMD_FACTORY_AUTH) && (strcmp(param, gsf_passphrase))
            {
               gs_dev_staterc = STATE_FACTORY;
            }
            else
            {
               processprocess_factory_cmd(cmd, param);
            }
         }
         print_error(rc, cmd, param); 
      }
   }

   NS_entry();
}

...