Versions Compared

Old Version 26

changes.mady.by.user Larry Li

Saved on

compared with

New Version 27

changes.mady.by.user Larry Li

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Describe not only how the repository is laid out, but also what the customer distribution package would look like.>


2.3 Roles

One SDK envisions three different roles with successively greater privileges: users, OEM and factory.  Factory role is held solely by Renesas; OEM is usually the role of Renesas customers or ODM who purchase the devices containing the firmware; user role is assigned to consumers using the device containing firmware created using One SDK.

2.4 Privilege states

One SDK supports MCU with Trust Zone support or without.  For MCU with TZ, three privilege states are supported: 

  • Factory  Intended for Renesas only.  After reset, MCU will always run the factory bootloader in secure (S) mode.  The factory bootloader first checks S mode NV memory for the wake state set by previous wake--if the wake state is set to STATE_FACTORY, execution will enter the factory bootloader command loop; else the factory bootloader will set the state to Sealed and call the NS mode entry point.  
  • Sealed Intended for user.  Sealed state is where the NS application device runs normally after resetPOR.  In this state, only a basic set of commands required for the intended application are available.  Users may enter the Unsealed state (STATE_UNSEALED) by issuing the CMD_UNSEAL command along with the correct customer password.  
  • Unsealed Intended for OEMUnsealed state (STATE_UNSEALED) is only entered from Sealed state.  Like Sealed state, Unsealed state also runs in NS mode, but it supports additional commandsallows OEM to add more commands that are accessible by OEM only.  One of the command is CMD_FACTORY, which when issued with the correct Renesas password, will setup set the next wake state to STATE_FACTORY , such that upon subsequent wake from reset the execution path will enter the factory bootloader command loop.

Privilege states of MCU with TZ support

Figure 2.  Privilege states of MCU with TZ support.


The main benefit of having a TZ Trust Zone is to enable OEM/ODM to customize the device with Renesas "secret sauce" pre-programmed into the device.  For MCU without TZ support, such as CM0+ and RL78, there will be no Factory state, and therefore the Factory State will be bypassed resulting in the below state transition diagram:

...