| Table of Contents |
|---|
I. Upgrade the SE Firmware version on the target MCU
Verify access to device and check current SE firmware version.
...
Run Auto Program by pressing AUTO PROG. (F8) button in main window. This will load SE firmware to device flash, reset device and run the firmware. Firmware will by updated automatically after a few seconds.
Verify Access to device to check if SE firmware was successfully updated. Check SE FW ver. text output shown below to verify.
...
II. Flash Bootloader Firmware and Application Firmware
This step will require setup using Simplicity Studio, described below:
Generate bootloader image and application image using Simplicity Studio
Create and build bootloader project (ex. Bluetooth Apploader OTA DFU).
Create application project.
Add to application project Bootloader Application Interface (to include app_properties.c with ApplicationProperties_t struct).
...
Build application project.
Generate keys using FlashPro/GangPro-ARM software
Command key and Sign key - ECDSA-P256-SHA256 key pairs.
...
New keys will be generated and saved in Security Store folder.
After keys generation disable key loading (uncheck Enable Load) and press OK.
Sign bootloader and application images with private sign key using Simplicity Commander
Generate GBL key in text file.
...
| Code Block | ||
|---|---|---|
| ||
commander convert bootloader-apploader_BG24B220MG21B010.hex --aeskey gbl_key.txt --outfile bootloader-apploader_BG24B220_aes.hex |
...
| Code Block | ||
|---|---|---|
| ||
commander convert bootloader-apploader_BG24B220MG21B010_aes.hex --secureboot --keyfile sign_key.pem --verify sign_pubkey.pem --outfile bootloader-apploader_BG24B220MG21B010_signed.hex commander convert bt_soc_blinky_BG24B220MG21B010.hex --secureboot --keyfile sign_key.pem --verify sign_pubkey.pem --outfile bt_soc_blinky_BG24B220MG21B010_signed.hex |
Check images.
Simplicity Commander:
| Code Block | ||
|---|---|---|
| ||
commander util appinfo bootloader-apploader_BG24B220MG21B010_signed.hex commander util appinfo bt_soc_blinky_BG24B220MG21B010_signed.hex |
Load images to device using FlashPro/GangPro-ARM software
Before loading images to device clear device memory. Select form menu Setup → Memory Options.
In Memory Erase section select All Memory and click OK.
...
Open code file with signed bootloader image (bootloader-apploader_BG24B220MG21B010_signed.hex).
...
Next append code file with signed application image (bt_soc_blinky_BG24B220MG21B010_signed.hex). Leave Memory protection unchecked and perform Auto program.
...
Bootloader and application image are loaded to flash.
...
III. Provision Key, Enable Secure Boot and Enable Debug Lock using FlashPro/GangPro-ARM
Select menu Setup → Secure Engine (SE).
In the bottom left corner click Read from device to check security state. The figure below presents the state of a new device (not previously provisioned).
...
Device status is also displayed in main window.
...
...
| Code Block |
|---|
=====================================
SE Read serial number OK
SN=0000000000000000BC026EFFFE90EA5A
SE Get chalenge OK
challenge=42E019ED32348E7DF04801BFEB5D6CC6
SE Read status OK
Status:
Debug Lock : Disabled
Sec. Debug Lock : Disabled
Device Erase : Enabled
Secure Boot : Disabled
Boot status : 00000020
Tamper status : 00000001
SE FW ver. : 00010210
Host FW ver. : 02030002
SE Read lock status OK
TrustZone Debug Options:
DBGLOCK : Disabled
NIDLOCK : Disabled
SPIDLOCK : Disabled
SPNIDLOCK : Disabled
SE Reading Command Key... No response.
SE Reading Sign Key... No response.
SE Reading OTP configuration... No response.
-------- D O N E --- ( run time = 0.5 sec.) |
To load keys to device check corresponding “Enable Load“ check-boxes and select the key files.
...
Open configuration file (*.json) from Security Store and set suitable values. In the following file Secure boot is enabled - only signed firmware will be executed.
...
At this stage leave debug port open and device erase enable in case of any errors (eqeg. firmware boot error)
...
Click OK to save configuration
Secure Engine configuration will be applied after checking “Enable” in Memory Protection section of main window and clicking “Lock Device”. This will program OTP (load keys and boot & tamper configuration).
...
Note: this options are one time programmable - once programmed can not be changed!
...
Check device status after configuration. Secure boot should be enabled and boot status should have the value 0x00000020 (OK )
...
Extended device status is added to the report in main window.
...
| Code Block |
|---|
=====================================
SE Read serial number OK
SN=0000000000000000BC026EFFFE90EA5A
SE Get chalenge OK
challenge=6BD5C66824A7646F6C90FE2163F62EA3
SE Read status OK
Status:
Debug Lock : Disabled
Sec. Debug Lock : Disabled
Device Erase : Enabled
Secure Boot : Enabled
Boot status : 00000020
Tamper status : 00000001
SE FW ver. : 00010210
Host FW ver. : 02030002
SE Read lock status OK
TrustZone Debug Options:
DBGLOCK : Disabled
NIDLOCK : Disabled
SPIDLOCK : Disabled
SPNIDLOCK : Disabled
SE Reading Command Key OK
X=B1BC6F6FA56640ED522B2EE0F5B3CF7E
5D48F60BE8148F0DC08440F0A4E1DCA4
Y=7C04119ED6A1BE31B7707E5F9D001A65
9A051003E95E1B936F05C37EA793AD63
SE Reading Sign Key OK
X=C4AF4AC69AAB9512DB50F7A26AE5B480
1183D85417E729A56DA974F4E08A562C
Y=DE6019DEA9411332DC1A743372D170B4
36238A34597C410EA177024DE20FC819
SE Reading OTP configuration OK
MCU Flags
Secure boot anti rollback : 1
Secure boot enable : 1
Secure boot page lock full : 1
Secure boot page lock narr. : 0
Secure boot verify certificate : 0
Tamper Filter
Filter period : 0
Filter threshold : 0
Reset threshold : 0
Tamper Flags
DGLITCH always on : 0
Tamper Levels
DCI_AUTH : 0
DECOUPLE_BOD : 4
DGLITCH : 0
FILTER_COUNTER : 0
MAILBOX_AUTH : 0
OTP_READ : 4
PRS0 : 0
PRS1 : 0
PRS2 : 0
PRS3 : 0
PRS4 : 0
PRS5 : 0
PRS6 : 0
PRS7 : 0
SECURE_LOCK : 4
SELF_TEST : 4
SE_CODE_AUTH : 4
SE_DEBUG : 0
SE_HARDFAULT : 4
SE_ICACHE : 4
SE_RAM_CRC : 4
SOFTWARE_ASSERTION : 4
TEMP_SENSOR : 0
TRNG_MONITOR : 0
USER_CODE_AUTH : 0
VGLITCH_FALLING : 0
VGLITCH_RISING : 0
WATCHDOG : 4
-------- D O N E --- ( run time = 0.7 sec.) |
At the end of programming cycle device can be locked. Go to Secure Engine (SE) dialog, disable Device Erase and lock debug port (Debug Lock and Secure Debug Lock enable). Specify also Debug Restrictions for a TrustZone aware application. This configuration is irreversible and allows debug port to be unlocked with Debug unlock token only.
...
Loading debug unlock tokens and token generation can be enabled in “Debug unlock token“ section.
...
After locking the debug port, this port can be unlocked by checking Unlock device by token in Secure Debug unlock section. In this section debug unlock token and access certificate generation parameters can also be specified.
...
As OTP was already programmed, disable keys and OTP configuration loading and click OK to save configuration.
...
In main window clicking Lock Device to load configuration to device and generate Debug Unlock Token.
...
This step ends production programming.
Note
If Unlock device by token loading is enabled, the application will try to unlock debug port using Debug Unlock Token after an unsuccessful attempt to connect to the device. The token should be located in the following path: SecurityStore\device_(SerialNumber)\challenge_(challenge)\ .
Providing private keys and enabling “Generate missing Tokens” Token form private keys” will automatically generate token when connecting to the device and use this token to unlock debug port.
...
...
If both private keys (command and sign) are not available, token can be generated from access certificate by checking Generate Token form Access certificate. The access certificate should be located in the following path: SecurityStore\device_(SerialNumber)\
Useful links
Elprotronic ST Microelectronics programmer’s page
...