Secondary bootloader runs on both encrypted and un-encypted images
ID: LPCBARESDK-919
Status: Open
First reported: 6.0.16.1144
Fixed in: TBD
Description
the secondary bootloader supports a dual image booting scheme and it is used in Software Update Over the Air (SUOTA) applications for updating the product firmware with a new image. The current secondary bootloader 6.0.16.1144\utilities\secondary_bootloader
works on both with encrypted and un-encrypted images means that with SUOTA we can still update the device with encrypted and un-encrypted alike.
Users who would like to update their software through SUOTA with only encrypted image could implement the current workaround on the secondary bootloader project.
Workaround
diff --git a/utilities/secondary_bootloader/src/bootloader.c b/utilities/secondary_bootloader/src/bootloader.c
index cf11ea4..db2d112 100644
--- a/utilities/secondary_bootloader/src/bootloader.c
+++ b/utilities/secondary_bootloader/src/bootloader.c
@@ -13,6 +13,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <stdint.h>
#include "user_periph_setup.h"
#include "uart_booter.h"
@@ -53,6 +54,30 @@ static const i2c_eeprom_cfg_t i2c_eeprom_cfg = {
};
#endif
+static int8_t HandleEncryptImage(uint32_t encrypt_image_header_addr)
+{
+ s_imageHeader *pImageHeader;
+ uint32_t offset;
+ uint32_t actual_size;
+ int8_t ret;
+
+ // Calculate the starting sector offset
+ offset = (encrypt_image_header_addr / SPI_FLASH_SECTOR_SIZE) * SPI_FLASH_SECTOR_SIZE;
+ // Blocking Erase of a Flash sector
+ ret = spi_flash_block_erase(offset, SPI_FLASH_OP_SE);
+ if (ret != SPI_FLASH_ERR_OK){
+ return ret;
+ }
+
+ memset(pImageHeader, 0, sizeof(s_imageHeader) );
+
+ spi_flash_write_data((uint8_t *)pImageHeader, encrypt_image_header_addr, sizeof(s_imageHeader), &actual_size);
+
+ return ret;
+
+}
+
+
#if !defined(SUPPORT_AN_B_001) && (defined(SPI_FLASH_SUPPORTED ) || defined(I2C_EEPROM_SUPPORTED))
/**
@@ -209,10 +234,16 @@ static int loadActiveImage(void)
{
Decrypt_Image(codesize1);
}
+ else{
+ HandleEncryptImage(imageposition1);
+ return -1;
+ }
+
#endif
if ((image1_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
(crc_image1 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize1)))
{
+ HandleEncryptImage(imageposition1);
if (images_status == 3)
{
FlashRead(SYSRAM_BASE_ADDRESS,
@@ -223,6 +254,10 @@ static int loadActiveImage(void)
{
Decrypt_Image(codesize2);
}
+ else
+ {
+ return -1;
+ }
#endif
if ((image2_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
crc_image2 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize2))
@@ -242,10 +277,18 @@ static int loadActiveImage(void)
{
Decrypt_Image(codesize2);
}
+
+ else
+ {
+ HandleEncryptImage(imageposition2);
+ return -1;
+ }
+
#endif
if ((image2_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
crc_image2 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize2))
{
+ HandleEncryptImage(imageposition2);
if (images_status == 3)
{
FlashRead(SYSRAM_BASE_ADDRESS,
@@ -256,6 +299,10 @@ static int loadActiveImage(void)
{
Decrypt_Image(codesize1);
}
+ else
+ {
+ return -1;
+ }
#endif
if ((image1_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
crc_image1 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize1))
diff --git a/utilities/secondary_bootloader/src/main.c b/utilities/secondary_bootloader/src/main.c
index f024467..0d88ec8 100644
--- a/utilities/secondary_bootloader/src/main.c
+++ b/utilities/secondary_bootloader/src/main.c
@@ -389,9 +389,8 @@ int main(void)
ret = spi_loadActiveImage();
if (!ret)
{
- SetWord16(WATCHDOG_REG, 0xC8); // 200 * 10.24ms active time for initialization!
- SetWord16(RESET_FREEZE_REG, FRZ_WDOG); // Start WDOG
-
+ SetBits(WATCHDOG_CTRL_REG, NMI_RST, 0); // Switch the watchdog in NMI interrupt in order to be able to freeze it
+ SetWord16(SET_FREEZE_REG, FRZ_WDOG); // Freeze the watchdog
spi_release();
// Reset SPI pins but keep the CS high
@@ -450,9 +449,3 @@ int main(void)
} // while (1)
}